<Swing Dev> RFR: 8268087: Update documentation of the JPasswordField
Sergey Bylokhov
serb at openjdk.java.net
Thu Jun 3 08:13:33 UTC 2021
On Wed, 2 Jun 2021 01:14:39 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
> Some useful documentation was added to the JPasswordField.
> _Mailing list message from [Alan Snyder](mailto:javalists at cbfiddle.com) on [swing-dev](mailto:swing-dev at mail.openjdk.java.net):_
> How about:
> For security reasons, JPasswordField does not display the entered text. (Some UIs may allow the user to request the display of the entered text.)
Your text is already described in the JPasswordField, this is for what this component was created. The current update is just a note that even if the entered text is not displayed to the user it is still in the heap and can be accessed. The security guide will provide some useful information about such cases.
> It is a text field. It displays unicode text. Nothing else. It can't display a graphic such as a dot unless it is a unicode
> assigned code point. So if we want to re-define text across the platform to exclude some subset of unicode it will be
> a questionable and difficult job and this informational comment isn't the place to start.
In fact, the JPasswordField is not a text component, and UI "can use whatever graphic techniques it desires to represent the field". This is the reason why the initial text in this fix contained "The text entered in {@code JPasswordField} displays something that was typed". So yes it really may contain something that was typed, in opposite to "displays that something was typed".
-------------
PR: https://git.openjdk.java.net/jdk/pull/4296
More information about the swing-dev
mailing list