[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Mingdao Yang (Jira) Mon, 03 Mar 2025 14:47:13 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-17014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17932104#comment-17932104
 ]


Mingdao Yang commented on KAFKA-17014:
--------------------------------------

[~szetszwo] Please see [https://github.com/apache/kafka/pull/19082]

Thank you.

> ScramFormatter should not use String for password.
> --------------------------------------------------
>
>                 Key: KAFKA-17014
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17014
>             Project: Kafka
>          Issue Type: Improvement
>          Components: security
>            Reporter: Tsz-wo Sze
>            Assignee: dujian0068
>            Priority: Major
>
> Since String is immutable, there are no easy ways to erase a String password 
> after use.  It is a security concern so we should not use String for 
> passwords.  See also  
> https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-17014) ScramFormatter should not use String for password.

Reply via email to