This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
You can store the encrypted password in the heap, and have each function that needs the password to decrypt the password as a local variable on the stack. As stack memory is very temporary unlike heap memory, the clear-text password will only be visible for a limited amount of time.
Originally posted by Jim Frank: I have to get rid of a password in memory after decrypted and used. The password is encypt and decrypt with JCE. I was thinking such:
StringBuffer x = Pass.decrypt();
for(d=0; d<x.length();d++) x.setCharAt(d,'X');
I guess I have to do the same thing to the decrypted password in the decrypt() method.