...
Although this approach fixes the decryption problem from the previous noncompliant code example, at runtime this code may inadvertently store the passwords as cleartext. Java string objects are immutable, and can be copied and internally stored by the JVM. Consequently, Java lacks a mechanism to securely erase a password once it has been stored in a String. See MSC10MSC56-J. Limit the lifetime of sensitive data for more information.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5b2c6cf8b4ac4534-7a639e74-46cd4088-bab79308-f6e3500eb61a4bbcfe2eb357"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Insufficiently Protected Credentials [java:XYM]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE ID 256, "Plaintext Storage of a Password" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b779fd2f9661f8ec-db90ab0c-4bba4687-8f87bbb0-723c48c3d32fe6648b0ce7ed"><ac:plain-text-body><![CDATA[ | [SD:[API 2006 | java:AA. References#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="98aa9a3e904fb65a-8f9d7d24-471242b1-9b2ca608-9f9f00acce6a2c85548a830e"><ac:plain-text-body><![CDATA[ | [SD:[API 2006 | java:AA. References#API 06]] | Class | ]]></ac:plain-text-body></ac:structured-macro> |
Passwords never in clear text | ||||
Salt (cryptography) | ||||
Cryptographic hash function | ||||
|
...