Sensitive Data In Memory

Question

I\'m working on a Java password manager and I currently have all of the user\'s data, after being decrypted from a file, sitting around in memory at all times and stored pla

Answer 1

Yes it certainly is, especially since you quite trivially can debug an application. Most code dealing with encryption and unsafe data use char arrays instead of strings. By using char arrays, you can overwrite the memory with sensitive details, limiting the lifetime of the sensitive data.