RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep [v10]
Weijun Wang
weijun at openjdk.org
Mon Oct 6 15:27:32 UTC 2025
On Mon, 6 Oct 2025 14:51:13 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> update bug list in test
>
> test/jdk/sun/security/tools/keytool/EchoPassword.java line 1:
>
>> 1: /*
>
> In this test, where are you verifying that a warning is shown when the input is echoed?
As I mentioned in the comment, an IDE Run Window or in JShell is the only case I know now that the input is echoed on screen. This test will not cover those cases.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27196#discussion_r2406995465
More information about the client-libs-dev
mailing list