Tip To Developers … Avoid Using Immutable Types for Passwords and Sensitive User Data

Here is a discussion with a developer on their code …

“Why have you stored the passwords as string?”, “Passwords are just strings. What’s the problem?”, “Well, strings are immutable objects”. “But I allocate a null string after I use it, so it’s okay!”, “But that doesn’t actually erase it from memory”. “Yes, it does”…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.