Re: RFR: 8368692: Restrict Password::readPassword from reading from System.in

Thu, 29 Jan 2026 13:39:22 -0800 

On Thu, 29 Jan 2026 16:08:15 GMT, Weijun Wang <[email protected]> wrote:

> A new security/system property added to determine whether Java can read 
> password from `System.in` if a console is not available.

src/java.base/share/classes/sun/security/util/Password.java line 75:

> 73:                 } else if (in == System.in && !ALLOW_STDIN) {
> 74:                     throw new UnsupportedOperationException("Console not 
> available." +
> 75:                             " Reading passwords from System.in is 
> disallowed.");

Although I understand the meaning of this error, it might be a bit cryptic to 
the user. Using the term "password input from non-interactive terminal" or 
something along the lines might be easier.

Anyway, this "else if" clause can be merged with the following "else if", as 
"in == System.in" is repeated.

src/java.base/share/conf/security/java.security line 1716:

> 1714: # This security property determines whether passwords can be read from 
> the
> 1715: # standard input stream when a console is not available. The value can 
> be
> 1716: # "true" or "false". The default value is "true". This default may 
> change in

Maybe better to mention the case where the property is set to neither `true` 
nor `false`

src/java.base/share/conf/security/java.security line 1729:

> 1727: # environment variable or a file.
> 1728: #
> 1729: #jdk.security.password.allowSystemIn = true

Should this be uncommented? Otherwise the default value is `null`

test/jdk/sun/security/tools/keytool/AllowSystemIn.java line 29:

> 27:  * @summary Restrict Password::readPassword from reading from System.in
> 28:  * @library /test/lib
> 29:  * @run main AllowSystemIn succeed

Adding tests to check the system property value (should either be `true` or 
`false`) would be helpful, as well as setting it to a bogus one.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743434622
PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743466889
PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743477998
PR Review Comment: https://git.openjdk.org/jdk/pull/29490#discussion_r2743501379

Reply via email to