[Engine-patches] Change in ovirt-engine[master]: core, webadmin, restapi: Detach password from VdcUser

Thu, 26 Sep 2013 10:57:51 -0700 

Vojtech Szocs has posted comments on this change.

Change subject: core, webadmin, restapi: Detach password from VdcUser
......................................................................


Patch Set 4: Code-Review+1

+1 for the front-end part, however I have some comments:

* (just a note) to stay consistent, Frontend.setLoginPassword should be called 
right after *each* Frontend.setLoggedInUser

* to avoid above mentioned call duplicity, I suggest to remove 
Frontend.setLoggedInUser + Frontend.setLoginPassword methods in favor of new 
methods:

 public static void initLoggedInUser(VdcUser loggedUser, String loginPassword) {
     Frontend.loggedUser = loggedUser;
     Frontend.loginPassword = loginPassword;
 }

 public static void clearLoggedInUser() {
     initLoggedInUser(null, null);
 }

Frontend.getLoggedInUser + Frontend.getLoginPassword can be used to retrieve 
parts of user information.

* (in response to Michael's JVM string pool comments) AFAIK, by default, JVM 
performs String interning [1] only for String literals, for example:

 String a = "foo"; // "foo" will be interned into string pool
 String b = "foo"; // "foo" is already interned, so `a == b` returns true

[1] http://en.wikipedia.org/wiki/String_interning

However, referencing computed value or using String constructor does not 
perform String interning:

 String c = a;
 c += "bar"; // c is now "foobar", "foo" and "bar" are interned, "foobar" is 
NOT interned because it's computed value
 String d = new String("foobar"); // "foobar" is NOT interned

So IIUC there is no reason to worry about interning passwords into JVM string 
pool, since passwords are (hopefully) not defined as String literals.

Of course, some evil programmer might still do this:

 c.intern(); // explicitly intern value of this String into JVM string pool

Personally I don't think we should guard against the above mentioned case, so 
using char array vs. String isn't that big of a deal.

-- 
To view, visit http://gerrit.ovirt.org/17096
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I0ab9321816ee28355a4118910086891f5a552014
Gerrit-PatchSet: 4
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Juan Hernandez <[email protected]>
Gerrit-Reviewer: Michael Pasternak <[email protected]>
Gerrit-Reviewer: Omer Frenkel <[email protected]>
Gerrit-Reviewer: Oved Ourfali <[email protected]>
Gerrit-Reviewer: Vojtech Szocs <[email protected]>
Gerrit-Reviewer: Yair Zaslavsky <[email protected]>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: No
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to