RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep [v4]
Weijun Wang
weijun at openjdk.org
Wed Apr 23 16:53:28 UTC 2025
> Add more description on password handling into the keytool man page. A link to the man page is now added to the keytool help screen.
>
> When keytool output is redirected into a file or file, a warning is shown:
>
> $ keytool -genkeypair | type
>
> Warning: password will be echoed because output is redirected.
> Enter keystore password: password
> Warning: password will be echoed because output is redirected.
> Re-enter new password:
>
>
> A new manual test is added.
>
> Sorry we cannot suppress password echoing in this case at the moment because `System.console()` is not available.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
no more wildcard imports
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/24805/files
- new: https://git.openjdk.org/jdk/pull/24805/files/5e0ddfc1..8677312e
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=24805&range=02-03
Stats: 3 lines in 1 file changed: 1 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/24805.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/24805/head:pull/24805
PR: https://git.openjdk.org/jdk/pull/24805
More information about the security-dev
mailing list