On Wed, 27 Apr 2022 16:02:05 GMT, Xue-Lei Andrew Fan <[email protected]> wrote:
>> Please review this password cleanup enhancement in the PasswordCallback
>> implementation. This is one of the effort to clean up the buffered
>> passwords.
>>
>> The PasswordCallback.setPassword() clones the password, but is not
>> registered for cleanup. An application could call clearPassword() for the
>> purpose, but it would be nice to cleanup the buffer as well if
>> clearPassword() was not called in an application. And, if the setPassword()
>> get called multiple times, the clearPassword() should also be called the
>> same times if not relying on finalization. It could be fragile in practice.
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one
> additional commit since the last revision:
>
> remove trailing whitespace
test/jdk/javax/security/auth/callback/PasswordCallback/CheckCleanerBound.java
line 50:
> 48: for (int i = 0; i < 10 && weakHashMap.size() != 0; i++) {
> 49: System.gc();
> 50: Thread.sleep(100);
You can drop this sleep to 10ms to cut the average test time. It might be
interesting to know how many retries are typical.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8272
