Why is char[] preferred over String for storing passwords?

Yes, Storing password in String object is not safe for following reasons −

• String objects are immutable and until garbage collected, they remain in memory.

• String being plain text can be tracked in memory dump of the application.

• In log, String based password may be printed which can cause a problem.

Char[] can be cleared or wiped out after the job is done.

Sreemaha

Published on 06-Feb-2018 07:40:09

• Related Questions & Answers
• Why is gold jewellery more preferred over silver jewellery?
• Why is a Dictionary preferred over a Hashtable in C#?
• What is Java Server Pages, JSP? Why JSP is preferred over CGI?
• Why is cow milk preferred over Buffalo milk by most fitness freaks?
• Why Char[] array is more secure (store sensitive data) than String in Java?
• Why did Facebook recently buy passwords off Black market?
• When can a double-type be preferred over float-type in Java?
• What is the preferred way to concatenate a string in Python?
• Why do we use jQuery over JavaScript?
• Why string is immutable in Java?
• char vs string keywords in C#
• Count number of occurrences for each char in a string with JavaScript?
• Best data type for storing large strings in MySQL?
• Which MySQL Datatype should be used for storing BloodType?
• Encrypting Passwords in PHP