java.io.Console (was: Is SharedSecrets thread-safe?)
Alan Bateman
Alan.Bateman at oracle.com
Tue Jan 5 07:28:43 UTC 2021
On 04/01/2021 23:09, Johannes Kuhn wrote:
> This brings up some stuff I wanted to mention for some time:
>
> * Console.cs is one of the fields projects like JRuby hack into (at
> least in the past). My guess is that they handle encodings in Ruby,
> and not using the Java facilities for that.
>
> The fact that it is also exported as shared secret for some unrelated
> stuff (sun.security.util) shows that there might be a need for a
> supported, public API.
This was discussed here at length in 2016 but there wasn't agreement to
expose an API at the time. At issue is that Console is an API for
reading Strings and char[], not bytes. Maybe it needs to be looked at
again but we should minimally change the security password code to use
the internal property so that this shared secret can be removed.
-Alan.
More information about the core-libs-dev
mailing list