Irretrievably destroying data in Java

Question

Is there anyway in Java to delete data (e.g., a variable value, object) and be sure it can\'t be recovered from memory? Does assigning null to a variable in Jav

Answer 1

Primitive data (byte, char, int, double) and arrays of them (byte[], ...) are erasable by writing new random content into them.

Object data have to be sanitized by overwriting their primitive properties; setting a variable to null just makes the object available for GC, but not immediately dead. A dump of VM will contain them for anyone to see.

Immutable data such as String cannot be overwritten in any way. Any modification just makes a copy. You shall avoid keeping sensitive data in such objects.

P.S. If we talk about passwords, it's better to use crypto-strong hash functions (MD5, SHA1, ...), and never ever work with passwords in clear text.