TextInputDialog.showPasswordDialog() should return a character array instead of a String

[v322v322]

Since Strings are immutable in Java, any handling of passwords in Java should be via a char[] which can be overwritten with Arrays.fill() as soon it is no longer needed. Even if the String goes out of scope, there is no guarantee if or when it will be garbage collected, and even if it is garbage collected, there is no guarantee that the memory will be overwritten.

[avl42]

Good point. But I'd suggest a StringBuilder instead of a char[].

Alternatively, we could create a CharSequence-implementing wrapper with an extra "clear"-method, that would reset all chars of the wrapped char[].

Also, we also have to take care that no String is created while the dialog is still open.