On Wed, 23 Jun 2021 20:37:22 GMT, Phil Race <p...@openjdk.org> wrote:
>> Here it is just a slight code cleanup. We do not need additional variable >> for passing value from one method to another. It serves no other purpose at >> all. > > Let me ask it this way. > Does super.getAfterIndex(part, index) return a String with any of the > password in clear text ? > It seems to me like it might. For CHARACTER it will return String with a single character in the corresponding position. There is a possibility that someone will iterate the entirety of the password text and get all the characters in the password as a separate strings but digging it from the memory dump is much more difficult than the singular string with the whole password. For anything but character we do not use this method - we get password as an array of characters and - after the fix - immediately overriding them with the same number of echo characters. ------------- PR: https://git.openjdk.java.net/jdk17/pull/127
