[Owasp-leaders] Generating Passwords
chandra at list.org
Thu Jan 15 20:31:29 EST 2009
Sherif, I don't think it quite works that way...
Since both the String and char types represent proper objects in Java, they'd be passed by reference into createConnection (so its not a matter of copying and deleting per se). Inside the createConnection function, if there were some string concatenation, then there would be additional copies of the password floating around memory (since Strings are immutable, concatenation results in copying). When createConnection returns, those String copies created inside the function body would be waiting around for garbage collection (provided they have a zero referene count).
As for code leading up to the call to createConnection, there might be a subtle difference between using a char type vs a String type, but I would have to think about that more before saying for sure.
~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~ ~~~~~ ~~~ ~~ ~
Pravir Chandra chandra<at>list<dot>org
PGP: CE60 0E10 9207 7290 06EB 5107 4032 63FC 338E 16E4
~ ~~ ~~~ ~~~~~ ~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
From: "Sherif Koussa" <sherif.fathy at gmail.com>
Date: Thu, 15 Jan 2009 20:04:42
To: <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] Generating Passwords
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders