Possible Duplicate:
Why is char[] preferred over string for passwords?
Reading the java documentation, i found this statement about Console class
First, it suppresses echoing, so the password is not visible on the user's screen. Second, readPassword returns a character array, not a String, so the password can be overwritten, removing it from memory as soon as it is no longer needed.
Why a character array can be overwritten and a String not? Or maybe a character array can be overwritted in a more simple way?
