Java Security OAuth2: How to keep tokens and user info safe

تعرفه تبلیغات در سایت
عنوان عکس
عنوان عکس
عنوان عکس
عنوان عکس
عنوان عکس

جستجوگر

یافته ها در جستجو

    امکانات وب

    آرشیو مطالب

    برچسب ها

    Vote count: 0

    i have a question related with Security and how to keep safe sensitive information like passwords and tokens.

    I was reading on the other day that to store passwords it is safer to use char[] instead of String because Strings are immutable and they will remain on the JVM String pool and there is a possibility of being .

    Today i was designing a class to get an OAuth2 Token to access a secured resources. The token have an expiry date as we can see on the token response:

    HTTP/1.1 200 OK
    Content-Type: application/json;charset=UTF-8
    Cache-Control: no-store
    Pragma: no-cache
    
    {
      "access_token":"2YotnFZFEjr1zCsicMWpAA",
      "token_type":"Bearer",
      "expires_in":3600,
      "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
      "example_parameter":"example_value"
    }
    

    So I am thinking on not request another token unless it is expired, which it looks like it makes sense. This leaves me with some questions regarding how/where to keep:

    • Userid and secret (used to request the token)
    • Access Token

    Is it safe to keep it on a class as Strings?

    Would this be a good practice?

    If not how can we keep this information safe?

    What other things should we take in consideration regarding holding this kind of sensitive info?

    Thank you very much for your help

    asked 1 min ago
    mpssantos

    نویسنده : استخدام کار بازدید : 8 تاريخ : چهارشنبه 25 بهمن 1396 ساعت: 1:25
    برچسب‌ها :
    اخبار و رسانه هاهنر و ادبیاترایانه و اینترنتعلم و فن آوریتجارت و اقتصاداندیشه و مذهبفوتو بلاگوبلاگ و وبلاگ نویسیفرهنگ و تاریخجامعه و سیاستورزشسرگرمی و طنزشخصیخانواده و زندگیسفر و توریسمفارسی زبان در دیگر کشورها