Hi,
Can someone tell me what’s the recommended way for securely getting a password in Vaadin?
I had a look to Vaadin PasswordField but this components uses String object to store the password behind the scene while it is absolutely not recommended for security reason. This is mainly due to the fact that Strings are immutable in Java and stored in Strings pool for reusability. So, there is no way to reset their value and they have a pretty high chance to remain in memory for a long time. A simple memory dump would then give access to all the entered passwords.
Is there any other alternative I could use that would enable me to have the password stored in a char and that doesn’t require creating a String in between? I’m a bit surprised I didn’t manage to find something out of the box for dealing with this in Vaadin. Am I missing something?
Thanks in advance,
Anne-Catherine