...
This solution fixes the vulnerabilities in the previous two noncompliant examples. In both setPassword and checkPassword, the cleartext representation of the password is erased as soon as it is converted into a hash value. After this happens, there is no way for an attacker to get the password as cleartext.