The class DefaultJedisClientConfig overrides the getPassword method that returns a String.
Returning a string might be considered a potential security issue since an attacker might inspect the heap and find the value in plaintext.
Ideally we should just pass-through the value supplied by the provider here and not create a String based on the char[] array.
String getPassword() is still there to support legacy applications without breaking. We may remove it at some point in favor of getCredentialsProvider().
The class DefaultJedisClientConfig overrides the getPassword method that returns a String. Returning a string might be considered a potential security issue since an attacker might inspect the heap and find the value in plaintext. Ideally we should just pass-through the value supplied by the provider here and not create a String based on the char[] array.
Expected behavior
Return a char[] instead of String
Actual behavior
A string is returned.
Steps to reproduce:
N/A
Redis / Jedis Configuration
N/A
Jedis version:
N/A
Redis version:
Java version:
N/A