> Please review this password cleanup enhancement in the PasswordCallback > implementation. This is one of the effort to clean up the buffered passwords. > > The PasswordCallback.setPassword() clones the password, but is not registered > for cleanup. An application could call clearPassword() for the purpose, but > it would be nice to cleanup the buffer as well if clearPassword() was not > called in an application. And, if the setPassword() get called multiple > times, the clearPassword() should also be called the same times if not > relying on finalization. It could be fragile in practice.
Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: Remove duplicated test case ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/8272/files - new: https://git.openjdk.java.net/jdk/pull/8272/files/9d38fdd3..7acd0ca8 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=06 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=05-06 Stats: 23 lines in 1 file changed: 0 ins; 22 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/8272.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8272/head:pull/8272 PR: https://git.openjdk.java.net/jdk/pull/8272
