Consider exposing generated password from PasswordGenerator as a char array or buffer

[bindul]

It would be convenient to be able to get the generated password from PasswordGenerator as a char[] or CharBuffer. This would allow us to wipe out contents in the array to avoid Heap_Inspection risk flagged by Static Application Security Tool scans. Creating a String from the buffer with the generated password is disliked by those tools.

[maulijmehta]

Hi, I am facing with same in org.passay.PasswordData where password filed as String. If this password field as char[] this would help and resolve our Cleartext Storage of Sensitive Information in Memory issue flagged by veracode.