Why is char[] preferred over String for passwords?

后端 未结 17 3652
清歌不尽
清歌不尽 2020-11-21 04:34

In Swing, the password field has a getPassword() (returns char[]) method instead of the usual getText() (returns String)

17条回答
  •  野性不改
    2020-11-21 05:13

    Case String:

        String password = "ill stay in StringPool after Death !!!";
        // some long code goes
        // ...Now I want to remove traces of password
        password = null;
        password = "";
        // above attempts wil change value of password
        // but the actual password can be traced from String pool through memory dump, if not garbage collected
    

    Case CHAR ARRAY:

        char[] passArray = {'p','a','s','s','w','o','r','d'};
        // some long code goes
        // ...Now I want to remove traces of password
        for (int i=0; i

提交回复
热议问题