Help the world stop coronavirus! Stay home!

Prev Next

Java / Arrays

Why is it a good practice to store sensitive information like password, SSN into a character Array rather than String?

The String objects are immutable and are stored in String pool in memory until garbage collected. So Although a string object is processed and no longer required, for an indeterminate period of time the string object remains in the memory until garbage collected. Even this can not be controlled programmatically. By accessing the memory dump, the hackers could extract sensitive information from the string object hence String is insecure.

Character Array is a mutable object, and when it is no longer required, nullifying the reference guarantees that the object in memory cannot be accessed until garbage collected. Hence character array is prefered for storing sensitive information.

❤Cash Back At Stores you Love !!!❤

Earn your $10 reward when you make your first purchase through Ebates by signing up with clicking below button.

Ebates Coupons and Cash Back

More Related questions...

Show more question and Answers...

Strings

Comments & Discussions