[
https://issues.apache.org/jira/browse/QPID-8583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17524783#comment-17524783
]
ASF subversion and git services commented on QPID-8583:
-------------------------------------------------------
Commit 6390ef17a138abe4c6ec4a742472640d0d7b02bc in qpid-broker-j's branch
refs/heads/main from Daniil Kirilyuk
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=6390ef17a1 ]
QPID-8583: [Broker-J] Privacy Violation: Heap Inspection (#124)
* QPID-8583: [Broker-J] Privacy Violation: Heap Inspection
* QPID-8583: [Broker-J] Added new line to the end of ClearableCharSequence
Co-authored-by: vavrtom <[email protected]>
> [Broker-J] Privacy Violation: Heap Inspection
> ---------------------------------------------
>
> Key: QPID-8583
> URL: https://issues.apache.org/jira/browse/QPID-8583
> Project: Qpid
> Issue Type: Improvement
> Components: Broker-J
> Affects Versions: qpid-java-broker-8.0.6
> Reporter: Daniil Kirilyuk
> Priority: Minor
>
> Sensitive data (such as passwords) stored in memory can be leaked if memory
> is not cleared after use. Often, Strings are used store sensitive data,
> however, since String objects are immutable, removing the value of a String
> from memory can only be done by the JVM garbage collector. The garbage
> collector is not required to run unless the JVM is low on memory, so there is
> no guarantee as to when garbage collection will take place. In the event of
> an application crash, a memory dump of the application might reveal sensitive
> data.
> There are several classes susceptible to this issue (e.g.
> ConfiguredObjectMethodAttribute, ConfiguredDerivedInjectedAttribute,
> ConfiguredSettableInjectedAttribute, CramMd5Base64HexNegotiator,
> CramMd5Base64HashedNegotiator).
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
