Hi. I am wondering if H2 database login and encryption passwords could
be cleansed from the temporary memory after a user login or maybe
after a user logged out to prevent possible attacks against the
temporary memory or to prevent the passwords being used as buffer
texts to append to free spaces in file slacks. This should work
regardless if encryption on the databases are in place. It would be a
nice feature to have.
I have sample codes below that may help:
public void clearBytes(byte[] array) {
if (array != null) {
Arrays.fill(array, (byte) 0);
}
}
public void clearLoginPassword(char[] password) {
if (password != null) {
Arrays.fill(password, '\0');
}
}
The codes above have been modified from the Makagiga Project
(www.makagiga.sf.net) source code which is Apache 2 licensed.
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/h2-database?hl=en.
