You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Looking at the SecureString implementation, wouldn't it be better to put a synchronized block on the chars-array around the Arrays.fill call?
E.g.
public void clear(){
synchronized(chars) {
Arrays.fill(chars, '0');
}
}
=> This would give assurance, that the JVM doesn't optimize anything around fill and prevent thread-local caching (as per this thread)
Actually you could make this class thread-safe while at it, with read-locks for all other methods and write-lock for the clear().
Additionally it's not clear, that the class creates a copy of the input char-array. It's likely users forget to clear their input "manually" after creating an instance.
Looking at the SecureString implementation, wouldn't it be better to put a synchronized block on the chars-array around the
Arrays.fillcall?E.g.
=> This would give assurance, that the JVM doesn't optimize anything around fill and prevent thread-local caching (as per this thread)
Actually you could make this class thread-safe while at it, with read-locks for all other methods and write-lock for the clear().
Additionally it's not clear, that the class creates a copy of the input char-array. It's likely users forget to clear their input "manually" after creating an instance.
If you want I can make a PR.