问题描述

String secret="foo";
WhatILookFor.securelyWipe(secret);

我需要知道它不会被Java优化器删除.

And I need to know that it will not be removed by java optimizer.

推荐答案

不能擦除"字符串.它是一成不变的，缺少一些真正的肮脏和危险的技巧，您无法改变它.

A String cannot be "wiped". It is immutable, and short of some really dirty and dangerous tricks you cannot alter that.

因此，最安全的解决方案是不要首先将数据放入字符串中.请改用StringBuilder或字符数组，或使用其他不可变的表示形式.(然后在完成后清除它.)

So the safest solution is to not put the data into a string in the first place. Use a StringBuilder or an array of characters instead, or some other representation that is not immutable. (And then clear it when you are done.)

为记录起见，您可以通过两种方法来更改String的后备数组的内容.例如，您可以使用反射来获取对String的后备数组的引用，并覆盖其内容.但是，这涉及到执行JLS状态具有未指定行为的操作，因此您不能保证优化器不会做意外的事情.

For the record, there are a couple of ways that you can change the contents of a String's backing array. For example, you can use reflection to fish out a reference to the String's backing array, and overwrite its contents. However, this involves doing things that the JLS states have unspecified behaviour so you cannot guarantee that the optimizer won't do something unexpected.

我个人的看法是，最好锁定应用程序平台，以防止未经授权的人员一开始就无法访问内存/内存转储.毕竟，如果平台没有得到适当的保护，则坏蛋"可能能够在删除字符串之前获得其内容.对于少量的安全关键状态，可能需要采取这样的步骤，但是如果您要处理大量的机密"信息，则无法使用常规字符串和字符串处理将是一大麻烦.

My personal take on this is that you are better off locking down your application platform so that unauthorized people can't gain access to the memory / memory dump in the first place. After all, if the platform is not properly secured, the "bad guys" may be able to get hold of the string contents before you erase it. Steps like this might be warranted for small amounts of security critical state, but if you've got a lot of "confidential" information to process, it is going to be a major hassle to not be able to use normal strings and string handling.

这篇关于我如何安全地擦除Java内存中的机密数据，以确保不会对其进行“优化"?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！