0 Replies Latest reply on Dec 20, 2005 2:21 PM by Lewis Gass

    Password & Sensitive Data Handling

    Lewis Gass Newbie

      In the instance an application was receiving some sensitive piece of data from a form submittal how could someone handle the issue of the information being in memory for some uncertain amount of time.

      I say this, due to the fact that tomcat will definitely store posted data into inmutable String objects. Even if from that point it is converted into a char[] array and handled securely it continues to live in the request object and who knows exactly when that would be get garbage collected.

      Is there any simple way currently or planned for the future to handle such a situation so that the application could destroy all instances of a sensitive piece of information at will?

      Thanks beforehand for any help / ideas