String或char []为使用JDBC时的密码? [英] String or char[] for password when using JDBC?
问题描述
这来自一个安全的观点。最佳实践说,不使用String来存储密码,而是使用char []。这是否适用于在任何时间使用密码?例如,使用JDBC时可以使用String来保存密码?
This comes from a security point of view.Best practice says not to use a String to store a password, but a char[]. Does this apply to using a password at any time? For example, it is acceptable to use a String to hold a password when using JDBC?
public final void Login(String username, String password){
...
conn = DriverManager.getConnection(url, username, password);
...
}
代替String?
推荐答案
我不知道我接受你的前提是 char []
比系统资源(例如JDBC数据库连接)的上下文中的String更安全。无论如何,您可以使用连接管理器(或连接池,取决于您的容器),然后连接管理器(和只有连接管理器)可以看到底层数据库用户名/密码。
I don't know that I accept your premise that a char []
is more secure than a String in the context of a system(s) resource (e.g. JDBC database connection). Regardless, you can use a connection manager (or connection pool, whichever is appropriate to your container) and then the connection manager (and only the connection manager) has visibility to the underlying databse username / password.
这篇关于String或char []为使用JDBC时的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!