string - Executing a process in Java with a password -


i have process needs run through java and, unfortunately password needs given process in plain-text.

since event transient , working behind massive firewalls, not worried password being transmitted subprocess this. little worried process , processbuilder classes take commands string objects, not char[] arrays. so, have rely on garbage collector destroy string objects @ discretion, allowing possibly take heap dump of program later , password.

its remote possibility, looking for:

  1. a better way start sub process not use string objects, char[]
  2. a way ensure string object destroyed after used.

(just note, due how process takes in commands, submitting password inital command way interact sub-process -- see this: java seems sending carriage returns sub-process? comments section in original post)

note- password not going main() function via commandline. password collected using swing jpasswordfield, being written processbuilder command array.

idea-- wonder if there way through reflection private final char[] value string , erase it?

i pursued idea of using reflection erase string.value parameter manually means of object destruction. think due!

  private void destroyme(string destroyme) {     try {       int len = destroyme.length();       field f = destroyme.getclass().getdeclaredfield("value");       f.setaccessible(true);       char[] stars = new char[len];       arrays.fill(stars, '*');       f.set(destroyme, stars);       f.setaccessible(false);     } catch (illegalargumentexception e) {       e.printstacktrace();     } catch (illegalaccessexception e) {       e.printstacktrace();     } catch (securityexception e) {       e.printstacktrace();     } catch (nosuchfieldexception e) {       e.printstacktrace();     }   } 

Comments

Popular posts from this blog

windows - Single EXE to Install Python Standalone Executable for Easy Distribution -

c# - Access objects in UserControl from MainWindow in WPF -

javascript - How to name a jQuery function to make a browser's back button work? -