[OWASP-ESAPI] ESAPI SecureStrings

Lievens, Ron ron.lievens at sogeti.nl
Thu Apr 2 04:40:37 EDT 2009


Thanks for all your replies.


Greets,

Ron Lievens

-----Oorspronkelijk bericht-----
Van: Stephen de Vries [mailto:stephen at twisteddelight.org] 
Verzonden: donderdag 2 april 2009 10:33
Aan: Lievens, Ron
CC: ESAPI OWASP
Onderwerp: Re: [OWASP-ESAPI] ESAPI SecureStrings


>
> In the web services we develop, we store credit-card information.
> Most people will use Strings to store credit-card info and store an  
> encrypted version in the database.
>
> But Strings in Java are immutable and are not deleted by the garbage  
> collection. (what's new)

Not so.  Instances of String created at runtime are treated the same  
as any other object and are garbage collected according to the normal  
rules.  The only types of string that aren't GC'd are those created in  
the literal pool, see:
http://www.xyzws.com/Javafaq/what-is-string-literal-pool/3


Stephen

Disclaimer:
This message contains information that may be privileged or confidential and is the property of Sogeti Nederland B.V. or its Group members. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.


More information about the OWASP-ESAPI mailing list