Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A book on Peoplesoft for the Oracle DBA"] [Next entry: "A nice Windows internals website"]

Brian talks about why JPasswordField.getText() is deprecated



I saw Brian's interesting post on orablogs last night and made a note to have a look. Brian's post is titled "Why is JPasswordField.getText() deprecated?" and it discusses why the javadoc says to use the getPassword method instead. Basically Brian tells us it is because getPassword() returns a char[] and getText() returns a String. He goes on to explain why char[] is supposedly more secure with some simple examples and also how more often than not the use of a more secure API is undermined by further coding issues, i.e. assigning the char[] to a String later in the program.

Whilst this is a Java specific issue example wise it is a good example for those writing code in any language that handles application or database passwords. As Brian points out passwords could be grabbed from memory on the machine or from swap files. Nice post!