Open bindul opened 3 years ago
Hi, I am facing with same in org.passay.PasswordData where password filed as String. If this password field as char[] this would help and resolve our Cleartext Storage of Sensitive Information in Memory issue flagged by veracode.
It would be convenient to be able to get the generated password from
PasswordGenerator
as achar[]
orCharBuffer
. This would allow us to wipe out contents in the array to avoid Heap_Inspection risk flagged by Static Application Security Tool scans. Creating a String from the buffer with the generated password is disliked by those tools.