Re: Where is the password?

Jan Luehe (luehe@laguna.eng.sun.com)
Fri, 23 Oct 1998 13:22:23 -0700 (PDT)

Luke:

> 1. Capturing a password as a string is insecure (note that the swing
> JPasswordField has recognized this).

Note that JCE has recognized this, too, in the context of password-based
encryption.

Download the JCE 1.2 software from

http://developer.javasoft.com/developer/earlyAccess/jdk12/jce.html

Extract the API users guide (API_users_guide.html) and go to the
"Using Password-Based Encryption" section in the Code Examples.

The sample program there shows you how to collect a password as
a char[].

Jan