Paul Vargas Paul Vargas - 5 months ago 44
Java Question

Why getText() in JPasswordField was deprecated?

I never thought before, only I used the method

getPassword
that returning an array of characters and I had seen the
getText
method was deprecated. But now that I think, why this method was deprecated?.

The Java documentation explains:


Deprecated. As of Java 2 platform v1.2, replaced by
getPassword
.


Fetches a portion of the text represented by the component. Returns an
empty string if length is 0.

For security reasons, this method is
deprecated. Use the
getPassword
method instead.


But what are those security reasons? Any ideas about this?

Thank you in advance.

Answer

When calling getText you get a String (immutable object) that may not be changed (except reflection) and so the password stays in the memory until garbage collected.

When calling getPassword you get a char array that may be modified, so the password will really not stay in memory.

Comments