[KAFKA-17014] ScramFormatter should not use String for password. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: security
Labels:
None

Description

Since String is immutable, there is no easy way to erase a String password after use. We should not use String for password. See also https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords

Attachments

Activity

People

Assignee:: dujian0068

Reporter:: Tsz-wo Sze

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 21/Jun/24 05:52

Updated:: 22/Jun/24 14:00