Java Doc 建议不要使用 JPasswordField.getText()
2012-06-26 14:53
239 查看
转载自:http://blog.csdn.net/heyuqi100/article/details/1424166
想得到用户在 Java Swing 中的 JPasswordField 控件中输入的密码内容,应该使用 JPasswordField.getPassword() ,而不是 JPasswordField.getText() 。因为安全的原因,JavaDoc
中就是如此建议的:
For security reasons, this method is deprecated. Use the getPassword method instead.
getPassword() 与 getText() 的差别在于 getPassword 返回的是一个 char[] ,getText() 返回一个 String 。
咋一想,要是有人想查看内存( 包括物理主存与交换文件 )里的内容,String 与 char[] 在安全上是没什么区别的。
但是两者最大的区别是不可变性。 String 是一个不可变的对象。一旦被分配内存空间,String 里的字符就不可改变了。如此,这个 String 对象还会在你使用完它后,还会内存中停留上一段时间。然而 char[] 就不一样了,你可以在使用完这个字符数组后,把所有的字符改成
'/0'。
// HPasswordField.java
package heyuqi.swing;
import java.util.Arrays;
import javax.swing.JPasswordField;
/* Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
想得到用户在 Java Swing 中的 JPasswordField 控件中输入的密码内容,应该使用 JPasswordField.getPassword() ,而不是 JPasswordField.getText() 。因为安全的原因,JavaDoc
中就是如此建议的:
For security reasons, this method is deprecated. Use the getPassword method instead.
getPassword() 与 getText() 的差别在于 getPassword 返回的是一个 char[] ,getText() 返回一个 String 。
咋一想,要是有人想查看内存( 包括物理主存与交换文件 )里的内容,String 与 char[] 在安全上是没什么区别的。
但是两者最大的区别是不可变性。 String 是一个不可变的对象。一旦被分配内存空间,String 里的字符就不可改变了。如此,这个 String 对象还会在你使用完它后,还会内存中停留上一段时间。然而 char[] 就不一样了,你可以在使用完这个字符数组后,把所有的字符改成
'/0'。
My Code:
// HPasswordField.javapackage heyuqi.swing;
import java.util.Arrays;
import javax.swing.JPasswordField;
/* Copyright (C) 1999, 2002 Free Software Foundation, Inc.
This file is part of GNU Classpath.
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Classpath; see the file COPYING. If not, write to the
Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA.
Linking this library statically or dynamically with other modules is
making a combined work based on this library. Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module. An independent module is a module which is not derived from
or based on this library. If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so. If you do not wish to do so, delete this
exception statement from your version. */
相关文章推荐
- Java Doc 建议不要使用 JPasswordField.getText()
- Java Doc 建议不要使用 JPasswordField.getText()
- Java Doc 建议不要使用 JPasswordField.getText()
- Java Doc 建议不要使用 JPasswordField.getText()
- 不建议使用JPasswordField.getText()
- 使用@jsonField失效?springBoot@jsonformat引起的时区问题,但是,这个要写死了!我就是不要这个时区。
- PHP官方建议我们不要使用Worker模式下的Apache2来运行PHP
- 改善C++ 程序的150个建议学习之建议15:尽量不要使用可变参数
- C#和C++性能差距巨大,在高耗能和低性能设备上强烈建议不要使用
- 基本原则:强烈建议在站点中不要使用window.open方法
- 谷歌建议不要在内部链接中使用nofollow
- js中数组遍历for与for in区别(强烈建议不要使用for in遍历数组)
- 强烈建议不要使用include_once/require_once
- 建议119:不要使用自己的加密算法
- 写高质量OC代码52建议总结:36.不要使用retainCount
- 编写高质量代码改善C#程序的157个建议——建议119:不要使用自己的加密算法
- 基本原则:强烈建议在站点中不要使用window.open方法
- 写高质量OC代码52建议总结:46.不要使用dispatch_get_current_queue
- 互联网公司mysql不要使用join,建议service层采用in等子查询
- Linq 查询内建议不要使用运算语句!