Hi Navaneet,
The OWASP has a dedicated page related to storing password securily:
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet. Is it helpful?
Thank you.
Best Regards,
Andriy Redko
Tuesday, September 4, 2018, 10:47:56 AM, you wrote:
KN> We have a security requirement where we must not leave passwords and other
secrets in memory for long. We must
KN> “wipe-out” such secrets in memory as soon as we are done with using them.
KN> Passwords are currently modeled as an “xsd:string” in our system resulting
in a Java String class to manipulate them.
KN> Java String is immutable in that there is no way to write spaces or other
characters to the memory used by this object after we are done with it.
KN> I don’t see a way to use say a character array to bind passwords.
KN> Has anyone else come across this issue? What is the recommended approach?
KN> Thanks
