4

I am writing a little web framework and I want to enable SSL encryption with a SSL key which will be supplied by the user.

This might seem overly cautious, but is it common to pass the password for the keystore file as a String passed in the parameters of a method?

This is what I had in mind:

public void enableSSL(String keystorePath, String keystorePassword) {
    // ... do things
}
TomTom
  • 2,662
  • 3
  • 26
  • 43

1 Answers1

3

It is always safer to store the password into character array than a string.

Please refer below query: Why is char[] preferred over String for passwords?

Also refer the below coding guide lines from oracle site: http://www.oracle.com/technetwork/java/seccodeguide-139067.html#2

Community
  • 1
  • 1
developer
  • 20,716
  • 8
  • 46
  • 63
  • 2
    Please mark this question as duplicate rather than trying to feed off someone elses's answer. – Dioxin Sep 08 '15 at 22:53