Uploaded image for project: 'Couchbase Lite'
  1. Couchbase Lite
  2. CBL-4264

Increased security: store BasicAuthenticator password as a char[] and zero before release

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Fixed
    • Major
    • Deprecated
    • 3.1.0, Beryllium
    • Java, Java-Android
    • Security Level: Public
    • 0

    Description

      It is best practice to keep passwords in memory, where they can be observed by malicious library code, for as short a time as possible.  Java strings are immutable and cannot be zeroed out.  Representing the password as a char[] allows it to be cleared when it is released.

      Attachments

        Activity

          People

            The Lite The Lite
            blake.meike Blake Meike
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              PagerDuty