Do you need the password ever after authentication?
On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory <[email protected]>wrote: > On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers <[email protected]> wrote: > >> What passwords? >> > > For example: > > - org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password > - org.apache.logging.log4j.core.net.JMSTopicManager.password > - org.apache.logging.log4j.core.net.JMSQueueManager.FactoryData.password > > Gary > >> >> Ralph >> >> On Aug 19, 2013, at 4:22 AM, Gary Gregory <[email protected]> wrote: >> >> I've seen it done many places: Should we track passwords internally as >> char[] instead of String for ivars. >> >> This prevents Log4j spilling your secrets by accident in a toString to >> internal log call. >> >> Gary >> >> -- >> E-Mail: [email protected] | [email protected] >> Java Persistence with Hibernate, Second >> Edition<http://www.manning.com/bauer3/> >> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >> Spring Batch in Action <http://www.manning.com/templier/> >> Blog: http://garygregory.wordpress.com >> Home: http://garygregory.com/ >> Tweet! http://twitter.com/GaryGregory >> >> > > > -- > E-Mail: [email protected] | [email protected] > Java Persistence with Hibernate, Second > Edition<http://www.manning.com/bauer3/> > JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> > Spring Batch in Action <http://www.manning.com/templier/> > Blog: http://garygregory.wordpress.com > Home: http://garygregory.com/ > Tweet! http://twitter.com/GaryGregory > -- Cheers, Paul
