Menu
▾
▴
[Sblim-issues] [ sblim-Bugs-1362783 ] PasswordCredential.getUserPassword expose char[] reference
|
From: SourceForge.net <no...@so...> - 2005-11-22 12:15:59
|
Bugs item #1362783, was opened at 2005-11-21 14:35 Message generated for change (Comment added) made by fiuczy You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=712784&aid=1362783&group_id=128809 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Java Client Group: Security >Status: Pending >Resolution: Fixed Priority: 5 Submitted By: Hendrik Brueckner (hbruckner) Assigned to: Boris Fiuczynski (fiuczy) Summary: PasswordCredential.getUserPassword expose char[] reference Initial Comment: Class org.sblim.wbem.client.PasswordCredential The getUserPassword() method exposes the password char[] reference to the caller code. The caller code can modify the password externally and this modification affects also the stored password of the PasswordCredential. The getUserPassword() method has to return a 'cloned' version of the stored password, e.g.: --- public char[] getUserPassword() { char[] res = null; if( this.password != null ){ res = new char[ this.password.length ]; System.arraycopy( password, 0, res, 0, password.length ); } return password; } --- ---------------------------------------------------------------------- >Comment By: Boris Fiuczynski (fiuczy) Date: 2005-11-22 13:15 Message: Logged In: YES user_id=1334328 Cloned password is now returned. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=712784&aid=1362783&group_id=128809 |