Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sensitive data in a String object, making it impossible to reliably purge the data from memory #234

Closed
TomSchalld opened this issue Jan 17, 2020 · 1 comment · Fixed by #242
Closed

Sensitive data in a String object, making it impossible to reliably purge the data from memory #234

TomSchalld opened this issue Jan 17, 2020 · 1 comment · Fixed by #242
Labels
bug This points to a verified bug in the code

Comments

@TomSchalld
Copy link

Description

AuthAPI.java handles passwords as String. Passwords should be accepted only as char[] so that they can't be extracted from memory.

Environment

  • Version of this library used: 1.15.0
@lbalmaceda lbalmaceda added the needs investigation An issue that has more questions to answer or otherwise needs work to fully understand the issue label Apr 3, 2020
@lbalmaceda
Copy link
Contributor

Thanks for pointing this out. We're going to investigate and evaluate the impact.

@jimmyjames jimmyjames added bug This points to a verified bug in the code and removed needs investigation An issue that has more questions to answer or otherwise needs work to fully understand the issue labels Apr 7, 2020
@jimmyjames jimmyjames mentioned this issue Apr 7, 2020
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This points to a verified bug in the code
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use char array for passwords jimmyjames/auth0-java
3 participants
@jimmyjames @lbalmaceda @TomSchalld