Jim_Manico wrote:No. Only String literals and those Strings on which you call intern() end up in the constant pool. However...
Great line of questioning, Cedric.
My question is, if I have a String that I create in a local function where a user provides me his password, will that password become cached in the String Pool?
Will this be in plain text for someone with a "ram inspector" to easily see?...Yes, it will. Regardless of whether it's cached, Strings are immutable, so you have no way* to clear out that String object's characters. Once it's GCed, the memory may be re-used, but you have no idea when that will be, if ever.