Having passwords in Strings is unavoidable at the moment especially as that is how they are represented within headers - however API where passwords are concerned should still follow recommended practices so that we can clear the password representation.
Deprecate login method on SecurityContext and overload with method that taked char[] for the password.
- Darran Lofthouse
- Darran Lofthouse
- Votes:
-
0 Vote for this issue
- Watchers:
-
2 Start watching this issue
- Created:
- Updated:
- Resolved: