关于Java字符串常量池 [英] Regarding Java String Constant Pool
问题描述
这是关于Java字符串常量池的。在我的一个程序中,我正在解密数据库的密码并将其存储在字符串中。我听说Java Strings将存储在一个常量池中,它们不会被VM重新启动或加载String Quits的ClassLoader破坏。
This is regarding the Java String Constant Pool. In one of my Programs i am decrypting the password for the database and storing it in a String. I heard that the Java Strings will be stored in a Constant pool and they won't be destroyed the VM restarts or the ClassLoader that loaded the String Quits.
如果它是我的密码将存储在字符串池中。我非常关心这个问题。有没有其他方法来摧毁这些文字或我能做的任何其他事情。
If it is the case my passwords will be stored in the String pool. I am Very concerned about this issue. Is there any other way to destroy these literals or anything else i can do.
请在此建议,
问候,
Sunny。
Regards, Sunny.
推荐答案
这里有几个不同的问题。首先,术语常量池是指字符串和数字文字的类文件的非常特定的部分,或者是从驻留在JVM中的这部分类文件生成的数据结构。密码不会存储在这里,除非它们是类文件的一部分。
There are several different issues at play here. First, the term "constant pool" refers to a very specific part of class files for string and numerical literals, or to the data structures generated from this part of class files that reside in the JVM. Password won't be stored here unless they're part of class files.
但是,一些String对象确实存储并通过String internment在整个程序中共享。任何字符串文字都会自动实现,就像调用intern()方法的任何字符串一样。据我所知,虽然没有其他字符串以这种方式存储,所以除非你自动实习自己输入密码的字符串,否则我认为你不必担心这个。
However, some String objects are indeed stored and shared throughout the program through String internment. Any string literal is automatically interned, as are any strings that you invoke the intern() method on. To the best of my knowledge, though, no other strings are stored this way, so unless you automatically intern the strings holding passwords yourself I don't think you need to worry about this.
需要注意的另一个问题是,如果您不希望密码驻留在内存中,则可能需要注意垃圾收集,因为不再引用的String仍可能在内存中。类似地,如果您使用某些字符串方法(如子字符串)共享字符串之间的支持表示,您可以在使用完毕后保留完整的密码字符串。
One other issue to be aware of is that if you don't want the passwords residing in memory, you may need to be careful about garbage collection since a String that is no longer referenced could still be in memory. Similarly, if you use certain string methods like substring that share backing representations between strings, you may keep around the full password string after you're done using it.
如果是你担心的是其他Java代码是否能够看到已被实习但仍然存在于内存中的旧密码,但是,您不必担心。没有办法迭代或查看实习字符串池的元素,或者破解打开字符串以查看其后备数组。
If what you're worried about is other Java code being able to see old passwords that have been interned or that still live in memory, though, you don't need to worry. There is no way to iterate or look at the elements of the interned string pool, or to crack open a String to see its backing array.
这篇关于关于Java字符串常量池的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
