dev@glassfish.java.net

Re: code review needed - new local authentication mechanism

From: Bill Shannon <bill.shannon_at_sun.com>
Date: Mon, 17 Aug 2009 16:43:54 -0700

Lloyd Chambers wrote on 08/17/09 16:14:
> Bill,
>
> A few comments—
>
> 1. Should SecureRandom be seeded with something? An invariant but
> machine-specific seed? I'm not sure, and I don't know what the default
> seed is or whether a default seed weakens it somehow.

I don't know either, that's one of the reasons I'm looking for reviewers!

> 2. Isn't there already a toHex() somewhere in common-util? Seems like a
shame to not put it into a shared place and/or use one we already have.

Find me one and I'll use it!

> 3. Just a weird minor flaw not peculiar to your code: postConstruct() can
be called by anything at any time, since it's public. So even a mistake is a
problem and could defeat the local password until the servew is restarted: the
code as written overwrites the in-memory password, which would then differ from
the one on disk. Probably this should be more defensive.

Ya, I wish PostConstruct was an annotation instead of an interface so
it could be private. I'll try to make the code more defensive.

> 4. What does XXX mean? Unresolved questions in the code are worrisome.

It's an old BSD Unix convention, similar to how people now use "TODO".
It's a warning, or something to come back to later.

If you have ideas about how to resolve any of those issues, let me know.
I think I know how to completely close the security hole, but I'm not
sure if it's worth the extra effort.