RFR: 8286423: Destroy password protection in the example code in KeyStore
Weijun Wang
weijun at openjdk.java.net
Tue May 10 13:39:50 UTC 2022
On Tue, 10 May 2022 04:13:43 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
> Hi,
>
> May I have this simple example update in the KeyStore specification?
>
> Password protection should be destroyed in the example code in KeyStore specification. Otherwise, applications may just copy and past the code, and forget to clean up password protection.
>
> It's a trivial update, and may not worthy of a CSR. But please let me know if you would like to have a CSR filed.
>
> Thanks,
> Xuelei
src/java.base/share/classes/java/security/KeyStore.java line 165:
> 163: * }
> 164: * } finally {
> 165: * protParam.destroy();
`KeyStore.ProtectionParameter` does not have a `destroy` method. Only `PasswordProtection` does.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8623
More information about the security-dev
mailing list