On Tue, 26 Apr 2022 16:04:14 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
>> Please review this password cleanup enhancement in the PasswordCallback >> implementation. This is one of the effort to clean up the buffered >> passwords. >> >> The PasswordCallback.setPassword() clones the password, but is not >> registered for cleanup. An application could call clearPassword() for the >> purpose, but it would be nice to cleanup the buffer as well if >> clearPassword() was not called in an application. And, if the setPassword() >> get called multiple times, the clearPassword() should also be called the >> same times if not relying on finalization. It could be fragile in practice. > > Xue-Lei Andrew Fan has updated the pull request incrementally with one > additional commit since the last revision: > > rename and split the test case test/jdk/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java line 27: > 25: * @test > 26: * @bug 8284910 > 27: * @summary Buffer clean in PasswordCallback Make the summary more specific, ex: "Check that PasswordCallback.clearPassword() clears the password." test/jdk/javax/security/auth/callback/PasswordCallback/PasswordCleanup.java line 55: > 53: } > 54: > 55: // Check if the PasswordCallback object could be collected. Since you are already checking if the Cleaner works properly in the `CheckCleanerBound` test, I don't see a reason why you need to test that again. ------------- PR: https://git.openjdk.java.net/jdk/pull/8272
