...
- uses objects to store sensitive data whose contents are not cleared or garbage collected after use
- has memory pages that can be swapped out to disk as required by the operating system (to perform memory management tasks and support hibernation)
- uses any buffers a buffer to hold sensitive data (such as
BufferedReader) . The that retains copies of the data in the OS cache and in the or in - memory copy of the data are also retained in this case. - bases its control flow on Reflection that allows circumventing any countermeasures to limit the lifetime of sensitive variables
- reveals sensitive data in debugging messages, log files, environment variables or through thread dumps and core dumps
Currently, complete mitigation requires support from the underlying operating system. For instance, if swapping out of sensitive data is an issue, a secure operating system that disables swapping and hibernation is indispensable.
...
This noncompliant code example reads login information from the console and stores the password as a String object. Consequently, the The credentials may remain exposed until the garbage collector reclaims the memory associated with the String objects.
...
This compliant solution uses the Console.readPassword() method to obtain the password from the console. This method allows the password to be returned as a sequence of characters as opposed to a String object. This is advantageous as it gives allows the programmer more control over clearing to clear the password from the array , immediately after use. The method also disables echoing of the password to the console.
...