How can I securely delete an object in Java from code?
In Java, When having objects that you need to securely dispose of, which
are the options?
Taking into account that:
a) You need some guarantee on when the object is disposed. Is calling
System.gc() the only/better option?
b) GC is not enough and you need to make sure the memory an object
instance is using is properly erased. One can first get references to the
internal object representation via reflection (get char[] inside a String)
and overwrite the data. However, this method requires an implementation
for each type of object.
Are better ways to make sure that passwords and private keys are not left
on RAM?
No comments:
Post a Comment