Closed GoogleCodeExporter closed 8 years ago
Changing String to char[] would provide a very minor security improvement, but
would also make our APIs much harder to work with.
Some of our Rules require Strings, so deployers would have to be aware that the
use of some rules will naturally result in the construction of Strings.
Those sorts of concerns make me believe that we're better off educating
deployers on how to secure their systems rather than attempting to defend
against this type of attack.
Original comment by dfis...@gmail.com
on 10 Oct 2014 at 2:21
Original issue reported on code.google.com by
G.Delafo...@gmail.com
on 22 Apr 2014 at 1:28