Hi everyone,
[For those who read the book
OCP: Oracle Certified Professional Java SE 8 Programmer II Study Guide, this is explained on page 441 in the box
Why Does readPassword() Return a Character Array?]
Can someone explain me why it would be unsecure to return the password as a
String in the method
Console.readPassword()? I don't see why the
String could go into the pool as it is not a literal. So it should be garbage collected as soon as it is not referenced anymore, right?
Is it related to the fact that
Strings are immutable and that they can just stay in memory as long as the memory has not been reallocated even if they are not referenced anymore?
Maybe I'm having trouble with the definition of
String pool. I read in the review question 2 on page 445:
Because Java puts all String values in a reusable pool
Is it really correct to say that? What about
Is it not only literals that are inserted into the pool?
Kind regards,
Guillaume