https://bz.apache.org/bugzilla/show_bug.cgi?id=69486
--- Comment #3 from Christopher Schultz <ch...@christopherschultz.net> --- Setting the length of the buffer to 0 should be enough (e.g. limit(0)). If there are data-leakage bugs in ByteBuffer, they should be fixed. Writing zeros to the buffer may or may not happen, depending upon a few things. It may also not do what you are expecting. In Java, zeroing-out memory does not protect against secrets floating in RAM since objects can be relocated at any time, and the JVM does not guarantee zero-ing out freed heap space. Depending upon the implementation of Arrays.fill, it may come down to memset(0) which is often simply a no-op under certain conditions. Honestly, it is very difficult in a modern operating system, and especially with Java, to ensure that sensitive artifacts are not left around in memory. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
