going through some Fortify findings here and it is telling me not to use string data types for sensitive data because they can hang around in memory too long. This exposes the user's data should there be an unrelated memory attack, such as Heartbleed.
If I set a string var to null after use, does that memory location actually get cleared, or is a copy of the var created to store the null?
Thanks