I had this interview question yesterday. The interviewer asked me the following: "Why would it be more secure to store sensitive data in a char array rather than a String?" What would it be? Any ideas? Couldn't find answers to this.
Asked
Active
Viewed 32 times
0
-
Because you can iterate through the array and unset the data once you're done with it. – khelwood Jun 05 '18 at 13:19
-
^ , which is because strings are immutable. Even if you reflectively obtain the char array (which is not always possible because of compiler optimizations and future implementation updates, (e.g. byte array in Java 10)), there might already be multiple copies throughout your ram. – Mark Jeronimus Jun 05 '18 at 13:24