This question already has an answer here:
In a discussion one of our senior told that we should not use String for storing password in a Java project because it's a security risk. But it can be acceptable in C project. I did not get why he said that. Can anyone tell me why so?
Best How To :
In Java,Strings are immutable,so once you use String to store a password,there is no way that content can be changed because any change will produce new String. And the String which contains the password,will be available in memory until it got garbage collected. So it will be remain in memory for long duration which might be a security risk.
But in C language String is a null terminated character array and you can set all the array elements as blank or zero and thus the password will not be remain in memory.