[jira] [Created] (HTTPCLIENT-1106) Use character arrays for passwords in Credentials objects, not Strings

John Karp (JIRA) Tue, 28 Jun 2011 15:13:54 -0700

Use character arrays for passwords in Credentials objects, not Strings
----------------------------------------------------------------------


                 Key: HTTPCLIENT-1106
                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1106
             Project: HttpComponents HttpClient
          Issue Type: Improvement
          Components: HttpAuth
    Affects Versions: 4.1.1
            Reporter: John Karp
            Priority: Minor


Its fairly conventional to use char[] to represent passwords in Java, because 
using Strings can present security issues:

http://securesoftware.blogspot.com/2009/01/java-security-why-not-to-use-string.html
http://download.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx


--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HTTPCLIENT-1106) Use character arrays for passwords in Credentials objects, not Strings

Reply via email to