RFR: 8284910: Buffer clean in PasswordCallback [v2]

Sean Mullan mullan at openjdk.java.net
Mon Apr 18 20:07:34 UTC 2022


On Mon, 18 Apr 2022 19:27:21 GMT, Stuart Marks <smarks at openjdk.org> wrote:

>> I think its "belt and suspenders".
>> If the caller does not call `clearPassword` before calling a second `setPassword,` the previous char array will still contain the previous password and remain uncleared in memory for a (longer) indeterminate time.
>> It is fulfilling the same purpose as the original finalizer.
>
> Yes, exactly. I'd recommend it calling `cleanable.clean()` prior to storing the new password, so that the cleaning action for the old password is explicitly and immediately unregistered.

Yes, I suppose that is a good enough reason, although this class never had a finalizer AFAIK. Won't there be a small performance hit (perhaps negligible) for code that already calls `clearPassword`? A specification clarification would provide clarity to applications that they do not have to call `clearPassword` in between calls to `setPassword`. Something as simple as: "This method clears the value of any previously stored password before storing the input password".

-------------

PR: https://git.openjdk.java.net/jdk/pull/8272


More information about the security-dev mailing list