On Sat, 16 Apr 2022 15:45:21 GMT, Xue-Lei Andrew Fan <xue...@openjdk.org> wrote:
> Please review this password cleanup enhancement in the PasswordCallback > implementation. This is one of the effort to clean up the buffered passwords. > > The PasswordCallback.setPassword() clones the password, but is not registered > for cleanup. An application could call clearPassword() for the purpose, but > it would be nice to cleanup the buffer as well if clearPassword() was not > called in an application. And, if the setPassword() get called multiple > times, the clearPassword() should also be called the same times if not > relying on finalization. It could be fragile in practice. This pull request has now been integrated. Changeset: 89fd6d34 Author: Xue-Lei Andrew Fan <xue...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/89fd6d34f859d61d9cf5a1edf9419eee7c338390 Stats: 147 lines in 3 files changed: 141 ins; 0 del; 6 mod 8284910: Buffer clean in PasswordCallback Reviewed-by: mullan ------------- PR: https://git.openjdk.java.net/jdk/pull/8272
