• Post Reply Bookmark Topic Watch Topic
  • New Topic

Will the Password be stored in RAm memory?  RSS feed

 
Pooja Dornadhula
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I my application the password captured during login is encryped with a random genarated number in jsp and sent to server. Will the password entered in the login jsp form filed before encryption is availbale for any hacker in clear text in System memory or browser memory or RAM?

If so please help me how to avoid that.

Thank you
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Pooja Dornadhula:
in jsp and sent to server.


JSPs are on the server.
Are you doing your encryption on the client, in Javascript?
 
Nicholas Jordan
Ranch Hand
Posts: 1282
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, you need to answer what Ben has asked, but in general the password will be in ram - it has to be somewhere. You cannot control ( on contemporary popular commercial operating systems ) when and if that ram may be paged out but seeking and finding such pagings are well beyond the skills of most users.

If you have taken a password in, be sure you take it in a char[] ~ not a String Object. As soon as the password comes in, use it and do char[pos]=' ';// as the next line of code after whatever use the password has.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!