Re: [Codec] clearing input byte array vs not
Coming back around to this now that Mark fixed the mailing list noise. Git master now documents the existing clearing behavior as suggested by Mark in https://lists.apache.org/thread/cyrpgsqx4lnjlsf3frqwfo5pvbmpcycr Next, is how to document or change Crypt.crypt(byte[], String): The method clears the input byte array for all input types _except_ when calling UnixCrypt [1]. I could: (1) Document the inconsistency (right now, I left it unsaid) (2) Make UnixCrypt.crypt() clear its input password for consistency. WDYT? Gary On Wed, Aug 9, 2023, 6:24 PM Gary Gregory wrote: > FYI, I created https://issues.apache.org/jira/browse/INFRA-24876 > > Gary > > On Wed, Aug 9, 2023, 6:16 PM GitLab wrote: > >> Unfortunately, your email message to GitLab could not be processed. >> >> We couldn't figure out what the email is for. Please create your issue or >> comment through the web interface. >> >
Re: [Codec] clearing input byte array vs not
I still think the input byte array should not be cleared, period. Clearing is a separate operation that should be performed by the caller. On Sat, Aug 12, 2023 at 12:52 PM Gary Gregory wrote: > > Coming back around to this now that Mark fixed the mailing list noise. > > Git master now documents the existing clearing behavior as suggested by > Mark in https://lists.apache.org/thread/cyrpgsqx4lnjlsf3frqwfo5pvbmpcycr > > Next, is how to document or change Crypt.crypt(byte[], String): The method > clears the input byte array for all input types _except_ when calling > UnixCrypt [1]. > > I could: > (1) Document the inconsistency (right now, I left it unsaid) > (2) Make UnixCrypt.crypt() clear its input password for consistency. > > WDYT? > > Gary > > On Wed, Aug 9, 2023, 6:24 PM Gary Gregory wrote: > > > FYI, I created https://issues.apache.org/jira/browse/INFRA-24876 > > > > Gary > > > > On Wed, Aug 9, 2023, 6:16 PM GitLab wrote: > > > >> Unfortunately, your email message to GitLab could not be processed. > >> > >> We couldn't figure out what the email is for. Please create your issue or > >> comment through the web interface. > >> > > -- Elliotte Rusty Harold elh...@ibiblio.org - To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
Re: [Codec] clearing input byte array vs not
I tend to agree and that's how I would write a new API today, but this is what we have had for years. I am guessing the behavior came from the C implementation (FreeBSD). Mark, any further thoughts? We do not have a concensus atm. Gary On Sat, Aug 12, 2023, 4:09 PM Elliotte Rusty Harold wrote: > I still think the input byte array should not be cleared, period. > Clearing is a separate operation that should be performed by the > caller. > > On Sat, Aug 12, 2023 at 12:52 PM Gary Gregory > wrote: > > > > Coming back around to this now that Mark fixed the mailing list noise. > > > > Git master now documents the existing clearing behavior as suggested by > > Mark in https://lists.apache.org/thread/cyrpgsqx4lnjlsf3frqwfo5pvbmpcycr > > > > Next, is how to document or change Crypt.crypt(byte[], String): The > method > > clears the input byte array for all input types _except_ when calling > > UnixCrypt [1]. > > > > I could: > > (1) Document the inconsistency (right now, I left it unsaid) > > (2) Make UnixCrypt.crypt() clear its input password for consistency. > > > > WDYT? > > > > Gary > > > > On Wed, Aug 9, 2023, 6:24 PM Gary Gregory > wrote: > > > > > FYI, I created https://issues.apache.org/jira/browse/INFRA-24876 > > > > > > Gary > > > > > > On Wed, Aug 9, 2023, 6:16 PM GitLab wrote: > > > > > >> Unfortunately, your email message to GitLab could not be processed. > > >> > > >> We couldn't figure out what the email is for. Please create your > issue or > > >> comment through the web interface. > > >> > > > > > > > -- > Elliotte Rusty Harold > elh...@ibiblio.org > > - > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
