12

I am currently learning JavaFX and I am a little bit confused about the fact that the PasswordField in JavaFX has no method which returns a char or even byte array of the password. Instead I have to use getText() which returns a String.

As you can read here swing decided to mark the getText() method as depricated and tells the programmer to use getPassword() instead, which returns a char array.

If I undestood correctly, then char arrays are far safer because you can erase them from RAM completly by setting all values to 0. Then why did Oracle decide to use strings in JavaFx? Is there some new way to remove strings from the heap?

EDIT: As far as I know char passwords are far saver because we can delete them when ever we want (overwriting them), which is not the case for Strings.

Community
  • 1
  • 1
Brotcrunsher
  • 121
  • 4
  • It sounds like you're saying there's no `getPassword()` method, only a `getText()` method, which you've read is deprecated recently. Are you using an out-of-date JavaFX lib? That could explain why you don't see that method available – Don Cheadle Apr 28 '15 at 15:43
  • @mmcrae No, the passwordField in JavaFX 8 has no getPassword Method, as you can see here: [link](https://docs.oracle.com/javase/8/javafx/api/toc.htm) – Brotcrunsher Apr 28 '15 at 15:48
  • 1
    I wouldn't say that char arrays are **far** safer. You're working in the VM's memory space regardless of data type. Take a look at this [related post](http://stackoverflow.com/questions/29368926/safe-way-to-get-password-from-passwordfield-in-javafx) and its comments for more information. – OttPrime Apr 28 '15 at 16:56
  • 2
    @OttPrime Char arrays are safer because you can overwrite them which means that the passwort is in ram for only a split second. – Brotcrunsher Apr 28 '15 at 17:11
  • 7
    If this is an important security concern for your application, my advice is to create your own SecurePasswordField class which does not store passwords in Strings and contribute it to the third party [ControlsFX project](http://fxexperience.com/controlsfx/). Perhaps somebody on the [JavaFX development mailing list](http://mail.openjdk.java.net/mailman/listinfo/openjfx-dev) could supply a reason for the current implementation if you choose to follow up there. – jewelsea Apr 28 '15 at 20:44

2 Answers2

2

What you are saying is absolutely right, you can't rely on the garbage collector. However, having a char[] allows you to programmatically clear the characters with for example: Arrays.fill(password, (char)0);

The char[] will still exist in memory, however the contents is gone.

I agree with the original author of the question, not having a method char[] getPassword() is not acceptable for a password field.

Ingo Karkat
  • 167,457
  • 16
  • 250
  • 324
uftapjech
  • 41
  • 6
0

Really, a string array uses a char array at its fundamental implementation. Both of them are stored in the VM, and both are possibly insecure.

If you don't want to rely on the garbage collector to clean up the passwords and destroy the traces, do what jewelsea suggested in the comments and write your own.

As to why? The only entity that can really answer why anything happens in Java is Oracle.

Ryan Goldstein
  • 523
  • 3
  • 14
  • 1
    A `char[]` is not insecure because the contents of the array can be overwritten to prevent the password from being extracted from memory. (as noted in the [other answer](https://stackoverflow.com/a/39221285/)). – dsh Sep 30 '20 at 21:50