Reputation: 597
complementing suitable security layer for JPasswordField
In my software I provide tools for FTP login. I used JPasswordField for the password part of the login panel. However it is recommended to set each char of the array of the JPasswordField to 0 for keeping it secure. However I am not sure if it applies my case. This is my method to get password:
public String getPassword(){
char[] password = passwordField.getPassword();
String passStr = "";
for(int i=0; i< password.length; i++){
passStr += password[i];
password[i] = 0;
}
return passStr;
}
Is it the right way of getting password from JPasswordField? As you can see I set each char to 0 after I get its value, but how ever the variable passStr holds the whole password, so I am kinda not sure if the login of keeping it secure is correct here.
So can you please check the code and let me know if it is the correct implementation for such a situation?
Upvotes: 1
Views: 67
Answers (1)
Reputation: 310980
The idea is not to have the String at all. Just use the chars, and zero them when you're finished with them. You should be able to pass the char[] around all the way to the FTP socket.
Upvotes: 3
Related Questions
- How to encrypt/decrypt a password from a JPasswordField Java
- Java JPasswordField
- How do I make my JPasswordField use a specific password?
- Working with JPasswordField and its getText/getPassword method
- Working with JPasswordField and handling the password with getPassword + server login procedure
- JPasswordField security with action command
- JPasswordField how to set password
- JPasswordField validation
- Adding a password field - GUI
- Is it possible to protect my JPasswordField against keyloggers