8268087: Update documentation of the JPasswordField #4296
Conversation
|
👋 Welcome back serb! A progress list of the required criteria for merging this PR into |
|
/csr |
|
@mrserb has indicated that a compatibility and specification (CSR) request is needed for this pull request. |
Webrevs
|
| * doesn't prevent the password from appearing in the system memory. For | ||
| * handling confidential information such as the password text, refer to the | ||
| * relevant section at | ||
| * <a href="https://www.oracle.com/java/technologies/javase/seccodeguide.html"> |
There was a problem hiding this comment.
We might want to use the link with an anchor to the specific section, e.g.:
https://www.oracle.com/java/technologies/javase/seccodeguide.html#2-2
There was a problem hiding this comment.
If we want to allow that the representation of what was typed is anything the UI decides then let's start from scratch,
The {@code JPasswordField} will not show the original characters that were typed, instead displaying alternative text or graphics.
However this doesn't prevent... [and then the rest is as originally proposed]
|
The CSR is filed: https://bugs.openjdk.java.net/browse/JDK-8268149 |
| * inherited method, <code>enableInputMethods(true)</code>. | ||
| * <p> | ||
| * <strong>Warning:</strong> The text entered in {@code JPasswordField} displays | ||
| * something that was typed and does not show the original characters. This |
There was a problem hiding this comment.
"something that was typed" ? That reads to me as if it displays the characters you typed which isn't what you mean
the whole sentence is weird
Let's change this to
Although the text displayed in {@code JPasswordField} does not show the actual password characters typed, this does not prevent ...
There was a problem hiding this comment.
The "something was typed" text is used already in the description of the JPasswordField, in the first sentence.
Not sure that the word "text" in the "Although the text displayed" is the correct one. It is not necessary a "text" but "something"
There was a problem hiding this comment.
The previous text you refer to is presumably
"where the view indicates something was typed,"
that is fine. Your text is trying to say something else AND you added the word that which means you are referring to the specific thing ..
So you can't just copy and edit that.
And "text" in my version is fine.
There was a problem hiding this comment.
So in case that wasn't clear, please change it to ny version
There was a problem hiding this comment.
Another way of phrasing it would be
The text displayed in {@code JPasswordField} shows you that something was typed but does not show the original characters.
Note "that something" not "something that" and the rest of the rephrasing matters too.
There was a problem hiding this comment.
I do not like the phrase "Although the text displayed in", the "text" is not displayed in the JPasswordField per se, please suggest something else.
There was a problem hiding this comment.
"The text entered in {@code JPasswordField} displays that something was typed and does not show the original characters"
?
There was a problem hiding this comment.
change "and" to "but" and that will be good enough
"The text entered in {@code JPasswordField} displays that something was typed but does not show the original characters"
|
Mailing list message from Alan Snyder on swing-dev: I think this statement is over-constraining the UI behavior. What the password field displays does not have to be text in the ordinary sense of the word. It could be a series of large dots. It is really up to the UI. Also, the sentence is turned around. It should not start with the ?text entered?, which is irrelevant. Also, a UI may allow the user to request that the entered text be displayed. That should not be ruled out. How about: For security reasons, JPasswordField does not display the entered text. (Some UIs may allow the user to request the display of the entered text.) |
1 similar comment
|
Mailing list message from Alan Snyder on swing-dev: I think this statement is over-constraining the UI behavior. What the password field displays does not have to be text in the ordinary sense of the word. It could be a series of large dots. It is really up to the UI. Also, the sentence is turned around. It should not start with the ?text entered?, which is irrelevant. Also, a UI may allow the user to request that the entered text be displayed. That should not be ruled out. How about: For security reasons, JPasswordField does not display the entered text. (Some UIs may allow the user to request the display of the entered text.) |
It is a text field. It displays unicode text. Nothing else. It can't display a graphic such as a dot unless it is a unicode |
Your text is already described in the JPasswordField, this is for what this component was created. The current update is just a note that even if the entered text is not displayed to the user it is still in the heap and can be accessed. The security guide will provide some useful information about such cases.
In fact, the JPasswordField is not a text component, and UI "can use whatever graphic techniques it desires to represent the field". This is the reason why the initial text in this fix contained "The text entered in {@code JPasswordField} displays something that was typed". So yes it really may contain something that was typed, in opposite to "displays that something was typed". |
|
Mailing list message from Alan Snyder on swing-dev:
Needless to say, I am not suggesting anything of the sort. You seem to be nitpicking my words rather than trying to understand my suggestion. The component UI has complete control over painting. It can paint anything it wants, not just text. Normally, that would be a terrible idea, but in the case of a password field, the goal is to not display the entered text, but give very limited feedback when the user types a character. Alan -------------- next part -------------- |
1 similar comment
|
Mailing list message from Alan Snyder on swing-dev:
Needless to say, I am not suggesting anything of the sort. You seem to be nitpicking my words rather than trying to understand my suggestion. The component UI has complete control over painting. It can paint anything it wants, not just text. Normally, that would be a terrible idea, but in the case of a password field, the goal is to not display the entered text, but give very limited feedback when the user types a character. Alan -------------- next part -------------- |
|
Mailing list message from Alan Snyder on swing-dev:
I think we are in agreement on the intent. However, that sentence makes no sense to me. The text does not display something. The component displays something. The phrase ?something that was typed? means nothing to me. The similar phrase ?what was typed? makes sense, but the component does not display "what was typed", that is the whole point. The original ?the view indicates something was typed? is appropriate, although it would read better as ?the view indicates that something was typed?. If you need to say more, perhaps it should be identified as an implementation note. Alan -------------- next part -------------- |
1 similar comment
|
Mailing list message from Alan Snyder on swing-dev:
I think we are in agreement on the intent. However, that sentence makes no sense to me. The text does not display something. The component displays something. The phrase ?something that was typed? means nothing to me. The similar phrase ?what was typed? makes sense, but the component does not display "what was typed", that is the whole point. The original ?the view indicates something was typed? is appropriate, although it would read better as ?the view indicates that something was typed?. If you need to say more, perhaps it should be identified as an implementation note. Alan -------------- next part -------------- |
|
Mailing list message from Alan Snyder on swing-dev: LGTM
|
|
The patch and CSR are updated. |
|
@mrserb This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 91 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
/integrate |
openjdk
bot
added
integrated
|
@mrserb Since your change was applied there have been 99 commits pushed to the
Your commit was automatically rebased without conflicts. Pushed as commit b2e9eb9. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
4 participants
Some useful documentation was added to the JPasswordField.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk pull/4296/head:pull/4296$ git checkout pull/4296Update a local copy of the PR:
$ git checkout pull/4296$ git pull https://git.openjdk.java.net/jdk pull/4296/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 4296View PR using the GUI difftool:
$ git pr show -t 4296Using diff file
Download this PR as a diff file:
https://git.openjdk.java.net/jdk/pull/4296.diff