Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-17014

ScramFormatter should not use String for password.

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security
    • None

    Description

      Since String is immutable, there is no easy way to erase a String password after use. We should not use String for password. See also https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            bmilk dujian0068
            szetszwo Tsz-wo Sze
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment