Internal representation of statements and results when typehandlers are used (are they ever set as strings? )
We're using mybatis to query a database which includes sensitive information. Security best practices recommend storing sensitive information in char and nulling the array as soon as possible. This brought up several questions regarding mybatis
1. When using a typehandler internally is the original data ever stored as a String?
2. When executing a query by using the @Select annotation and a map ( including the char ) is the query ever parsed to a String as an intermediate step?
3. Are the results from the database ever set to Strings as an intermediate step ( pretty similar to 1. but it could be possible that the data is never stored as a string, maybe it's cast to a String for some operation? Could be that the entire result comes back as a String initally? )
I had a look through the source but it would take me a long time to go through everything, I'm hoping someone who contributes to mybatis might be able to clarify.
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
For more options, visit https://groups.google.com/d/optout.