klboke commented on pull request #5766: URL: https://github.com/apache/shardingsphere/pull/5766#issuecomment-633007692
> > > I don't think it's a good idea to lift the initialization into `init`, `javax.crypto.Cipher` is not thread-safe and the method `org.apache.shardingsphere.encrypt.strategy.impl.AESEncryptor#encrypt` is definitely possible to be called by multiple threads, you'd better keep it as is, or at least put it into `ThreadLocal` > > > > > > After the thread shares the instance, there is indeed a thread safety problem. Do you have more detailed documentation on the thread safety of javax.crypto.Cipher? > > I don't have actually, but by tradition, the classes in JDK usually indicate the thread-safety in the JavaDoc, if it's not documented explicitly, it's not thread-safe, you can also simply check the source codes of `javax.crypto.Cipher`, it's stateful I found an answer similar to yours on stackoverflow, https://stackoverflow.com/questions/6957406/is-cipher-thread-safe. In the official jdk documentation, it does not show the thread safety of this class: https://docs.oracle.com/javase/8/docs/api/javax/crypto/Cipher.html#init-int-java. security.cert.Certificate-. I decided to close this merge request first, thank you for your reminder, it may have saved our online application ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
