Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-1036

Cleanup passwords in memory?

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 3.0.0, 2.8.0
    • Component/s: security
    • Labels:
    • Sprint:
      Sprint 13

      Description

      At least some methods in CryptPasswordStorageScheme try to cleanup memory of plaintext/crypted passwords and cipher material, which is IMHO a good thing. However, I think they do it in a more or less unreliable way (no cleanup, if an exception occures) and using Strings - since they are immutable one can't clean them up (just hope, that GC collects them in time), so IMHO wrt. crypto stuff, byte arrays should be used everywhere and one should not rely on called methods to cleanup passed params (sounds odd anyway).

      So it might be good idea, to review all passwd related stuff and adjust it accordingly. Perhaps http://src.iws.cs.ovgu.de/source/xref/forgerock/opendj2-jel/src/server/org/opends/server/extensions/CryptPasswordStorageScheme.java#sunmd5CryptPasswordMatches etc. could be a pattern to use.

        Attachments

          Activity

            People

            • Assignee:
              cjr Chris Ridd
              Reporter:
              jelmd Jens Elkner [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: