[jboss-jira] [JBoss JIRA] (JBEE-194) PasswordValidationCallback.clearPassword() does not clear the password.
Darran Lofthouse (JIRA)
issues at jboss.org
Tue Jun 19 08:03:01 EDT 2018
[ https://issues.jboss.org/browse/JBEE-194?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13593752#comment-13593752 ]
Darran Lofthouse commented on JBEE-194:
---------------------------------------
https://github.com/jboss/jboss-jaspi-api_spec/pull/7
> PasswordValidationCallback.clearPassword() does not clear the password.
> -----------------------------------------------------------------------
>
> Key: JBEE-194
> URL: https://issues.jboss.org/browse/JBEE-194
> Project: JBoss JavaEE Spec APIs
> Issue Type: Bug
> Components: jboss-jaspi-api
> Reporter: Darran Lofthouse
> Assignee: Darran Lofthouse
>
> The purpose of clear() methods on classes like this is to zero out the array holding the password, the current implementation just sets the reference to null leaving it to the garbage collector to dispose of - this would happen anyway as soon as the PasswordValidationCallback is eligible for garbage collection,
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list