使用 JDBC 时密码的字符串或字符 []?
这是从安全的角度出发的.最佳实践是不要使用字符串来存储密码,而是使用 char[].这是否适用于任何时候使用密码?例如,使用 JDBC 时是否可以使用 String 来保存密码?
This comes from a security point of view.Best practice says not to use a String to store a password, but a char[]. Does this apply to using a password at any time? For example, it is acceptable to use a String to hold a password when using JDBC?
public final void Login(String username, String password){
...
conn = DriverManager.getConnection(url, username, password);
...
}
或者这里可以使用 char[] 来代替字符串吗?
Or could a char[] be used here in place of the String?
推荐答案
我不知道我是否接受你的前提,即 char []
在 a 的上下文中比 String 更安全系统资源(例如 JDBC 数据库连接).无论如何,您都可以使用连接管理器(或连接池,以适合您的容器为准),然后连接管理器(并且只有连接管理器)可以看到底层数据库用户名/密码.
I don't know that I accept your premise that a char []
is more secure than a String in the context of a system(s) resource (e.g. JDBC database connection). Regardless, you can use a connection manager (or connection pool, whichever is appropriate to your container) and then the connection manager (and only the connection manager) has visibility to the underlying databse username / password.
相关文章