Why do I use char[] instead of string when I use password?

Asked 2 years ago, Updated 2 years ago, 183 views

When you say "getText()" in "Swing", the return value is "String" If you look at the return value of the password field getPassword, it's char[].

If you look at that, String has security issues or uses it more than char[] I think it's because it's uncomfortable, is there an exact reason?

string security java passwords char

2022-09-22 22:38

1 Answers

Security reasons are the biggest. String is a constant, which means that once it is created and memory dumps, there is no way to erase the data until the garbage collector clears it.

When it is an array, you can initialize it once and erase or change the data at any time. If you overwrite the data in the array, the password is nowhere to be found.

That's why we use char [] to prevent certain strikers.

To put it simply 

    public static void main(String[] args) {
        Object pw = "Password";
        System.out.println("String: " + pw);

        pw = "Password".toCharArray();
        System.out.println("Array: " + pw);
    }

If you accidentally expose the password in these codes, the string is immediately output, but char[] is relatively safe. 

    String: Password
    Array: [C@5829428e

2022-09-22 22:38

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

548 PHP ssh2_scp_send fails to send files as intended

635 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

542 Unable to install versioned in Google Colab

547 rails db:create error: Could not find mysql2-0.5.4 in any of the sources

547 Who developed the "avformat-59.dll" that comes with FFmpeg?

© 2024 OneMinuteCode. All rights reserved.