Howdy, Is there a way to use the FTPSClient.login(username, password) where password is a char[] instead of a String? Strings are immutable and don't get removed from memory until garbage collection. That means that the password can possibly be recovered from a memory dump. However, if password was a char[], I could do Arrays.fill(password, ' ') and there would be no traces of the password in memory once I was done with using it.
For a more detailed explanation of this, you can go to http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords. I didn't see an option for a char[] instead of String for password, but I could have missed one. If there is not currently a way to use a char[], you could also probably get away with changing the password from type String to CharSequence (the interface that String implements). That way FTPSClient is backwards compatible and you can clear passwords after use by using a CharBuffer (also implements CharSequence) instead of a String. Thanks, Nicholas Castorina This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
