[Previous entry: "A book on Peoplesoft for the Oracle DBA"] [Next entry: "A nice Windows internals website"]
Brian talks about why JPasswordField.getText() is deprecated
June 14th, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw Brian's interesting post on orablogs last night and made a note to have a look. Brian's post is titled "Why is JPasswordField.getText() deprecated?" and it discusses why the javadoc says to use the getPassword method instead. Basically Brian tells us it is because getPassword() returns a char[] and getText() returns a String. He goes on to explain why char[] is supposedly more secure with some simple examples and also how more often than not the use of a more secure API is undermined by further coding issues, i.e. assigning the char[] to a String later in the program.
Whilst this is a Java specific issue example wise it is a good example for those writing code in any language that handles application or database passwords. As Brian points out passwords could be grabbed from memory on the machine or from swap files. Nice post!
