[
https://issues.apache.org/jira/browse/LOG4J2-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15999552#comment-15999552
]
ASF subversion and git services commented on LOG4J2-1896:
---------------------------------------------------------
Commit 422d09022acfe3f34e3dbcf32d87ac50198ad560 in logging-log4j2's branch
refs/heads/master from [~garydgregory]
[ https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=422d090 ]
[LOG4J2-1896]
Update org.apache.logging.log4j.core.net.ssl.StoreConfiguration from a
String to char[] to represent its password.
> Update org.apache.logging.log4j.core.net.ssl.StoreConfiguration from a String
> to char[] to represent its password
> -----------------------------------------------------------------------------------------------------------------
>
> Key: LOG4J2-1896
> URL: https://issues.apache.org/jira/browse/LOG4J2-1896
> Project: Log4j 2
> Issue Type: Improvement
> Components: Configurators
> Reporter: Gary Gregory
> Assignee: Gary Gregory
> Fix For: 2.9
>
>
> Update {{org.apache.logging.log4j.core.net.ssl.StoreConfiguration}} from a
> {{String}} to {{char[]}} to represent its password.
> The goal is to reduce the security risk of using a String for a password. See
> https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
