java中的owasp敏感数据预防
在我的代码中,我编写了以下行并获得了A6敏感数据暴露 - 堆检查
私人字符串密码;
我应该如何在java中为owasp敏感数据预防更改此代码?
答案 0 :(得分:0)
Still not clear which tool gave you this warning at this line (it is unlikely that it was the dependency check). I can only guess the tool wants passwords to be stored in a char[] rather than a String.
The reasoning is that you can overwrite the password with blanks if it is no longer needed and therefore minimise the chance that it shows up in heap dumps.