> Please review this password cleanup enhancement in the PasswordCallback > implementation. This is one of the effort to clean up the buffered passwords. > > The PasswordCallback.setPassword() clones the password, but is not registered > for cleanup. An application could call clearPassword() for the purpose, but > it would be nice to cleanup the buffer as well if clearPassword() was not > called in an application. And, if the setPassword() get called multiple > times, the clearPassword() should also be called the same times if not > relying on finalization. It could be fragile in practice.
Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: cleanup the previous password ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/8272/files - new: https://git.openjdk.java.net/jdk/pull/8272/files/73692489..324f89fc Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=02 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=01-02 Stats: 6 lines in 1 file changed: 6 ins; 0 del; 0 mod Patch: https://git.openjdk.java.net/jdk/pull/8272.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8272/head:pull/8272 PR: https://git.openjdk.java.net/jdk/pull/8272
