[ https://issues.apache.org/jira/browse/LOG4J2-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Remko Popma reopened LOG4J2-1896: --------------------------------- As per discussion in LOG4J2-2054, I will replace the {{PasswordProvider}} interface with a generic {{SecretProvider<T>}} interface and move it to {{core.util}}. The interface will still have only one method so on Java 8 it can be conveniently implemented with a lambda. The {{MemoryPasswordProvider}} implementation can remain as it is (after changing it to {{implement SecretProvider<char[]>}}. > Update classes in org.apache.logging.log4j.core.net.ssl in APIs from String > to char[] for passwords > --------------------------------------------------------------------------------------------------- > > Key: LOG4J2-1896 > URL: https://issues.apache.org/jira/browse/LOG4J2-1896 > Project: Log4j 2 > Issue Type: Improvement > Components: Configurators > Reporter: Gary Gregory > Assignee: Remko Popma > Fix For: 2.10.0 > > > Update {{org.apache.logging.log4j.core.net.ssl.StoreConfiguration}} from a > {{String}} to {{char[]}} to represent its password. > The goal is to reduce the security risk of using a String for a password. See > https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords -- This message was sent by Atlassian JIRA (v6.4.14#64029)