Geek Answers Handbook

Java data types: string and array

I was trained in the Sun Microsystem Java Tutorial and got some questions by reading the following:

I / O from the command line: console object

  "Second, readPassword returns a character array, not a String, so the password can be
  overwritten, removing it from memory as soon as it is no longer needed. "

My questions:

1) As for other data types, such as value data types (int, float, boolean, etc.) and reference types (user-defined objects, etc.), like different arrays and strings in Java?

2) Can you talk about the above statement about the character array and String?

PS:

Clarification to Q1: what I wanted to ask in Q1 was more about which arrays and strings are data types in Java ... I was easily confused with their object attributes when someone claims that strings and arrays are not objects in the strict sense of the word ...

+4
source share
3 answers

At the practical level, the main difference between String and char[] is that the instances of the former are immutable, and the instances of the latter are mutable. And of course, the String API offers a wide range of useful string manipulation methods.

So let's talk about linguistic similarities and differences.

First of all, (despite what you heard), string and array instances in Java are both objects. According to the Java language specification:

4.3.1 Objects An object is an instance of a class or an array.

Indicative values ​​(often just links) are pointers to these objects and a special null reference that does not apply to the object.

... where is the java.lang.String string class.

The linguistic difference between arrays and other types of objects is that the type of the array is not a normal Java class. For instance:

  • Array types are declared with a different syntax for regular classes.
  • array instances are created with a different syntax for regular class instances.
  • Array types cannot be named at the Java source code level.
  • You cannot declare a subtype / subclass of an array type.

But all types of arrays are (direct) subtypes of java.lang.Object , which means that you can (for example) assign an array to a variable of type Object and call methods in the object's API. (And there are some interesting things you can do with these methods to demonstrate the "objectivity" of the array ... but I'm distracted)

What about strings? As mentioned above, a string is an ordinary object that is an instance of the java.lang.String class. There is nothing unusual in this class from a linguistic point of view. It is declared as "final", so you cannot declare subtypes, but this is not unusual.

What makes String little special compared to other classes is that the Java language provides some linguistic constructs to support strings:

  • There is a special String syntax for getting strings whose contents can be determined at compile time.
  • The '+' operator is overloaded to support String concatenation.
  • Starting in Java 7, the switch supports the inclusion of String values.
  • The Java language specification defines / assumes that the java.lang.String class has certain properties and methods; for example, that strings are mutable, that there is a concat method, that string literals are interned.

By the way, the answer, which says that all line instances are stored in the row pool, is incorrect. Strings are only placed in the pool when they are interned, and this happens automatically only for string literals and for strings whose values ​​can be computed at compile time. (You can force an instance of a string to be interned by calling the String.intern() method, but this is a bit expensive and not a good idea at all.)

+4
source

A String stores its contents inside a chars array. You cannot manipulate this array directly (without reflection), since Strings are immutable.

The reason the password will be in char[] is because you can immediately overwrite it in memory. If it were in String , you would have to wait for the next garbage collection, and you will never know how long it will be; an attacker could potentially read it from memory before.

+4
source

As others have said, String does not change, so you cannot destroy it yourself. Even after garbage collection, the memory may still be intact. Thus, all security protocols define sensitive data as an array of bytes, so you can do this,

  char[] password = "secret"; // After using it for (int i; i < password.length; i++) password[i] = 0; password = null;
+1
source

More articles:


All Articles