On 24/09/2014 16:59, Christopher Schultz wrote: > Mark, > > On 9/24/14 5:00 AM, Mark Thomas wrote: >> On 23/09/2014 10:49, Mark Thomas wrote: >>> On 23/09/2014 00:56, "Gabriel E. Sánchez Martínez" wrote: >>>> >>>> On 09/17/2014 04:36 AM, Mark Thomas wrote: >>>>> On 16/09/2014 22:14, Christopher Schultz wrote: >>>>>> Mark, >>>>>> >>>>>> On 9/16/14 3:39 PM, Mark Thomas wrote: >>>>>>> Updated patch: >>>>>>> http://people.apache.org/~markt/patches/2014-09-16-bug56403-tc8-v2.patch >>>>>>> >>>> It's looking good! >>> >>> I have an updated version I need to upload that addresses the remaining >>> issues. >> >> Version 3: >> http://people.apache.org/~markt/patches/2014-09-24-bug56403-tc8-v3.patch > > Looks good. > > I'm just curious: why did you call the class that does PBKDF2 > PBECredentialFilter? Does that stand for "Password-based > encryption/encoding"?
It does. > PBE is often used for "password-based encryption" but here we aren't > actually doing any encryption; we're just doing the password part. > Naming this class is tough because technically it can use any algorithm > that works with Java's SecretKey API. SecretKeyCredentialHandler? > Also, why does ConcurrentMessageDigest.digest have a varargs byte[] > parameter? Is it useful to be able to accept more than one byte array to > that method? Yes. You want to be able to pass either just the password or the salt and the password. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
