Closed nahumcohen closed 5 years ago
What does this pull request do? Supply a new API that enables to clear the secret value from the memory for clients and within the API.
What background context can you provide? The existing API uses String that remains in memory and there’s no guarantee when it is cleared. This is a high security bug.
Where should the reviewer start? There is only one additional method and one additional unit test.
How should this be manually tested? Invoke the new API and check the secret in the server.
Closed by mistake.
Add an API addSecret with a byte array parameter and clean the byte array after use. This is required in order to get rid of the secret from the memory after use.