Menu
Our web-based applications has user accounts tied down to users with the passwords specified during account creation. In the case of Java, how does one process the password securely, before persisting its hash in the database.
To be more specific, how does one ensure that the string holding the password is garbage collected within a sufficiently short interval of time ?
370
If you have the possibility (may be difficult in web applications), it would be better to store passwords in character arrays than to store them in strings. If you finished storing the password you can overwrite it in memory by using Array.fill() and make the reference available for the garbage collector by discarding it:
Arrays.fill(password, ' ');
password = null;
I just noticed that nulling the password would be a bit paranoid but you can do if it reassures you :)
71
You do not use a String. You use a char[] and then overwrite the char[] when done.
There are absolutely no guarantees when it comes to garbage collection (aside from that the finalizer will run before the object is collected). The GC may never run, if it runs it may never GC the String that has the password in it.
25
If you create the hash on the client side, there should be no need to think about this problem. The plain password is never submitted to the server.
35
Two words: Local Scope. The declared variables for password processing need to have the absolute smallest scope possible.
Once the variables go out of scope, the objects are eligible for garbage collection.
Often, you're picking things out of a request. You want a very, very small transaction that accepts the request, hashes the password, persists it and redirects. The page to which you redirect can then fetch content and do all the "other" processing that is part of your application.
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
