当前位置: 首页 » java

Why is char[] preferred over String for passwords?

In Swing, the password field has a getPassword() (returns char[] ) method instead of the usual getText() (returns String ) method. Similarly, I have come across a suggestion not to use String to handle passwords. Why does String pose a threat to security when it comes to passwords? It feels inconvenient to use char[] . Strings are immutable . That means once you've created the String ,

2018-06-05 16:10:48

为什么字符[]优先于字符串的密码?

在Swing中,密码字段有一个getPassword() (返回char[] )方法,而不是通常的getText() (返回String )方法。 同样,我遇到了一个建议,不要使用String来处理密码。 为什么String在密码方面对安全构成威胁? 使用char[]会感觉不方便。 字符串是不可变的 。 这意味着一旦你创建了String ,如果另一个进程可以转储内存,就没有办法(除了反射),你可以在垃圾回收开始之前摆脱数据。 使用数组,您可以在完成数据后明确清

2018-06-05 16:10:47

Why returns getPassword() from the Object JPasswordField an char[]?

This question already has an answer here: Why is char[] preferred over String for passwords? 17 answers Well. The point is, that the lifecycle of a String is a little bit special. All Strings are stored in a String Pool. When the reference is lost (dereferencing) for example when you say String = null; the String is still alive in the internal string pool (and can be accessed in a kind o

2018-06-05 16:09:45

为什么要从Object JPasswordField返回一个char []?getPassword()?

这个问题在这里已经有了答案: 为什么字符[]优先于字符串的密码? 17个答案 好。 重点是,字符串的生命周期有点特别。 所有字符串都存储在字符串池中。 当引用丢失(取消引用)时,例如当你说String = null; 字符串在内部字符串池中仍然存在(并且可以通过某种我不知道的方式访问)。 这就是密码存储在char []中的原因。 由于这些对象是“正常的”。

2018-06-05 16:09:45

Java: Console class

Possible Duplicate: Why is char[] preferred over string for passwords? Reading the java documentation, i found this statement about Console class First, it suppresses echoing, so the password is not visible on the user's screen. Second, readPassword returns a character array, not a String, so the password can be overwritten, removing it from memory as soon as it is no longer needed.

2018-06-05 16:08:43

Java:控制台类

可能重复: 为什么char []优先于字符串的密码? 阅读java文档,我发现了关于Console类的这个声明 首先,它抑制回声,所以密码在用户的屏幕上不可见。 其次,readPassword返回一个字符数组,而不是一个String,所以密码可以被覆盖,一旦不再需要它就从内存中移除。 为什么一个字符数组可以被覆盖并且一个String不是? 或者,也许可以更简单的方式覆盖角色数组? JVM可以将String保存在一个名为String pool的地方,以

2018-06-05 16:08:43

How to pass SSL keystore password?

This question already has an answer here: Why is char[] preferred over String for passwords? 17 answers It is always safer to store the password into character array than a string. Please refer below query: Why is char[] preferred over String for passwords? Also refer the below coding guide lines from oracle site: http://www.oracle.com/technetwork/java/seccodeguide-139067.html#2

2018-06-05 16:07:41

如何通过SSL密钥库密码?

这个问题在这里已经有了答案: 为什么字符[]优先于字符串的密码? 17个答案 将密码存储到字符数组比字符串更安全。 请参阅下面的查询:为什么char []首选String而不是密码? 另请参阅oracle站点中的以下编码指导行:http://www.oracle.com/technetwork/java/seccodeguide-139067.html#2

2018-06-05 16:07:41

Is it a good practice to nullifying String in java

This question already has an answer here: Why is char[] preferred over String for passwords? 17 answers No. Nullifying a string would only delink the reference. But the value will still exist in string pool. Because to conserve memory, string values are retained in the string pool. Any potential hacker, can retrieve the value by gaining access to the string pool . Whereas, using char[]

2018-06-05 16:06:39

在java中取消String是否是一个好习惯

这个问题在这里已经有了答案: 为什么字符[]优先于字符串的密码? 17个答案 否。忽略一个字符串只会使引用脱钩 。 但是这个值仍然会存在于字符串池中。 由于为了节省内存,字符串值保留在字符串池中。 任何潜在的黑客都可以通过访问字符串池来获取价值。 而使用char [],您可以简单地将该对象视为任何其他对象。 并且取消char对象将在垃圾回收时清除堆中的数据。 一个更好的选择将使用一个字节数组。 阅读更多关

2018-06-05 16:06:39

Java storing sensitive 'key' as String or char[]?

