如何确保在Java中销毁String对象? [英] How can I ensure the destruction of a String object in Java?
问题描述
我公司的员工需要通过我编写的程序来修改SQL Server数据库中的数据.该程序最初使用Windows身份验证,我要求DBA授予该特定用户对该数据库的写访问权限.
他们不愿意这样做,而是给了 my Windows用户帐户写权限.
由于我信任该家伙,但不足以让他在打开会话的情况下工作90分钟,因此我将在程序中添加一个登录提示,询问用户名和密码的组合,然后使用它登录SQL Server .我将登录,并信任我的应用程序,以允许他仅执行他需要做的事情.
但是,这带来了小的安全风险.在 Sun 上的密码字段教程 Oracle网站指出,密码应在内存中保留最短的时间,为此,getPassword方法返回一个char[]数组,使用完该数组即可为零.
但是,Java的DriverManager类仅接受String对象作为密码,因此一旦完成密码处理,我将无法立即将其丢弃.而且由于我的应用程序在分配和内存需求上还很低,因此谁知道它在内存中可以保留多长时间?如上所述,该程序将运行相当长的时间.
当然,我无法控制使用密码进行的SQL Server JDBC类的任何操作,但我希望可以控制使用密码进行的我.
是否存在使用Java销毁/清零String对象的可靠方法?我知道两者都与语言相对(对象破坏是不确定的,并且String对象是不可变的),并且System.gc()也是某种不可预测的,但是仍然;有什么主意吗?
所以,这是个坏消息.我很惊讶没有人提到它.在现代垃圾收集器中,甚至整个char []概念都被破坏了.不管您使用String还是char [],数据最终都会存在谁知道多少时间的内存中.这是为什么?因为现代的jvm使用世代垃圾收集器,简而言之,它们在整个地方复制对象.因此,即使您使用char [],它使用的实际内存也可能会复制到堆中的各个位置,从而使密码的副本无处不在(并且没有执行者gc会将旧内存归零).因此,当您将最后拥有的实例清零时,您只是将内存中的最新版本清零.
长话短说,没有防弹方法来处理它.您几乎必须信任该人.An empoyee at my company needs to modify data from a SQL Server database through a program I made. The program used Windows authentication at first, and I asked the DBAs to give this specific user write access to said database.
They were not willing to do this, and instead gave write access to my Windows user account.
Since I trust the guy but not enough to let him work 90 minutes with my session open, I'll just add a login prompt to my program, asking for a username and password combination, and log in to SQL Server with it. I'll log in, and trust my application to let him do only what he needs to.
This, however, raises a small security risk. The password fields tutorial over SunOracle's site states that passwords should be kept the minimum amount of time required in memory, and to this end, the getPassword method returns a char[] array that you can zero once you're done with it.
However, Java's DriverManager class only accepts String objects as passwords, so I won't be able to dispose of the password as soon as I'm done with it. And since my application is incidentally pretty low on allocations and memory requirements, who knows how long it'll survive in memory? The program will run for a rather long time, as stated above.
Of course, I can't control whatever the SQL Server JDBC classes do with my password, but I hoped I could control what I do with my password.
Is there a surefire way to destroy/zero out a String object with Java? I know both are kind of against the language (object destruction is non-deterministic, and String objects are immutable), and System.gc() is kind of unpredictable too, but still; any idea?
So, here's the bad news. i'm surprised no one has mentioned it yet. with modern garbage collectors, even the whole char[] concept is broken. regardless of whether you use a String or a char[], the data can end up living in memory for who-knows-how-long. why is that? because modern jvms use generational garbage collectors which, in short, copy objects all over the place. so, even if you use a char[], the actual memory it uses could get copied to various locations in the heap, leaving copies of the password everywhere it goes (and no performant gc is going to zero out old memory). so, when you zero out the instance you have at the end, you are only zeroing out the latest version in memory.
long story, short, there's no bulletproof way to handle it. you pretty much have to trust the person.
这篇关于如何确保在Java中销毁String对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
