[ http://nagoya.apache.org/jira/browse/GERONIMO-478?page=comments#action_56397 ]
Hiram Chirino commented on GERONIMO-478: ----------------------------------------
The password hiding strategy that the patch uses is not very optimal since it is continously updating the screen to overwrite the typed password. Over a slow ssh connection this "feature" might not be so good.
Another approach might be to used something like http://jline.sourceforge.net/#reading_password We site says that jline is lgpl but http://web1.2020media.com/j/jez/javanicuscom/blog2/items/162-index.html seems to indicate that it has recently relicensed as BSD.
I agree with Hiram here that the overwrite the text approach is going to be problematic. JLine's approach of using platform specific code seems a better way to go.
I would suggest looking at a JAAS based mechanism where people can plug the credential gathering mechanism (e.g. to use a popup dialog, platform specific console control, local certificate store, ...)
-- Jeremy
