[Owasp-leaders] Generating Passwords

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Thu Jan 15 17:37:32 EST 2009


I am curious whether others believe that passwords should be done in a
way that avoids garbage collection. For example, I could do the below:
public Connection
<http://java.sun.com/j2ee/1.4/docs/api/javax/jms/Connection.html>
createConnection(String
<http://java.sun.com/j2se/1.4/docs/api/java/lang/String.html>  userName,
String <http://java.sun.com/j2se/1.4/docs/api/java/lang/String.html>
password) throws JMSException
<http://java.sun.com/j2ee/1.4/docs/api/javax/jms/JMSException.html> 
Or
public Connection
<http://java.sun.com/j2ee/1.4/docs/api/javax/jms/Connection.html>
createConnection(String
<http://java.sun.com/j2se/1.4/docs/api/java/lang/String.html>  userName,
char[] password) throws JMSException
<http://java.sun.com/j2ee/1.4/docs/api/javax/jms/JMSException.html> 
Where the later wouldn't allow the password to linger in memory. Do I
have a false belief?


http://www.owasp.org/index.php/Password_length_&_complexity
************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090115/6e681d4e/attachment.html 


More information about the OWASP-Leaders mailing list