On Mon, 18 Apr 2022 20:04:05 GMT, Sean Mullan <mul...@openjdk.org> wrote:
>> Yes, exactly. I'd recommend it calling `cleanable.clean()` prior to storing >> the new password, so that the cleaning action for the old password is >> explicitly and immediately unregistered. > > Yes, I suppose that is a good enough reason, although this class never had a > finalizer AFAIK. Won't there be a small performance hit (perhaps negligible) > for code that already calls `clearPassword`? A specification clarification > would provide clarity to applications that they do not have to call > `clearPassword` in between calls to `setPassword`. Something as simple as: > "This method clears the value of any previously stored password before > storing the input password". > If `setPassword` is called twice in succession, should the previous password > be cleaned before the new one is assigned and registered? Awesome, thank you! That what I want to archive while I filed the bug, but did not get an idea about how to clean the existing passwords during cleanup. It's pretty simple and straightforward to get it done in the setPassword. ------------- PR: https://git.openjdk.java.net/jdk/pull/8272
