Description
Hey guys!
It would be pretty spiffy if the Java API provided additional functions to handle the password as a char[] throughout the duration of the string's lifecycle. Currently, the API uses String exclusively for handling the users password.
The Java Secure Coding Guide and JCE Guide both suggest the use of char [] for storing sensitive information, such as passwords. This is because the String object is immutable and cannot be overwritten once the operations are complete.
The goal here is to limit the extent to which sensitive information is sprayed about in memory.
I thought this might be a simple patch to contribute, but following the rabbit hole all the way down reveals even the SQL statement that keys the database uses a String in the native call.
execSQL("PRAGMA key = '" + password + "'");So, supporting a char[] would require adding additional methods for every one that takes a password. We could possibly re-implement the String versions in terms of the char[] versions by calling String.toCharArray().
Finally, I propose an additional native method along the lines of native_execSQL(char[] sql). Then this method could be used for the key and rekey statements.
I'm happy to implement this, but since it is rather invasive I figured I should propose it for discussion first.
Thoughts?