1

I am using java frames to create a small project. In the login frame I receive a username and password from the user. After checking for validity, I must pass this username and password to another frame's constructor (called UserFrame). I am passing as a string and it seems unsecure. Is there a good method to achieve passing a password from one frame to another in java?

String user=userField.getText();
String pwd= passField.getText();
if (user.equals("username") && pwd.equals("password"))
      Home x= new Home(user,pwd);
user2670866
  • 88
  • 2
  • 14
  • 1
    are you using swing? you should provide some code demonstrating the problem. – nachokk Aug 10 '13 at 17:14
  • Again, ***never*** use `getText()` with JPasswordFields. The API will tell you so, that it has been deprecated. – Hovercraft Full Of Eels Aug 10 '13 at 17:19
  • 1
    As you know java is strong type language, what type is `passField` or `userField` we can't imagine, for better help sooner always is better to post a [SSCCE](http://www.sscce.org) and it's probably you find the problem yourself – nachokk Aug 10 '13 at 17:23
  • See [The Use of Multiple JFrames, Good/Bad Practice?](http://stackoverflow.com/a/9554657/418556) In this case, the log-in should be a modal `JDialog` or a `JOptionPane`. – Andrew Thompson Aug 10 '13 at 17:35

4 Answers4

1

Note that JPasswordField#getPassword() returns char[], and so you could handle the password as it is given to you (assuming that you are using a JPasswordField): as an array of char. Either that or hash it somehow and pass the hash code.

Edit
You state:

Yes I am using a JPasswordField. However I used getText() for simplicity as it returns a String. Does the character array guarentee additional security than a string when being passed from one frame to another?

Don't use getText() for the very reason that you're asking your question: you shouldn't handle passwords as Strings at all as this increases the ease of their discovery. Look at the API for the JPasswordField class and you'll see that getText() has been deprecated for this very same reason. As a general rule you should not use deprecated methods.

Edit 2 You state:

Ok. Now I understand it. But how can a password be passed from one frame to another? Does passing a char[] guarantee security?

As far as I know, nothing guarantees security, but handling the password as a char array does improve security. Use a char[] constructor parameter or a setter method that takes a char[] parameter.

Hovercraft Full Of Eels
  • 283,665
  • 25
  • 256
  • 373
1

passField.getText() is deprecated, so I would NOT recommend using that. Instead, try using passField.getPassword(), like this:

String pwd= new String(passField.getPassword());
whirish
  • 450
  • 4
  • 18
0

You can use getPassword() method avaialable. But this method return type is char array.You may want to convert it into String.

char a[]= jPasswordField1.getPassword();
 String pswd = new String (a);

Or simply,

String pswd= new String (jPasswordField1.getPassword());

Pass the id,pswd to other frame constructor as 

new JFrame2(id,pswd);
Malwaregeek
  • 2,274
  • 3
  • 15
  • 18
  • I used getText() method directly instead. however my conern is about passing a string from one frame to another? Does java handle any auto encoding methods? or any object like 'password'? – user2670866 Aug 10 '13 at 17:13
0

I've been working on something like this. You probably don't want to pass around unencrypted Strings, and writing an encryption class isn't too onerous. Have a look at this page for a guide on encryption: http://www.javacodegeeks.com/2012/05/secure-password-storage-donts-dos-and.html

I would encrypt the text on entry and then pass around the resulting byte array.

Guy Needham
  • 390
  • 4
  • 13