0

I'm writing a little Program to test the security of Java in general.

public char[] getPW(){
    return pwField.getPassword();
}

This method return an char array. But why is that so? Is there any concrete idea behind? Why doesn't it returns a String?

Pshemo
  • 122,468
  • 25
  • 185
  • 269
Mansouritta
  • 166
  • 1
  • 1
  • 10

1 Answers1

-1

Well. The point is, that the lifecycle of a String is a little bit special. All Strings are stored in a String Pool. When the reference is lost (dereferencing) for example when you say String = null; the String is still alive in the internal string pool (and can be accessed in a kind of way I don't know). That's the reason why passwords are stored in char[]. Since these objects are 'normal'.

Mansouritta
  • 166
  • 1
  • 1
  • 10
  • "*All Strings are stored in a String Pool.*" **No**, only literals are and strings you explicitly invoked `intern()` method. `new String("hello")` is not in string pool, `"hello"` is. – Pshemo May 30 '14 at 11:32
  • Why do you ask a question and answer it by yourself??! – sexyboy May 30 '14 at 11:33
  • well. @sexyboy this is a way to share the knowledge of java. – Mansouritta May 30 '14 at 11:34
  • 2
    @sexyboy [Answering own question](http://stackoverflow.com/help/self-answer) is [encouraged](http://blog.stackoverflow.com/2011/07/its-ok-to-ask-and-answer-your-own-questions/) as sharing knowledge. But like in case of all new questions, before you post it you should be first check if it is new/original question which already hand't been asked and answered. – Pshemo May 30 '14 at 11:42