• <tfoot id='PVob7'></tfoot>
        <legend id='PVob7'><style id='PVob7'><dir id='PVob7'><q id='PVob7'></q></dir></style></legend>
      1. <small id='PVob7'></small><noframes id='PVob7'>

        <i id='PVob7'><tr id='PVob7'><dt id='PVob7'><q id='PVob7'><span id='PVob7'><b id='PVob7'><form id='PVob7'><ins id='PVob7'></ins><ul id='PVob7'></ul><sub id='PVob7'></sub></form><legend id='PVob7'></legend><bdo id='PVob7'><pre id='PVob7'><center id='PVob7'></center></pre></bdo></b><th id='PVob7'></th></span></q></dt></tr></i><div id='PVob7'><tfoot id='PVob7'></tfoot><dl id='PVob7'><fieldset id='PVob7'></fieldset></dl></div>
          <bdo id='PVob7'></bdo><ul id='PVob7'></ul>

        为什么 char[] 优于 String 的密码?

        时间:2023-07-28

        <small id='lRKCl'></small><noframes id='lRKCl'>

          <bdo id='lRKCl'></bdo><ul id='lRKCl'></ul>
            <tbody id='lRKCl'></tbody>
        • <legend id='lRKCl'><style id='lRKCl'><dir id='lRKCl'><q id='lRKCl'></q></dir></style></legend>
        • <i id='lRKCl'><tr id='lRKCl'><dt id='lRKCl'><q id='lRKCl'><span id='lRKCl'><b id='lRKCl'><form id='lRKCl'><ins id='lRKCl'></ins><ul id='lRKCl'></ul><sub id='lRKCl'></sub></form><legend id='lRKCl'></legend><bdo id='lRKCl'><pre id='lRKCl'><center id='lRKCl'></center></pre></bdo></b><th id='lRKCl'></th></span></q></dt></tr></i><div id='lRKCl'><tfoot id='lRKCl'></tfoot><dl id='lRKCl'><fieldset id='lRKCl'></fieldset></dl></div>
          <tfoot id='lRKCl'></tfoot>

                  本文介绍了为什么 char[] 优于 String 的密码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

                  问题描述

                  在 Swing 中,密码字段有一个 getPassword()(返回 char[])方法,而不是通常的 getText()(返回 String) 方法.同样,我遇到了一个建议不要使用 String 来处理密码.

                  In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String) method. Similarly, I have come across a suggestion not to use String to handle passwords.

                  为什么 String 在涉及密码时会对安全性构成威胁?使用char[]感觉不方便.

                  Why does String pose a threat to security when it comes to passwords? It feels inconvenient to use char[].

                  推荐答案

                  字符串是不可变的.这意味着一旦您创建了 String,如果另一个进程可以转储内存,则没有办法(除了 reflection) 你可以在 垃圾收集开始.

                  Strings are immutable. That means once you've created the String, if another process can dump memory, there's no way (aside from reflection) you can get rid of the data before garbage collection kicks in.

                  使用数组,您可以在完成后显式擦除数据.你可以用任何你喜欢的东西覆盖数组,密码不会出现在系统的任何地方,甚至在垃圾回收之前.

                  With an array, you can explicitly wipe the data after you're done with it. You can overwrite the array with anything you like, and the password won't be present anywhere in the system, even before garbage collection.

                  所以是的,这一个安全问题 - 但即使使用 char[] 也只会减少攻击者的机会之窗,而且它仅适用于这种特定类型的攻击.

                  So yes, this is a security concern - but even using char[] only reduces the window of opportunity for an attacker, and it's only for this specific type of attack.

                  如评论中所述,被垃圾收集器移动的数组可能会在内存中留下数据的杂散副本.我相信这是特定于实现的 - 垃圾收集器可能清除所有内存,以避免这种事情.即使是这样,仍然有一段时间 char[] 包含实际字符作为攻击窗口.

                  As noted in the comments, it's possible that arrays being moved by the garbage collector will leave stray copies of the data in memory. I believe this is implementation-specific - the garbage collector may clear all memory as it goes, to avoid this sort of thing. Even if it does, there's still the time during which the char[] contains the actual characters as an attack window.

                  这篇关于为什么 char[] 优于 String 的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持html5模板网!

                  上一篇:是否有(自动)方法来备份 Hudson CI 文件? 下一篇:Java:从 char 中解析 int 值

                  相关文章

                  最新文章

                  <i id='EIK8c'><tr id='EIK8c'><dt id='EIK8c'><q id='EIK8c'><span id='EIK8c'><b id='EIK8c'><form id='EIK8c'><ins id='EIK8c'></ins><ul id='EIK8c'></ul><sub id='EIK8c'></sub></form><legend id='EIK8c'></legend><bdo id='EIK8c'><pre id='EIK8c'><center id='EIK8c'></center></pre></bdo></b><th id='EIK8c'></th></span></q></dt></tr></i><div id='EIK8c'><tfoot id='EIK8c'></tfoot><dl id='EIK8c'><fieldset id='EIK8c'></fieldset></dl></div>
                1. <tfoot id='EIK8c'></tfoot>

                    <bdo id='EIK8c'></bdo><ul id='EIK8c'></ul>

                    1. <legend id='EIK8c'><style id='EIK8c'><dir id='EIK8c'><q id='EIK8c'></q></dir></style></legend>
                    2. <small id='EIK8c'></small><noframes id='EIK8c'>