-1

To log into the google app engine api I need to provide a password. I do not want to hard code the password in the source code, so I provide a method that reads the password from a locally stored file. Is this a secure method?

I'm using the google app engine remote api, which requires to enter a username/password : 

private String readPassword(){
    String str = "";
    try {
        BufferedReader in = new BufferedReader(new FileReader("c:\\password\\file.txt"));
         while ((str = in.readLine()) != null){         
        in.close();
         }
    } catch (IOException e) {
    }
    return str;
}
Nathaniel Ford
  • 20,545
  • 20
  • 91
  • 102
blue-sky
  • 51,962
  • 152
  • 427
  • 752
  • 2
    What are you trying to protect against? If you want to protect against attackers who can read the local disk, then no. If you want to protect against attackers who can read memory, then no. If bugs in your program might allow reading and echoing of that file (e.g. via a web directory listing), then no. – Mike Samuel Feb 02 '13 at 01:08
  • Your code is wrong. Change that `while` for an `if` or it will crash easly – Adrián Feb 02 '13 at 01:08
  • Also, maybe security.stackexchange.com would be a better forum. – Mike Samuel Feb 02 '13 at 01:08
  • What GAE api are you trying to use? OAuth may be a better alternative. – Sebastian Kreft Feb 02 '13 at 01:12
  • @SebastianKreft im using the remote api, which requires to enter a username/password : https://developers.google.com/appengine/docs/java/tools/remoteapi – blue-sky Feb 02 '13 at 01:25

1 Answers1

-1

In Java, it's recommended to use a char array for storing passwords. See this SO answer for a good explanation.

In short, Strings are more vulnerable to being exposed in memory dumps, whereas char arrays can be explicitly wiped as soon as they're not needed anymore.

Community
  • 1
  • 1
Karl Barker
  • 11,095
  • 3
  • 21
  • 26
  • 1
    `char[]`s are not safe against memory dumps since mark-and-sweep garbage collectors often copy memory during the compact phase which means that the zeroed out copy might not be the only copy. – Mike Samuel Feb 02 '13 at 01:10
  • Not safe, certainly, but a little better at least. – Karl Barker Feb 02 '13 at 01:12
  • That's probably true if you don't share a VM and zero early in the program before doing any unbounded allocation. Memory mapping a file might give you better control though. Either way, if you're passing the password to any kind of complicated third-party code, like a network send library, then you lose control over how many copies exist in memory. – Mike Samuel Feb 02 '13 at 01:14