> 1. Capturing a password as a string is insecure (note that the swing
> JPasswordField has recognized this).
Note that JCE has recognized this, too, in the context of password-based
encryption.
Download the JCE 1.2 software from
http://developer.javasoft.com/developer/earlyAccess/jdk12/jce.html
Extract the API users guide (API_users_guide.html) and go to the
"Using Password-Based Encryption" section in the Code Examples.
The sample program there shows you how to collect a password as
a char[].
Jan