RFR: 8284910: Buffer clean in PasswordCallback [v2]

Sean Mullan mullan at openjdk.java.net
Mon Apr 18 18:18:40 UTC 2022


On Mon, 18 Apr 2022 18:07:59 GMT, Roger Riggs <rriggs at openjdk.org> wrote:

>> I can see why that might be a good idea. Would require a specification change though. I also think it is fine to keep the behavior the same, and place the responsibility on the application to call `clearPassword` before setting a new one. We could add a warning though, something like: "Note: `clearPassword` should be called to clear any prior password before calling `setPassword` multiple times on the same `PasswordCallback` instance."
>
> setPassword can/should always clear the previous password.  It is an internal copy that no one else has a reference to and is being replaced.
> It will need to either explicitly call cleanable.clean() or fill/erase the array itself.
> Overwriting the cleanable will prevent the existing cleanable from being processed.
> It don't think it needs a spec change, the internal value is implementation only.

What about code that is already calling `clearPassword` between calls to `setPassword`? This seems to be a change in the design of this API. The `clearPassword` method is there to allow callers to manage and clear the passwords itself.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8272


More information about the security-dev mailing list