[OWASP-ESAPI] ESAPI SecureStrings
ron.lievens at sogeti.nl
Thu Apr 2 04:40:37 EDT 2009
Thanks for all your replies.
Van: Stephen de Vries [mailto:stephen at twisteddelight.org]
Verzonden: donderdag 2 april 2009 10:33
Aan: Lievens, Ron
CC: ESAPI OWASP
Onderwerp: Re: [OWASP-ESAPI] ESAPI SecureStrings
> In the web services we develop, we store credit-card information.
> Most people will use Strings to store credit-card info and store an
> encrypted version in the database.
> But Strings in Java are immutable and are not deleted by the garbage
> collection. (what's new)
Not so. Instances of String created at runtime are treated the same
as any other object and are garbage collected according to the normal
rules. The only types of string that aren't GC'd are those created in
the literal pool, see:
This message contains information that may be privileged or confidential and is the property of Sogeti Nederland B.V. or its Group members. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
More information about the OWASP-ESAPI