I am writing a Java program that asks the user to enter their mysql username and password to log in to a MySql instance. I am using
Console console = new Console();
char[] password = console.readPassword("%s", SQLPlus.PROMPT + "Password:");
to store their password. After I have used the password to log in, how can I eliminate any trace of it from the variable and memory? From the javadocs, it is suggested to use
java.util.Arrays.fill(passwordd, ' ');
to delete the data from memory. Is this enough?
This questions is asking what to do after a char[] has been used to store a password, not why it should be used instead of a string.
