The PasswordTextBox results in an <input type='password'> element on the page which is handled by the browser in the same way all other such password boxes.
And, to be a bit pedantic..If you assume an attacker has access to the address space of your program, then what would stop him from reading said characters at the time of password entry? The security issues you should be worried about are things like cross-site scripting attacks. On Tue, Aug 31, 2010 at 4:24 PM, drtman <[email protected]> wrote: > According to at least one source, passwords should not be stored as > strings in Java since they are immutable and could be readable from > memory later even if the reference is nulled. So I was wondering how > PasswordTextBox maintains its value under the hood? I know that > getText() returns a string but is it coming from an instance variable > maintained on the class? If so I was thinking of writing my own class > that uses a keypress event handler to maintain a char array which is > more secure since it can be nulled out. > > Just curious what anyone else's thoughts are on this. > > -- > You received this message because you are subscribed to the Google Groups > "Google Web Toolkit" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-web-toolkit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-web-toolkit?hl=en. > > -- Chris Conroy Software Engineer Google, Atlanta -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