Possible Duplicate: Why is char[] preferred over string for passwords? I read somewhere that storing a sensitive key as a char[] rather than a String is better because the latter can be found in the memory. It also makes a little sense because of JPasswordField's getText() method being Deprecated. Is this true? Once you are done using the password in a char[] you can always overwrite

2018-06-05 16:05:37

Java将敏感的'key'存储为String或char []?

可能重复: 为什么char []优先于字符串的密码? 我在某处读取将敏感键存储为char []而不是String的方式会更好,因为后者可以在内存中找到。 由于JPasswordField的getText()方法被弃用,它也有点意义。 这是真的? 一旦你在char[]使用密码,你总是可以用0或随机值覆盖它。 然而,你不能用String对象来做到这一点,因为它们是Java中的不可变对象,并且这些字符串将保持活动状态,直到垃圾收集器启动并清除它为止。 h

2018-06-05 16:05:37

Why we read password from console in char array instead of String

Possible Duplicate: Why is char[] preferred over string for passwords? When I was preparing for OCPJP I came accross the topic - "Reading User input from console". There was an example where it read username in String reference, whereas password in a char[] array, but I couldn't understand why it used char array.. Here is the code : - Console console = System.console(); Stri

2018-06-05 16:04:35

为什么我们在char数组而不是String中从控制台读取密码?

可能重复: 为什么char []优先于字符串的密码? 当我准备OCPJP我来到了主题 - “从控制台读取用户输入”。 有一个例子,它在String引用中读取username ,而在char[]数组中使用password ,但我无法理解它为什么使用char数组。下面是代码: - Console console = System.console(); String username = console.readLine("User Name? "); char[] password = console.readPassword("Password? "); 这在我心中引起了怀疑。为什

2018-06-05 16:04:35

Generate a random double in a range

I have two doubles like the following double min = 100; double max = 101; and with a random generator, I need to create a double value between the range of min and max. Random r = new Random(); r.nextDouble(); but there is nothing here where we can specify the range. 要在rangeMin和rangeMax之间生成一个随机值: Random r = new Random(); double randomValue = rangeMin + (rangeMax - rangeMin) * r.

2018-06-05 14:45:54

在一个范围内生成一个随机double

我有两个双打,如下所示 double min = 100; double max = 101; 和一个随机发生器,我需要在最小和最大范围之间创建一个双值。 Random r = new Random(); r.nextDouble(); 但是我们没有什么可以指定范围的地方。 要在rangeMin和rangeMax之间生成一个随机值: Random r = new Random(); double randomValue = rangeMin + (rangeMax - rangeMin) * r.nextDouble(); 这个问题在Java 7发布之前就已经问过了,但现在有另一种使用

2018-06-05 14:45:54

Why does thenCallRealMethod() lose the arguments here?

I have the following code: when(mockedOperation.getResult(anyDouble(), anyDouble())).thenCallRealMethod(); when(mockedOperation.division(anyDouble(), not(eq(0d)))).thenCallRealMethod(); Where Operation is something like Command pattern - it encapsulates some concrete action, in this case, simplified - division operation. The result retrieval happens not directly, but by the means of contract m

2018-06-05 14:35:33

为什么thenCallRealMethod()在这里失去了参数?

我有以下代码: when(mockedOperation.getResult(anyDouble(), anyDouble())).thenCallRealMethod(); when(mockedOperation.division(anyDouble(), not(eq(0d)))).thenCallRealMethod(); 其中Operation类似Command模式 - 它封装了一些具体操作,在这种情况下,简化了分割操作。 检索结果不是直接发生,而是通过合约方法,例如getResult(arg1, arg2) 。 所以,我打电话 mockedOperation.division(10d, 3d); 但(从我的具

2018-06-05 14:35:33

Java code To convert byte to Hexadecimal

I have an array of bytes. I want each byte String of that array to be converted to its corresponding hexadecimal values. Is there any function in Java to convert a byte array to Hexadecimal ? byte[] bytes = {-1, 0, 1, 2, 3 }; StringBuilder sb = new StringBuilder(); for (byte b : bytes) { sb.append(String.format("%02X ", b)); } System.out.println(sb.toString());

2018-06-05 14:22:05

Java代码将字节转换为十六进制

我有一个字节数组。 我希望将该数组的每个字节字符串转换为其相应的十六进制值。 Java中有没有将字节数组转换为十六进制数的函数? byte[] bytes = {-1, 0, 1, 2, 3 }; StringBuilder sb = new StringBuilder(); for (byte b : bytes) { sb.append(String.format("%02X ", b)); } System.out.println(sb.toString()); // prints "FF 00 01 02 03 " 也可以看看 java.util.Formatter语法

2018-06-05 14:22:05