Android Shared preference wrapper than encrypts the values of Shared Preferences. It's not bullet proof security but rather a quick win for incrementally making your android app more secure.
1.53k
stars
235
forks
source link
Do not hold user password in String object, use Char[] instead #84
A cardinal rule of passphrases in Java is: do not hold them in String objects. You have no means of clearing those from memory, as a String is an immutable value.
Instead of String, use Char[] for any sensitive data. When all operations are finished with Char[], it can be overwritten with zero’s or junk text to clear it from memory.
scottyab
commented
5 years ago
A cardinal rule of passphrases in Java is: do not hold them in String objects. You have no means of clearing those from memory, as a String is an immutable value.
Instead of String, use Char[] for any sensitive data. When all operations are finished with Char[], it can be overwritten with zero’s or junk text to clear it from memory.
References: https://nvisium.com/blog/2016/03/31/secure-password-strings.html https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords