...
| Code Block | ||
|---|---|---|
| ||
class Password {
public static void main(String[] args) throws IOException {
char[] password = new char[100];
BufferedReader br = new BufferedReader(new InputStreamReader(
new FileInputStream("password.txt")));
// Reads the password into the char array, returns the number of bytes read
int n = br.read(password);
// Decrypt password, perform operations
for(int i = n - 1; i >= 0; i--) { // Manually clear out the password immediately after use
password[i] = 0;
}
br.close();
}
}
|
To further limit the exposure time of the sensitive password, follow the guideline MSC08-J. Limit the lifetime of sensitive data by replacing BufferedReader with a direct NIO buffer.
...
| Code Block | ||
|---|---|---|
| ||
// usernameUsername and password are read at runtime from a secure config file public final Connection getConnection() throws SQLException { return DriverManager.getConnection("jdbc:mysql://localhost/dbName", username, password); } |
...