Character array for storing passwords in Java and character array for storing in java

Source: Internet
Author: User

Character array for storing passwords in Java and character array for storing in java

Character arrays and strings can be used to store text data. However, it is difficult to answer this question if you choose a specific type. However, any string-related issues must be found in the string attributes, such as immutable. He used this method to persuade the interviewer. Here we will discuss some reasons why you should use char [] to Store Passwords instead of strings.

  • Because the string is an immutable object, if it is used as a common text storage password, it will remain in the memory until it is recycled by the garbage collector. Because the string is extracted from the string pool (if this string exists in the pool, it is obtained directly from the pool; otherwise, a new string is obtained and then put into the pool ), there is a great opportunity to keep it in the memory for a long time, which will lead to security problems. Because anyone who can access the memory can dump the password in plaintext mode. In addition, you should always use encryption instead of plain text to represent the password. Because the string is immutable, there is no way to change its content. Any change will generate a new string. If char [] is used, you can set all elements to null or zero (here, the author means that after authentication, the array will no longer be used, and the original password can be overwritten with zero or null, prevent others from dumping out of the memory ). Therefore, using character arrays to Store Passwords can significantly reduce the risk of password theft.
  • Java also recommends character arrays. The JpasswordField method getPassword () is to return a character array, and the getText () method is discarded due to security reasons, because it returns a plain text string. Follow the pace of the Java team.
  • Printing strings in common text can also cause danger in log files or the console. However, if an array is used, you cannot print the content of the array, but its memory address. Although this is not the real reason, it is worth noting.
String strPassword="Unknown";char[] charPassword= new char[]{'U','n','k','w','o','n'};System.out.println("String password: " + strPassword);System.out.println("Character password: " + charPassword);  String password: UnknownCharacter password: [C@110b053

All of the above are the reasons why character arrays are better than strings to save passwords, although using char [] is not safe. I also recommend that you replace plain text with hash or password encryption, and clear it as quickly as possible after authentication.

I am the dividing line of tiantiao

 

Reference: http://www.blogjava.net/hello-yun/archive/2013/11/05/406027.html


Java array storage data problems

Put the MAP in a range, for example, session. setAttributr ("map", map) in the session );
Then, on the JSP page, obtain <c: forEach items = "$ {map}" var = "map"> </c: forEach>

A simple example is provided:
<% @ Page language = "java" contentType = "text/html; charset = UTF-8"
PageEncoding = "UTF-8" import = "java. util. *" %>
<% @ Taglib prefix = "c" uri = "java.sun.com/jsp/jstl/core" %>
<! DOCTYPE html PUBLIC "-// W3C // dtd html 4.01 Transitional // EN" "www.w3.org/TR/html4/loose.dtd">
<Html>
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8">
<Title> Insert title here </title>
<% Map m = new HashMap ();
M. put ("a1", "123 ");
M. put ("a2", "123 ");
M. put ("a3", "123 ");
Session. setAttribute ("map", m );
%>
</Head>
<Body>
<Table border = "1" align = "center" bgcolor = "#808080"> <tr bgcolor = "green"> <th> User Name: </th> <th> password: </th> </tr>
<C: forEach items = "$ {map}" var = "entry">
<Tr> <td >$ {entry. key} </td>
<T ...... remaining full text>

Java uses an array to store the user name and password. Use a conditional statement to determine the login cycle. output the user name and password. Use switch to display the menu.

Public void login (){
String [] userNames = new String [] {"admin", "admin1"}; // Save the user name
String [] passWords = new String [] {"admin", "admin1"}; // Save the password
Boolean B = false;
Wrote input = new partition (System. in );
System. out. println ("Enter the account :");
String userName = input. next ();
System. out. println ("enter the password :");
String passWord = input. next ();
For (int I = 0; I <userNames. length; I ++ ){
If (userName. equals (userNames [I]) & passWord. equals (passWords [I]) {
B = true;
Break;
}
}

If (B = true ){
System. out. println ("select :");
System. out. println ("1 save 2 withdraw 3 Transfer 4 query 5 Exit ");
Integer choice = input. nextInt ();
Switch (choice ){
Case 1:
Break;
Case 2:
Break;
Case 3:
Break;
Default:
Break;
}
}
}

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.