Java Reference
In-Depth Information
// Dummy verify method, always returns true
private static final boolean verify(String username,
char[] password) {
return true;
}
}
The
Console.readPassword()
method allows the password to be returned as a se-
quence of characters rather than as a
String
object. Consequently, the programmer can
clear the password from the array immediately after use. This method also disables echo-
ing of the password to the console.
Noncompliant Code Example
This noncompliant code example uses a
BufferedReader
to wrap an
InputStream-
Reader
object so that sensitive data can be read from a file:
void readData() throws IOException{
BufferedReader br = new BufferedReader(new InputStreamReader(
new FileInputStream("file")));
// Read from the file
String data = br.readLine();
}
The
BufferedReader.readLine()
method returns the sensitive data as a
String
ob-
ject, which can persist long after the data is no longer needed. The
BufferedRead-
er.read(char[], int, int)
method can read and populate a
char
array. However, it
requirestheprogrammertomanuallyclearthesensitivedatainthearrayafteruse.Altern-
atively, even if the
BufferedReader
were to wrap a
FileReader
object, it would suffer
from the same pitfalls.
Compliant Solution
This compliant solution uses a directly allocated NIO (new I/O) buffer to read sensitive
data from the file. The data can be cleared immediately after use and is not cached or buf-
fered in multiple locations. It exists only in the system memory.
