[Owasp-leaders] Generating Passwords

Pravir Chandra chandra at list.org
Thu Jan 15 20:31:29 EST 2009

Sherif, I don't think it quite works that way...

Since both the String and char[] types represent proper objects in Java, they'd be passed by reference into createConnection (so its not a matter of copying and deleting per se). Inside the createConnection function, if there were some string concatenation, then there would be additional copies of the password floating around memory (since Strings are immutable, concatenation results in copying). When createConnection returns, those String copies created inside the function body would be waiting around for garbage collection (provided they have a zero referene count).

As for code leading up to the call to createConnection, there might be a subtle difference between using a char[] type vs a String type, but I would have to think about that more before saying for sure.


~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~ ~~~~~ ~~~ ~~ ~
Pravir Chandra                      chandra<at>list<dot>org
PGP:    CE60 0E10 9207 7290 06EB   5107 4032 63FC 338E 16E4
~ ~~ ~~~ ~~~~~ ~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~

-----Original Message-----
From: "Sherif Koussa" <sherif.fathy at gmail.com>

Date: Thu, 15 Jan 2009 20:04:42 
To: <owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] Generating Passwords

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org

More information about the OWASP-Leaders mailing list