> Please review this password cleanup enhancement in the PasswordCallback > implementation. This is one of the effort to clean up the buffered passwords. > > The PasswordCallback.setPassword() clones the password, but is not registered > for cleanup. An application could call clearPassword() for the purpose, but > it would be nice to cleanup the buffer as well if clearPassword() was not > called in an application. And, if the setPassword() get called multiple > times, the clearPassword() should also be called the same times if not > relying on finalization. It could be fragile in practice.
Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision: rename and split the test case ------------- Changes: - all: https://git.openjdk.java.net/jdk/pull/8272/files - new: https://git.openjdk.java.net/jdk/pull/8272/files/aaedee46..9d38fdd3 Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=05 - incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=8272&range=04-05 Stats: 233 lines in 3 files changed: 136 ins; 97 del; 0 mod Patch: https://git.openjdk.java.net/jdk/pull/8272.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/8272/head:pull/8272 PR: https://git.openjdk.java.net/jdk/pull/8272