4

I am writing a little web framework and I want to enable SSL encryption with a SSL key which will be supplied by the user.

This might seem overly cautious, but is it common to pass the password for the keystore file as a String passed in the parameters of a method?

This is what I had in mind:

public void enableSSL(String keystorePath, String keystorePassword) {
    // ... do things
}
TomTom
  • 2,820
  • 4
  • 28
  • 46

1 Answers1

3

It is always safer to store the password into character array than a string.

Please refer below query: Why is char[] preferred over String for passwords?

Also refer the below coding guide lines from oracle site: http://www.oracle.com/technetwork/java/seccodeguide-139067.html#2

Community
  • 1
  • 1
Vasu
  • 21,832
  • 11
  • 51
  • 67
  • 2
    Please mark this question as duplicate rather than trying to feed off someone elses's answer. – Vince Sep 08 '15 at 22:53