Why getText() in JPasswordField was deprecated?

java swing jpasswordfield

Solution 1:

When calling getText you get a String (immutable object) that may not be changed (except reflection) and so the password stays in the memory until garbage collected.

When calling getPassword you get a char array that may be modified, so the password will really not stay in memory.

Solution 2:

Try this :

String myPass=String.valueOf(passwordField.getPassword());

Solution 3:

The reason for this is that if you ask for the password as a String rather than as a character array, this string containing the password is now going to float around in the Java runtime's memory for some unspecified amount of time. It may be conceivably read from there by a rogue Java component or external program.

By using a char array instead, you can verify the password and then scramble it immediately.

Related

Add JsonArray to JsonObject
How to get ScrollBars in SVG?
How to link to the C math library with CMake?
Adding a JAR to an Eclipse Java library
How to fire a button click event from JavaScript in ASP.NET
SQL Server UNION - What is the default ORDER BY Behaviour
Setupterm could not find terminal, in Python program using curses
OverflowError: long int too large to convert to float in python
How to write data to two java.io.OutputStream objects at once?
How to use std::async on a member function?
How to keep console window open
Why does this Java regex cause "illegal escape character" errors?