The most interesting thing of the moment: Frequently Asked Questions

Friday, January 13, 2006

Frequently Asked Questions

Frequently Asked Questions: "Question: Why are you using 'StringBuffer' instead of 'String' for passwords & text?
Answer:

Starting from beta 6, I've changed all passwords and text containers from Strings to StringBuffers.

The Java Virtual Machine uses a garbage collector (GC) to cleanup memory. In Java we don't have functions to clear the memory. In fact, it is possible that the GC is not called after an operation and that some (sensitive) information stays in memory. So we have to cleanup our 'mess' by ourselves.

In Java, Strings are immutable, they can't be changed after they were set. Even if we set the string to null and the GC is called it is not sure that this information is cleared from the memory. With StringBuffers or character arrays we can resize and reset data byte-per-byte. This is what I did, cleanup the StringBuffers after usage, so we are sure that sensitive information such as passwords are stored in memory only during the time needed (as less as possible)."

0 Comments:

Post a Comment

<< Home

This is my professional speaker notebook. It contains interesting notes on speeches, some of the speeches themselves. It also contains things that I find interesting that might be used in a future speech. Also includes any special or free offers I come across. Please see my profile for contact information.

Name: Matthew O. Smith

View my complete profile

Here is a list of the public speaking projects I am currently working on: