jbertram commented on pull request #3851: URL: https://github.com/apache/activemq-artemis/pull/3851#issuecomment-1031821305
@gemmellr, thanks for the clarification. @brusdev, I agree with @gemmellr here. I think we should keep `char[]`. For what it's worth, the reason `char[]` is used for the password in many places is because it is arguably more secure than `String` mainly because `String` is immutable and may stay on the heap for a long time whereas `char[]` can be sanitized after use which means it is not vulnerable to heap inspection. The broker itself should probably do a better job of using `char[]` for passwords in _more_ places, not fewer. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
