On 7/12/2016 22:34, Pavel Rappo wrote:
What's the difference between no security buffer and an empty one (from the com.sun.security.ntlm.Client#type3's perspective)?
I quickly browse through the NTLM protocol and yes they look like the same in each case. (Except for one which I am not sure, is there any difference between no domain and empty domain?) In all cases where a security buffer is optional, there is a flag we can rely on, and no need to look at whether the offset of the security buffer is zero.
So it does look safer to return a new byte[0] right inside readSecurityBuffer(int offset) when the offset is zero.
Thanks Max
On 12 Jul 2016, at 15:25, Wang Weijun <weijun.w...@oracle.com> wrote: When there is no offset, there is no security buffer at all. When the length is zero, the security buffer is an empty byte array.
