Is java pass by value or pass by reference?

Java is Strictly Pass by Value.

Lets take an example for PRIMITIVE TYPE: Here an int is passed to the function “change()” as parameter and as a result the change in the value of that integer is not reflected in the main method.Because, Java creates a copy of the variable being passed in the method and then do the manipulations like in c/c++. Hence the change is not reflected in the main method.

And for the object type: In Java, all primitives like int, char, etc are similar to C/C++, but all non-primitives (or objects of any class) are always references. So it gets tricky when we pass object references to methods. Java creates a copy of references and pass it to method, but they still point to same memory reference. Mean if set some other object to reference passed inside method, the object from calling method as well its reference will remain unaffected. Actually java passes object reference as a value too.

Why wait and notify is declared in Object class instead of Thread ?

Suppose a gas station has a single toilet, the key for which is kept at the service desk. The toilet is a shared resource for passing motorists. To use this shared resource the prospective user must acquire a key to the lock on the toilet. The user goes to the service desk and acquires the key, opens the door, locks it from the inside and uses the facilities.

Meanwhile, if a second prospective user arrives at the gas station he finds the toilet locked and therefore unavailable to him. He goes to the service desk but the key is not there because it is in the hands of the current user. When the current user finishes, he unlocks the door and returns the key to the service desk. He does not bother about waiting customers. The service desk gives the key to the waiting customer. If more than one prospective user turns up while the toilet is locked, they must form a queue waiting for the key to the lock. Each thread has no idea who is in the toilet.

Why char array is preferred to store password than String in Java?

1) Strings are immutable: Strings are immutable in Java and therefore if a password is stored as plain text it will be available in memory until Garbage collector clears it and as Strings are used in String pool for re-usability there are high chances that it will remain in memory for long duration, which is a security threat. Strings are immutable and there is no way that the content of Strings can be changed because any change will produce new String.

With an array, the data can be wiped explicitly after its work is complete. The array can be overwritten and and the password won’t be present anywhere in the system, even before garbage collection.

2) Security: Any one who has access to memory dump can find the password in clear text. So Storing password in character array clearly mitigates security risk of stealing password.

3) Log file safety: With an array, one can explicitly wipe the data , overwrite the array and the password won’t be present anywhere in the system.
With plain String, there are much higher chances of accidentally printing the password to logs, monitors or some other insecure place. So char[] is less vulnerable.