Lloyd Chambers wrote on 08/17/09 16:14:
> Bill,
>
> A few comments—
>
> 1. Should SecureRandom be seeded with something? An invariant but
> machine-specific seed? I'm not sure, and I don't know what the default
> seed is or whether a default seed weakens it somehow.
I don't know either, that's one of the reasons I'm looking for reviewers!
> 2. Isn't there already a toHex() somewhere in common-util? Seems like a
shame to not put it into a shared place and/or use one we already have.
Find me one and I'll use it!
> 3. Just a weird minor flaw not peculiar to your code: postConstruct() can
be called by anything at any time, since it's public. So even a mistake is a
problem and could defeat the local password until the servew is restarted: the
code as written overwrites the in-memory password, which would then differ from
the one on disk. Probably this should be more defensive.
Ya, I wish PostConstruct was an annotation instead of an interface so
it could be private. I'll try to make the code more defensive.
> 4. What does XXX mean? Unresolved questions in the code are worrisome.
It's an old BSD Unix convention, similar to how people now use "TODO".
It's a warning, or something to come back to later.
If you have ideas about how to resolve any of those issues, let me know.
I think I know how to completely close the security hole, but I'm not
sure if it's worth the extra effort.