Java Software Engineer Question: Download Questions PDF
Tell us why would it be more secure to store sensitive data (such as a password, social security number, etc.) in a character array rather than in a String?
Answer:
In Java, Strings are immutable and are stored in the String pool. What this means is that, once a String is created, it stays in the pool in memory until being garbage collected. Therefore, even after you’re done processing the string value (e.g., the password), it remains available in memory for an indeterminate period of time thereafter (again, until being garbage collected) which you have no real control over. Therefore, anyone having access to a memory dump can potentially extract the sensitive data and exploit it.
In contrast, if you use a mutable object like a character array, for example, to store the value, you can set it to blank once you are done with it with confidence that it will no longer be retained in memory.
In contrast, if you use a mutable object like a character array, for example, to store the value, you can set it to blank once you are done with it with confidence that it will no longer be retained in memory.
Download Java Software Engineer Interview Questions And Answers
PDF
| Previous Question | Next Question |
| Can you give real world examples of when to use an ArrayList and when to use LinkedList? | Explain me what is the volatile keyword? How and why would you use it? |