[HTTPCLIENT-1106] Use character arrays for passwords in Credentials objects, not Strings - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.1.1
Fix Version/s: 5.0 Alpha1
Component/s: HttpClient (classic)
Labels:
None

Description

Its fairly conventional to use char[] to represent passwords in Java, because using Strings can present security issues:

http://securesoftware.blogspot.com/2009/01/java-security-why-not-to-use-string.html
http://download.oracle.com/javase/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBEEx

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: John Karp

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 28/Jun/11 22:13

Updated:: 04/May/17 09:48

Resolved:: 10/Aug/15 19:48