Skip to content
This repository has been archived by the owner on Apr 5, 2022. It is now read-only.

risk of hacking tokens as String #229

Open
enricjaen opened this issue Mar 10, 2017 · 0 comments
Open

risk of hacking tokens as String #229

enricjaen opened this issue Mar 10, 2017 · 0 comments

Comments

@enricjaen
Copy link

enricjaen commented Mar 10, 2017
edited
Loading

Currently tokens are stored in memory as String, which suppose a risk if an intruder is able to dump the heap

public class AccessGrant implements Serializable {
	private final String accessToken;
	private final String refreshToken;
...
}

It is recommended to use byte or char arrays to be able to handle tokens securely, so the tokens can be nulled once they are not needed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@enricjaen