Passwords can't end in buffers because the VM zero's memory before it gives it
to you.
Thotheolh wrote:
> Hi. I am wondering if H2 database login and encryption passwords could
> be cleansed from the temporary memory after a user login or maybe
> after a user logged out to prevent possible attacks against the
> temporary memory or to prevent the passwords being used as buffer
> texts to append to free spaces in file slacks. This should work
> regardless if encryption on the databases are in place. It would be a
> nice feature to have.
>
> I have sample codes below that may help:
>
> public void clearBytes(byte[] array) {
> if (array != null) {
> Arrays.fill(array, (byte) 0);
> }
> }
>
> public void clearLoginPassword(char[] password) {
> if (password != null) {
> Arrays.fill(password, '\0');
> }
> }
>
> The codes above have been modified from the Makagiga Project
> (www.makagiga.sf.net) source code which is Apache 2 licensed.
>
--
You received this message because you are subscribed to the Google Groups "H2
Database" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/h2-database?hl=en.
