Uploaded image for project: 'JBoss Enterprise Spec APIs'
  1. JBoss Enterprise Spec APIs
  2. JBEE-194

PasswordValidationCallback.clearPassword() does not clear the password.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • None
    • jboss-jaspi-api
    • None

    Description

      The purpose of clear() methods on classes like this is to zero out the array holding the password, the current implementation just sets the reference to null leaving it to the garbage collector to dispose of - this would happen anyway as soon as the PasswordValidationCallback is eligible for garbage collection,

      Attachments

        Activity

          People

            Unassigned Unassigned
            darran.lofthouse@redhat.com Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: