Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

password in memory

 
Jim Frank
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:

StringBuffer x = Pass.decrypt();

//use it

for(d=0; d<x.length();d++)
x.setCharAt(d,'X');

x=null;

I guess I have to do the same thing to the decrypted password in the decrypt() method.

Any thoughts?
 
joseph edwards
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can store the encrypted password in the heap, and have each function that needs the password to decrypt the password as a local variable on the stack. As stack memory is very temporary unlike heap memory, the clear-text password will only be visible for a limited amount of time.

Originally posted by Jim Frank:
I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:

StringBuffer x = Pass.decrypt();

//use it

for(d=0; d<x.length();d++)
x.setCharAt(d,'X');

x=null;

I guess I have to do the same thing to the decrypted password in the decrypt() method.

Any thoughts?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic