SupportFactory Documentation Bug

[commonsguy]

https://github.com/sqlcipher/android-database-sqlcipher#using-sqlcipher-for-android-with-room

The documentation here cites two constructors, and there are three:

• SupportFactory(byte[] passphrase)
• SupportFactory(byte[] passphrase, SQLiteDatabaseHook hook)
• SupportFactory(byte[] passphrase, SQLiteDatabaseHook hook, boolean clearPassphrase)

Also, we probably should explain more about what clearPassphrase does. If set to true (which is the default for the other two constructors), this will zero out the bytes of the byte[] after we open the database. This is safest from a security standpoint, but it does mean that the SupportFactory instance is a single-use object. Attempting to reuse the SupportFactory instance later will result in being unable to open the database, because the passphrase will be wrong. If you think that you might need to reuse the SupportFactory instance, pass false for clearPassphrase.

If you would like me to open a PR with these fixes, just let me know what branch to base it off of, and I'll happily do it!

[developernotes]

Hi @commonsguy

Yes, I agree it would be beneficial to clarify those usage points with the SupportFactory documentation. We would certainly welcome a pull request to make those adjustments! Please feel free to base that off the master branch for this scenario. Thanks!

[stale]

Hello, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may also label this issue as "bug", "enhancement", or "security" and I will leave it open. Thank you for your contributions.

[commonsguy]

Addressed in #489