Details
-
New Feature
-
Resolution: Fixed
-
Major
-
3.1.0, Beryllium
-
Security Level: Public
-
0
Description
It is best practice to keep passwords in memory, where they can be observed by malicious library code, for as short a time as possible. Java strings are immutable and cannot be zeroed out. Representing the password as a char[] allows it to be cleared when it is released.