问题
I read several articles and posts about security regarding (note Comparing input password to stored hashed password in a web app or Why is char[] preferred over String for passwords?
Since to retrieve a parameter value from request uses request.getParameter("passwordFieldName") which returns a String, is there any option to retrieve a parameter from request as a char[]?
回答1:
Unfortunately I know of no way.
The request parameters are already loaded, hopefully internally as reused byte[] or char[]. But then?
So maybe one should reimplement a bit of HTTP server? Not me.
You could on the client side split the password in more than one variable and encrypt them. Whether that is better?
If you do not trust your server platform, better use OpenID or an other delegated authentication.
回答2:
You can just use the String's method toCharArray to convert it into a char[].
String str = request.getParameter("passwordFieldName");
char[] pwArr = str.toCharArray();
See the docs for more info.
来源:https://stackoverflow.com/questions/18337783/is-possible-to-user-char-instead-of-strings-in-a-servlet-for-password-storing