How easy is it to steal something that remains to collect garbage?

Question

How easy is it to steal something that remains to collect garbage?

Why is getText() in JPasswordField deprecated?

In accordance with this answer on the above question, I realized that creating a String object containing a password is a security risk , as it can remain in memory for a while , and this is unchanged.

So I was wondering

How easy is it to get what hung around in memory , without reference or to remove garbage?
And how do you do it?

EDIT

When the question is suspended, please be kind enough to share your knowledge by adding a comment, and think about reopening the question if you think that it can receive interesting answers in the future. :)

+7

java garbage-collection string security memory

Roshana pitigala Jun 28 '17 at 14:53

source share

1 answer

J0hn · Answer 1 · 2017-06-28T14:57:33+0000

https://en.wikipedia.org/wiki/Heartbleed

This is a good real example of what things are in memory that are used for exploitation. There are different ways to do this, so it’s useful to just make sure that things that are valuable do not remain hanging. Usually these attacks are just fortune telling and verification. You just keep sending information and collecting bits of extra memory that you get in return.

How easy is it to steal something that remains to collect garbage?

More articles: