On Mon, Aug 19, 2013 at 10:25 AM, Paul Benedict <[email protected]>wrote:
> Do you need the password ever after authentication? > I guess it depends on whether the code handles re-auth in case of a disconnect. Gary > > On Mon, Aug 19, 2013 at 8:55 AM, Gary Gregory <[email protected]>wrote: > >> On Mon, Aug 19, 2013 at 7:27 AM, Ralph Goers <[email protected]> wrote: >> >>> What passwords? >>> >> >> For example: >> >> - org.apache.logging.log4j.core.net.SMTPManager.FactoryData.password >> - org.apache.logging.log4j.core.net.JMSTopicManager.password >> - org.apache.logging.log4j.core.net.JMSQueueManager.FactoryData.password >> >> Gary >> >>> >>> Ralph >>> >>> On Aug 19, 2013, at 4:22 AM, Gary Gregory <[email protected]> >>> wrote: >>> >>> I've seen it done many places: Should we track passwords internally as >>> char[] instead of String for ivars. >>> >>> This prevents Log4j spilling your secrets by accident in a toString to >>> internal log call. >>> >>> Gary >>> >>> -- >>> E-Mail: [email protected] | [email protected] >>> Java Persistence with Hibernate, Second >>> Edition<http://www.manning.com/bauer3/> >>> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >>> Spring Batch in Action <http://www.manning.com/templier/> >>> Blog: http://garygregory.wordpress.com >>> Home: http://garygregory.com/ >>> Tweet! http://twitter.com/GaryGregory >>> >>> >> >> >> -- >> E-Mail: [email protected] | [email protected] >> Java Persistence with Hibernate, Second >> Edition<http://www.manning.com/bauer3/> >> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> >> Spring Batch in Action <http://www.manning.com/templier/> >> Blog: http://garygregory.wordpress.com >> Home: http://garygregory.com/ >> Tweet! http://twitter.com/GaryGregory >> > > > > -- > Cheers, > Paul > -- E-Mail: [email protected] | [email protected] Java Persistence with Hibernate, Second Edition<http://www.manning.com/bauer3/> JUnit in Action, Second Edition <http://www.manning.com/tahchiev/> Spring Batch in Action <http://www.manning.com/templier/> Blog: http://garygregory.wordpress.com Home: http://garygregory.com/ Tweet! http://twitter.com/GaryGregory
