为什么不是DriverManager.getConnection(String url,String user,char [] password)?
我们知道,比起java.lang.String更喜欢char []来存储密码是一个很好的习惯。这是因为以下两个原因(如我所读):
We know it's a good practice to prefer char[] over java.lang.String to store passwords. That's for the following two reasons (as I have read):
- char []是可变的,所以我们可以在使用后清除密码。
- 字符串字面值转到一个池,不会将其作为其他对象收集,因此可能会显示在内存转储中。
但是java.sql.DriverManager没有符合上述最佳实践的getConnection(),因为它的密码参数是String。
But java.sql.DriverManager doesn't have a getConnection() that comply with the above best practice because its password parameter is String.
DriverManager.getConnection(String url,String user,String password)
DriverManager.getConnection(String url, String user, String password)
我认为API具有以下签名的重载方法:
I think the API should have an overloaded method with the following signature:
DriverManager.getConnection(String url,String user, char [] )
你对此有何看法?
很想听听你的想法。
字符串文字进入池,但我不会指望密码是一个文字(在程序中硬编码)。我希望它来自一个配置或类似的。因此,它不会是一个字面值,并且将获得垃圾收集(如果所有引用都被分箱)。
String literals go in a pool, but I wouldn't expect the password to be a literal (hardcoded in the program). I would expect it to come from a configuration or similar. As such it won't be a literal and will get garbage collected (provided all references are binned).