Name: rmT116609 Date: 11/11/2003


A DESCRIPTION OF THE REQUEST :
A common security precaution to prevent accidental disclosure of passwords is to overwrite the memory used to hold them once the password is no longer needed. This is easy to do in C/C++ using memset() to fill the char array with X's. If you do this and the process core dumps the core file will not contain passwords, just arrays of X's.

There is no way to do something similar in Java. Since the String class is immutable there is no way to overwrite a password stored in a String, such as returned from ServletRequest.getParameter(). The best it seem we can do is release all references to the String object and hope that it gets garbage collected some time soon.

Please see Forum thread at: http://forum.java.sun.com/thread.jsp?forum=31&thread=463624&start=0&range=15#2128123



JUSTIFICATION :
The current situation makes it more likely passwords and other sensitive data will be disclosed.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The JVM needs to provide a way to overwrite a String to ensure that sensitive data is removed from the JVM's memory space. Also need guarantees that the JVM will not make additional copies of the String.


CUSTOMER SUBMITTED WORKAROUND :
Use reflection to get the char[] wrapped by the String and clear all its contents.
(Incident Review ID: 225185)
======================================================================