search

kosprov / jargon2-api

Fluent Java API for Argon2 password hashing
Apache License 2.0
65 stars 5 forks source link

Serialization and resource leak warnings #6

Open boughtonp opened 4 years ago

boughtonp commented 4 years ago

Eclipse is reporting a bunch of serialization and resource leak warnings.

There are 7 instances of "The serializable class [classname] does not declare a static final serialVersionUID field of type long" across various classes.

There are also 38 instances of "Resource leak: [something] is never closed" (all in ByteArrayImplTest.java)

Should these be resolved, or ignored with @SuppressWarnings("serial") and @SuppressWarnings("resource") ?

xplatform-dev commented 4 years ago

None of the classes implement Serializable. None of these classes should have their objects written to the disk. If you were to write a HasherImpl object to the disk, you would defeat the purpose of hashing the algorithm and may as well just store the password in plain text. Configure your IDE to ignore this - most real world applications don't use serialization anyways, they'll use databases.

The streams that are not being closed are because they are being passed as arguments. If you close that stream, you will have a hard time reinstating it. Example below.

Scanner kb = new Scanner(System.in);
foo(kb);
System.out.println(kb.nextLine());
...
void foo(Scanner s) { s.close(); }