Nicholas, We could add a FTPClient.login(String, char[]) method but using char[] all the way through the login code path could mean a lot of change. You might want to create a feature request in a JIRA. Patches are always welcome.
Gary On Wed, Nov 5, 2014 at 11:20 AM, Nicholas Castorina < [email protected]> wrote: > Howdy, > Is there a way to use the FTPSClient.login(username, password) where > password is a char[] instead of a String? Strings are immutable and don't > get removed from memory until garbage collection. That means that the > password can possibly be recovered from a memory dump. However, if > password was a char[], I could do Arrays.fill(password, ' ') and there > would be no traces of the password in memory once I was done with using it. > > For a more detailed explanation of this, you can go to > http://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords > . > > I didn't see an option for a char[] instead of String for password, but I > could have missed one. If there is not currently a way to use a char[], > you could also probably get away with changing the password from type > String to CharSequence (the interface that String implements). That way > FTPSClient is backwards compatible and you can clear passwords after use by > using a CharBuffer (also implements CharSequence) instead of a String. > > Thanks, > Nicholas Castorina > > This message and the information contained herein is proprietary and > confidential and subject to the Amdocs policy statement, > you may review at http://www.amdocs.com/email_disclaimer.asp > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition <http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
