堆栈内存溢出
  简体   繁体   English

Java中的owasp敏感数据预防

[英]owasp sensitive data prevention in java

 原文  2016-04-25 07:46:40       java/ owasp

问题描述

owasp sensitive data prevention in java Java中的owasp敏感数据预防

In my code I wrote following line and got A6-Sensitive Data Exposure- Heap Inspection 在我的代码中,我编写了以下代码行,并获得了A6敏感数据公开-堆检查

private String password; 私有字符串密码;

How should I change this code for owasp sensitive data prevention in java? 我应该如何更改此代码以防止Java中的Owasp敏感数据?

1 个解决方案

解决方案1
 0  2016-04-25 08:51:53

Still not clear which tool gave you this warning at this line (it is unlikely that it was the dependency check). 仍不清楚在此行中哪个工具向您发出了此警告(不太可能是依赖性检查)。 I can only guess the tool wants passwords to be stored in a char[] rather than a String . 我只能猜测该工具希望将密码存储在char[]而不是String

The reasoning is that you can overwrite the password with blanks if it is no longer needed and therefore minimise the chance that it shows up in heap dumps. 原因是,如果不再需要密码,可以用空格覆盖,从而最大程度地减少了在堆转储中显示密码的机会。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java-存储敏感数据 - Java - store sensitive data 用Java加密敏感的应用程序数据 - Encrypting sensitive application data in Java java堆转储中的敏感数据 - Sensitive data in java heap dumps Java JNI Stackfall预防 - Java JNI stackfall prevention Java窗口复制预防 - Java Window Duplication Prevention 从Java程序存储/读取敏感数据 - Storing/Reading sensitive data from Java program 在运行时在Java(android)中存储敏感数据 - Storing sensitive data in java(android) at runtime 将敏感数据从C传递到Java - Passing sensitive data from C to Java java @JsonProperty 中的关联关系中隐藏敏感数据 - Hide sensitive data in an association relationship in java @JsonProperty Java:Owasp AntiSamy vs Owasp-java-html-sanitize - Java: Owasp AntiSamy vs Owasp-java-html-sanitize
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM