On Mon, 18 Apr 2022 19:27:21 GMT, Stuart Marks <sma...@openjdk.org> wrote:
>> I think its "belt and suspenders". >> If the caller does not call `clearPassword` before calling a second >> `setPassword,` the previous char array will still contain the previous >> password and remain uncleared in memory for a (longer) indeterminate time. >> It is fulfilling the same purpose as the original finalizer. > > Yes, exactly. I'd recommend it calling `cleanable.clean()` prior to storing > the new password, so that the cleaning action for the old password is > explicitly and immediately unregistered. Yes, I suppose that is a good enough reason, although this class never had a finalizer AFAIK. Won't there be a small performance hit (perhaps negligible) for code that already calls `clearPassword`? A specification clarification would provide clarity to applications that they do not have to call `clearPassword` in between calls to `setPassword`. Something as simple as: "This method clears the value of any previously stored password before storing the input password". ------------- PR: https://git.openjdk.java.net/jdk/pull/8272