RFE Review : JDK-5016517 - Replace plaintext passwords by hashed passwords for out-of-the-box JMX Agent
mandy chung
mandy.chung at oracle.com
Tue Oct 31 17:07:52 UTC 2017
On 10/31/17 8:55 AM, Harsha Wardhana B wrote:
>
> Hi Mandy,
>
> Below is the new webrev incorporating below review comments.
>
> http://cr.openjdk.java.net/~hb/5016517/webrev.06/
Looks okay in general except this:
286 // Check if header needs to be inserted
287 if (sbuf.indexOf("# The passwords in this file are hashed") != 0) {
288 String lastUpdated = "# file last updated on - "
289 + new SimpleDateFormat("MM/dd/yyyy HH:mm:ss").format(new Date()) + "\n\n";
290 sbuf.insert(0, header + lastUpdated);
291 }
Relying on matching the partial header string is fragile.
Also the timestamp is not updated if the file contains such
heading but the file is re-written again.
You should probably drop the header (auto-inserted), not add
it to sbuf, and always add the header when updating the
password file.
Mandy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/serviceability-dev/attachments/20171031/407c1147/attachment.html>
More information about the serviceability-dev
mailing list