RFR: 8354469: Keytool exposes the password in plain text when command is piped using | grep [v9]
Naoto Sato
naoto at openjdk.org
Fri Sep 26 20:40:19 UTC 2025
On Fri, 26 Sep 2025 19:17:36 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Allow password hiding even if there is no `System.console`. A manual test is included.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> update test on the new resource string
>
> only in patch2:
> unchanged:
test/jdk/sun/security/util/Resources/Usages.java line 143:
> 141: List.of(LOC_GETNONLOC, NEW_LOC)),
> 142: new Pair("java.base/share/classes/sun/security/util/Password.java",
> 143: List.of(MGR_GETSTRING)),
Needs a bug id in the test comment for this addition?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27196#discussion_r2383450528
More information about the security-dev
mailing list