Java Security OAuth2: How to keep tokens and user info safe | بلاگ

Java Security OAuth2: How to keep tokens and user info safe

تعرفه تبلیغات در سایت

آخرین مطالب

امکانات وب

Vote count: 0

i have a question related with Security and how to keep safe sensitive information like passwords and tokens.

I was reading on the other day that to store passwords it is safer to use char[] instead of String because Strings are immutable and they will remain on the JVM String pool and there is a possibility of being .

Today i was designing a class to get an OAuth2 Token to access a secured resources. The token have an expiry date as we can see on the token response:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "access_token":"2YotnFZFEjr1zCsicMWpAA",
  "token_type":"Bearer",
  "expires_in":3600,
  "refresh_token":"tGzv3JOkF0XG5Qx2TlKWIA",
  "example_parameter":"example_value"
}

So I am thinking on not request another token unless it is expired, which it looks like it makes sense. This leaves me with some questions regarding how/where to keep:

  • Userid and secret (used to request the token)
  • Access Token

Is it safe to keep it on a class as Strings?

Would this be a good practice?

If not how can we keep this information safe?

What other things should we take in consideration regarding holding this kind of sensitive info?

Thank you very much for your help

asked 1 min ago
mpssantos

...
نویسنده : استخدام کار بازدید : 11 تاريخ : چهارشنبه 25 بهمن 1396 ساعت: 1:25