Good afternoon,
It turns out that today I was doing a login form with java for the first time.
To recover the password I was going to use the getText () method, but I have seen that it is in disuse since it returns a String and that would make it stay in memory for a long time so it is a vulnerability. Instead I've seen that there is the getPassword () method that returns an array of characters.
I have the problem when I want to compare the array that it returns, with a password that I retrieve from the database in type String.
The doubts are as follows:
- Is it correct to recover the password of the database as String? I would have the same vulnerability as if I recover the password with the getText () method, right?
- How would you do to compare these two passwords avoiding the aforementioned vulnerability? ?
I hope I have not bored you with this text. Regards, Rubén.