Repository: logging-log4j2 Updated Branches: refs/heads/master 08077cba3 -> cbbc529cc
LOG4J2-2054 javadoc Project: http://git-wip-us.apache.org/repos/asf/logging-log4j2/repo Commit: http://git-wip-us.apache.org/repos/asf/logging-log4j2/commit/cbbc529c Tree: http://git-wip-us.apache.org/repos/asf/logging-log4j2/tree/cbbc529c Diff: http://git-wip-us.apache.org/repos/asf/logging-log4j2/diff/cbbc529c Branch: refs/heads/master Commit: cbbc529cc95de81834ece0bbf22c4f9d976ce327 Parents: 08077cb Author: rpopma <[email protected]> Authored: Tue Sep 26 01:06:21 2017 +0900 Committer: rpopma <[email protected]> Committed: Tue Sep 26 01:06:21 2017 +0900 ---------------------------------------------------------------------- .../log4j/core/net/ssl/EnvironmentPasswordProvider.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/logging-log4j2/blob/cbbc529c/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/EnvironmentPasswordProvider.java ---------------------------------------------------------------------- diff --git a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/EnvironmentPasswordProvider.java b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/EnvironmentPasswordProvider.java index e501c15..6545b7f 100644 --- a/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/EnvironmentPasswordProvider.java +++ b/log4j-core/src/main/java/org/apache/logging/log4j/core/net/ssl/EnvironmentPasswordProvider.java @@ -26,9 +26,10 @@ import java.util.Objects; * sensitive data from the application memory. The password data will stay resident in memory until the String object * and its associated char[] array object are garbage collected and the memory is overwritten by another object. * </p><p> - * This is slightly more secure than {@link MemoryPasswordProvider} because the actual password string is not pulled - * into memory until it is needed (so the password string does not need to be passed in from the command line or in a - * configuration file). + * This is slightly more secure than {@link MemoryPasswordProvider} because the actual password string does not + * need to be passed to the application. + * The actual password string is not pulled into memory until it is needed + * (so the password string does not need to be passed in from the command line or in a configuration file). * This gives an attacker a smaller window of opportunity to obtain the password from a memory dump. * </p><p> * A more secure implementation is {@link FilePasswordProvider}.
