Character array for storing passwords in Java and character array for storing in java
Character arrays and strings can be used to store text data. However, it is difficult to answer this question if you choose a specific type. However, any string-related issues must be found in the string attributes, such as immutable. He used this method to persuade the interviewer. Here we will discuss some reasons why you should use char [] to Store Passwords instead of strings.
- Because the string is an immutable object, if it is used as a common text storage password, it will remain in the memory until it is recycled by the garbage collector. Because the string is extracted from the string pool (if this string exists in the pool, it is obtained directly from the pool; otherwise, a new string is obtained and then put into the pool ), there is a great opportunity to keep it in the memory for a long time, which will lead to security problems. Because anyone who can access the memory can dump the password in plaintext mode. In addition, you should always use encryption instead of plain text to represent the password. Because the string is immutable, there is no way to change its content. Any change will generate a new string. If char [] is used, you can set all elements to null or zero (here, the author means that after authentication, the array will no longer be used, and the original password can be overwritten with zero or null, prevent others from dumping out of the memory ). Therefore, using character arrays to Store Passwords can significantly reduce the risk of password theft.
- Java also recommends character arrays. The JpasswordField method getPassword () is to return a character array, and the getText () method is discarded due to security reasons, because it returns a plain text string. Follow the pace of the Java team.
- Printing strings in common text can also cause danger in log files or the console. However, if an array is used, you cannot print the content of the array, but its memory address. Although this is not the real reason, it is worth noting.
String strPassword="Unknown";char[] charPassword= new char[]{'U','n','k','w','o','n'};System.out.println("String password: " + strPassword);System.out.println("Character password: " + charPassword); String password: UnknownCharacter password: [C@110b053
All of the above are the reasons why character arrays are better than strings to save passwords, although using char [] is not safe. I also recommend that you replace plain text with hash or password encryption, and clear it as quickly as possible after authentication.
I am the dividing line of tiantiao
Reference: http://www.blogjava.net/hello-yun/archive/2013/11/05/406027.html
Java array storage data problems
Put the MAP in a range, for example, session. setAttributr ("map", map) in the session );
Then, on the JSP page, obtain <c: forEach items = "$ {map}" var = "map"> </c: forEach>
A simple example is provided:
<% @ Page language = "java" contentType = "text/html; charset = UTF-8"
PageEncoding = "UTF-8" import = "java. util. *" %>
<% @ Taglib prefix = "c" uri = "java.sun.com/jsp/jstl/core" %>
<! DOCTYPE html PUBLIC "-// W3C // dtd html 4.01 Transitional // EN" "www.w3.org/TR/html4/loose.dtd">
<Html>
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8">
<Title> Insert title here </title>
<% Map m = new HashMap ();
M. put ("a1", "123 ");
M. put ("a2", "123 ");
M. put ("a3", "123 ");
Session. setAttribute ("map", m );
%>
</Head>
<Body>
<Table border = "1" align = "center" bgcolor = "#808080"> <tr bgcolor = "green"> <th> User Name: </th> <th> password: </th> </tr>
<C: forEach items = "$ {map}" var = "entry">
<Tr> <td >$ {entry. key} </td>
<T ...... remaining full text>
Java uses an array to store the user name and password. Use a conditional statement to determine the login cycle. output the user name and password. Use switch to display the menu.
Public void login (){
String [] userNames = new String [] {"admin", "admin1"}; // Save the user name
String [] passWords = new String [] {"admin", "admin1"}; // Save the password
Boolean B = false;
Wrote input = new partition (System. in );
System. out. println ("Enter the account :");
String userName = input. next ();
System. out. println ("enter the password :");
String passWord = input. next ();
For (int I = 0; I <userNames. length; I ++ ){
If (userName. equals (userNames [I]) & passWord. equals (passWords [I]) {
B = true;
Break;
}
}
If (B = true ){
System. out. println ("select :");
System. out. println ("1 save 2 withdraw 3 Transfer 4 query 5 Exit ");
Integer choice = input. nextInt ();
Switch (choice ){
Case 1:
Break;
Case 2:
Break;
Case 3:
Break;
Default:
Break;
}
}
}