Paul Vargas Paul Vargas - 1 year ago 242
Java Question

Why getText() in JPasswordField was deprecated?

I never thought before, only I used the method

that returning an array of characters and I had seen the
method was deprecated. But now that I think, why this method was deprecated?.

The Java documentation explains:

Deprecated. As of Java 2 platform v1.2, replaced by

Fetches a portion of the text represented by the component. Returns an
empty string if length is 0.

For security reasons, this method is
deprecated. Use the
method instead.

But what are those security reasons? Any ideas about this?

Thank you in advance.

Answer Source

When calling getText you get a String (immutable object) that may not be changed (except reflection) and so the password stays in the memory until garbage collected.

When calling getPassword you get a char array that may be modified, so the password will really not stay in memory.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download