JPasswordField and Console classes return the password as an array and a good practice is to blank out the array characters after making use of the password so that a memory dump won’t reveal the password. This is good. But then, today I am experimenting with JavaMail api and it has a PasswordAuthentication interface that has “public String getPassword()” method. Hmm, so what’s the point in ensuring that secure APIs are used only to make them non-secure in between? Sort of like loading a webpage using https but the form submitted getting posted to http.
On a side note, seems James Gosling said in a 2001 interview about Java
“One of the things that forced Strings to be immutable was security. You have a file open method. You pass a String to it. And then it’s doing all kind of authentication checks before it gets around to doing the OS call. If you manage to do something that effectively mutated the String, after the security check and before the OS call, then boom, you’re in. But Strings are immutable, so that kind of attack doesn’t work. That precise example is what really demanded that Strings be immutable. ”
Update: Now after all the effort I put in to still use System.console().readPassword() because useless on my Mac (OS X 10.6.3) because the “without echo” is not working (meaning the letters are echoing on the screen). Could be a problem with Apple’s version of Java or may be in the underlying OS X call. Don’t know, but now I am really annoyed.