Menu
Why
getText()in JPasswordField was deprecated?
According to this answer for the above question, what I understood was that creating a String object containing the password is a security threat because it may remain in the memory for a while and it is immutable.
So I was wondering,
How easy is it to retrieve something which has been hanging around in the memory, without a reference or left out for garbage collection?
And how do you do it?
EDIT
As the question has been closed, be kind to share your knowledge by adding a comment, and consider reopening the question if you believe it may get interesting answers in the future. :)
378
https://en.wikipedia.org/wiki/Heartbleed
This is a good real-world example of things hanging in memory being used for exploitation. There's different ways to do it, so it's good to just make sure things that are valuable aren't being left hanging. Usually these attacks are just guess-and-check. You just keep sending information and piecing together the bits of extra memory you get in return.
137
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
