How can I ensure the destruction of a String object in Java?

Question

An empoyee at my company needs to modify data from a SQL Server database through a program I made. The program used Windows authentication at first, and I asked the DBAs to

Answer 1

If the string is not being held onto by JDBC driver manager (a big if), I wouldn't worry about forcing its destruction. A modern JVM, still runs the garbage collection fairly promptly even with plenty of available memory. The issue is whether garbage collection is effective "secure erase". I doubt that it is. I would guess that it simply forgets the reference to that memory location and doesn't zero anything out.

Answer 2

Interesting question. Some googeling revealed this: http://securesoftware.blogspot.com/2009/01/java-security-why-not-to-use-string.html. According to the comment, it won't make a difference.

What happens, if you dont store the String in a variable but pass it via new String(char[])?

Answer 3

So, here's the bad news. i'm surprised no one has mentioned it yet. with modern garbage collectors, even the whole char[] concept is broken. regardless of whether you use a String or a char[], the data can end up living in memory for who-knows-how-long. why is that? because modern jvms use generational garbage collectors which, in short, copy objects all over the place. so, even if you use a char[], the actual memory it uses could get copied to various locations in the heap, leaving copies of the password everywhere it goes (and no performant gc is going to zero out old memory). so, when you zero out the instance you have at the end, you are only zeroing out the latest version in memory.

long story, short, there's no bulletproof way to handle it. you pretty much have to trust the person.