Uploaded image for project: 'Couchbase Lite'
  1. Couchbase Lite
  2. CBL-588

API: Passwords should never be Strings in Java

    XMLWordPrintable

Details

    • New Feature
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 2.8.0
    • postHelium
    • API, Java-Android
    • Security Level: Public
    • 5

    Description

      We should not be putting sensitive info into Java Strings. A String is immutable and cannot be zeroed out. Its contents are visible to any code with access to the process memory, until the memory used by the string is GC'd and reused.

      Passwords should be passed around in char[], and zeroed as soon as they are no longer required.

      I believe this applies to the classes C4Key, BasicAuthenticator and CBLWebSocket

      This is an API breaking change and cannot be implemented until 3.0

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. CBL-1356 Remove deprecated constructor BasicAuthenticator(String, String)

          • Major - Major loss of function.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Ascending order - Click to sort in descending order
            daniel.petersen Daniel Petersen added a comment -

            Blake Meike, did you already do this?

            daniel.petersen Daniel Petersen added a comment - Blake Meike , did you already do this?
            blake.meike Blake Meike added a comment -

            I did part of it. There are still Passwords in Strings. I suspect that there will be passwords in Core strings for quite a while.

            I suspect that doing this would only be valuable if we did it, essentially, everywhere: Always overwrite password strings in memory. I think we are probably just not going to get around to doing that.

            blake.meike Blake Meike added a comment - I did part of it. There are still Passwords in Strings. I suspect that there will be passwords in Core strings for quite a while. I suspect that doing this would only be valuable if we did it, essentially, everywhere: Always overwrite password strings in memory. I think we are probably just not going to get around to doing that.

            People

              The Lite The Lite
              blake.meike Blake Meike
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty