Hi Mandy,
To summarize the changes,
1. The header will not contain the file modification timestamp. Instead
when the password file is modified, a debug log will be printed. The log
will contain the timestamp.
2. The password file is now protected from concurrent writes from within
the JVM.
3. HashedPasswordManager.authenticate accepts char[] for password
instead of String.
-Harsha
On Tuesday 07 November 2017 10:24 PM, mandy chung wrote:
On 11/7/17 8:26 AM, Harsha Wardhana B wrote:
Hi,
Please find below the webrev addressing Daniel and Mandy's comments.
http://cr.openjdk.java.net/~hb/5016517/webrev.07/
Can you summarize the change?
I thought we agree to only replace the clear passwords with the hashes
and not to alter any other content nor inserting any header.
Header will be inserted. Apart from that all the comments will be retained.
Also log a message when the file is overridden - we didn't discuss the
format but I think it should include the pathname of the file and the
role name of the overridden entries (should it be info level?). line
308-311 is debug message - is that the one?
I guess this wasn't discussed. We just output a debug log saying the
file is overwritten. File name can be mentioned in the log.
Mandy
Harsha
