tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: svn commit: r1847318 - in /tomcat/trunk: java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java webapps/docs/changelog.xml
Date Sat, 24 Nov 2018 16:32:44 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 11/23/18 16:55, Mark Thomas wrote:
> On 23/11/2018 21:18, schultz@apache.org wrote:
>> Author: schultz Date: Fri Nov 23 21:18:48 2018 New Revision:
>> 1847318
>> 
>> URL: http://svn.apache.org/viewvc?rev=1847318&view=rev Log: Fix
>> EncryptInterceptor to be thread-safe. Add multi-threaded unit
>> test.
> 
> Calling setProviderName() while the Interceptor is running may have
> some interesting side-effects. I'd recommend caching it during
> initInternal().

+1

> You can cache the result of cipher.getBlockSize() and then take 
> advantage of that to reduce the time the Cipher objects are out of
> the pool. For example, in decrypt you can then construct the IV
> before you obtain the cipher object. Likewise in encrypt you can
> reduce the time both the SecureRandom and Cipher are out of the
> pool.
> 
> There is a trade-off here between clarity of code and efficiency.
> I don't have any hard numbers to support my views (so they are
> probably wrong) but my instinct would always be to reduce the time
> the objects are out of the pool as much as practical.

+0

> I think the first point should be addressed. The remaining points
> are certainly debatable so feel free to follow your own instincts
> on those.

Thanks for the review. I'll make these changes today. I'd like 9.0.14
to have a usable implementation of this interceptor. Too bad 9.0.13
was a mess. Apologies to everybody for the misunderstanding about
multi-threaded message-delivery.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlv5fSwACgkQHPApP6U8
pFj2BA/5ASNDEpgLocbRh8Ufzg7x9/hsYkONtRaIqVk64AOAUEx4CxwA8KRdqh0Q
mTmrHAL+IhqYYH1A7dKxH2hJi+ojNnUcAvh+1vo4T1a46W5qE4R3HVk8swdN26Dg
5WgfvMj4UR0oHxBliO4ASbwmm2vk2OcKWLyRoQvb2G7yn3PavxzjJWgnA0rX7O1q
jATIjIzx1TIDxLWyadB39Rv7a7ElQI+jGX57FtAC2QzOVpmZ0mUw8q0B6B8AH2jL
QY+MsvsvfnVMzx2Xi8JXuf9/mf1ZiHvLb3E6ucEkaj1CFUgCIy4fsJF3NAZwfklU
YGEHYpqxPrrpRqw4JJUpLENEQ2dLtjcj0ujugsRTg9khzC/A4EIw6HfjhcLWihHB
YMxZlngphrj1QJf2GE0SP2X+DrciAwMXMRaIHiuvnUdMjXB9CDAN6RxZ7GQrkLwC
PNN7pR8MTodRLdAN6yY5IHeVD0Wti3y7XbaCJYkYw1o58awHfj2SN+WKS98PMGyJ
fk0w9q2Bg0Ry3MOo4iYoJh4ALWSANLH9UUGjrkEGSCHUA13h6QJysG3BU49YRqos
9/C4T5wQ1lUPKUcIy0uxC66t73up+u9tujCETHvNK6wZhdnoZjngm/23l4w735d7
8uTuysL4ASqHfX9UiCNx/zV7u6jTN+LO/OFCYTFJknxzTpjQysE=
=oxRb
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message