Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does JavaFx PasswordField return it contents as a String? [duplicate]

I am currently learning JavaFX and I am a little bit confused about the fact that the PasswordField in JavaFX has no method which returns a char or even byte array of the password. Instead I have to use getText() which returns a String.

As you can read here swing decided to mark the getText() method as depricated and tells the programmer to use getPassword() instead, which returns a char array.

If I undestood correctly, then char arrays are far safer because you can erase them from RAM completly by setting all values to 0. Then why did Oracle decide to use strings in JavaFx? Is there some new way to remove strings from the heap?

EDIT: As far as I know char passwords are far saver because we can delete them when ever we want (overwriting them), which is not the case for Strings.

like image 842
Brotcrunsher Avatar asked Apr 28 '15 15:04

Brotcrunsher


1 Answers

What you are saying is absolutely right, you can't rely on the garbage collector. However, having a char[] allows you to programmatically clear the characters with for example: Arrays.fill(password, (char)0);

The char[] will still exist in memory, however the contents is gone.

I agree with the original author of the question, not having a method char[] getPassword() is not acceptable for a password field.

like image 149
uftapjech Avatar answered Sep 17 '22 15:09

uftapjech