RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep [v3]
Weijun Wang
weijun at openjdk.org
Wed Apr 23 15:50:59 UTC 2025
> Add more description on password handling into the keytool man page. A link to the man page is now added to the keytool help screen.
>
> When keytool output is redirected into a file or file, a warning is shown:
>
> $ keytool -genkeypair | type
>
> Warning: password will be echoed because output is redirected.
> Enter keystore password: password
> Warning: password will be echoed because output is redirected.
> Re-enter new password:
>
>
> A new manual test is added.
>
> Sorry we cannot suppress password echoing in this case at the moment because `System.console()` is not available.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
modify the test to use hyperlinks
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/24805/files
- new: https://git.openjdk.org/jdk/pull/24805/files/89ccc41d..5e0ddfc1
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=02
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=01-02
Stats: 92 lines in 2 files changed: 25 ins; 22 del; 45 mod
Patch: https://git.openjdk.org/jdk/pull/24805.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/24805/head:pull/24805
PR: https://git.openjdk.org/jdk/pull/24805
More information about the security-dev
mailing list