RFE Review : JDK-5016517 - Replace plaintext passwords by hashed passwords for out-of-the-box JMX Agent
Harsha Wardhana B
harsha.wardhana.b at oracle.com
Tue Nov 7 17:04:37 UTC 2017
Hi Mandy,
To summarize the changes,
1. The header will not contain the file modification timestamp. Instead
when the password file is modified, a debug log will be printed. The log
will contain the timestamp.
2. The password file is now protected from concurrent writes from within
the JVM.
3. HashedPasswordManager.authenticate accepts char[] for password
instead of String.
-Harsha
On Tuesday 07 November 2017 10:24 PM, mandy chung wrote:
>
>
> On 11/7/17 8:26 AM, Harsha Wardhana B wrote:
>> Hi,
>>
>> Please find below the webrev addressing Daniel and Mandy's comments.
>>
>> http://cr.openjdk.java.net/~hb/5016517/webrev.07/
>
> Can you summarize the change?
>
> I thought we agree to only replace the clear passwords with the hashes
> and not to alter any other content nor inserting any header.
Header will be inserted. Apart from that all the comments will be retained.
> Also log a message when the file is overridden - we didn't discuss the
> format but I think it should include the pathname of the file and the
> role name of the overridden entries (should it be info level?). line
> 308-311 is debug message - is that the one?
I guess this wasn't discussed. We just output a debug log saying the
file is overwritten. File name can be mentioned in the log.
>
> Mandy
Harsha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20171107/d1e3cc4a/attachment.html>
More information about the serviceability-dev
mailing list