[jira] [Commented] (LOG4J2-1896) Update classes in org.apache.logging.log4j.core.net.ssl in APIs from String to char[] for passwords

ASF subversion and git services (JIRA) Sat, 23 Sep 2017 10:37:23 -0700

    [ 
https://issues.apache.org/jira/browse/LOG4J2-1896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16177904#comment-16177904
 ]


ASF subversion and git services commented on LOG4J2-1896:
---------------------------------------------------------

Commit cfc263268d46abbae5cf5fdd8e11d30253dd08d2 in logging-log4j2's branch 
refs/heads/master from rpopma
[ https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=cfc2632 ]

LOG4J2-1896 Update classes in org.apache.logging.log4j.core.net.ssl in APIs 
from String to a PasswordProvider producing char[] for passwords.


> Update classes in org.apache.logging.log4j.core.net.ssl in APIs from String 
> to char[] for passwords
> ---------------------------------------------------------------------------------------------------
>
>                 Key: LOG4J2-1896
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-1896
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Configurators
>            Reporter: Gary Gregory
>            Assignee: Remko Popma
>             Fix For: 2.10.0
>
>
> Update {{org.apache.logging.log4j.core.net.ssl.StoreConfiguration}} from a 
> {{String}} to {{char[]}} to represent its password.
> The goal is to reduce the security risk of using a String for a password. See 
> https://stackoverflow.com/questions/8881291/why-is-char-preferred-over-string-for-passwords



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (LOG4J2-1896) Update classes in org.apache.logging.log4j.core.net.ssl in APIs from String to char[] for passwords

Reply via email to