On Mon, 5 Jan 2026 22:20:28 GMT, Weijun Wang <[email protected]> wrote:
> We should only print out `[WARNING: Input may be visible on screen]` when
> trying to read password from `System.in`. Don't print it if the password is
> read from a different URL.
src/java.base/share/classes/sun/security/util/Password.java line 68:
> 66: consoleBytes =
> ConsoleHolder.convertToBytes(consoleEntered);
> 67: in = new ByteArrayInputStream(consoleBytes);
> 68: } else if (in == System.in && System.in.available() == 0)
> {
The additional check looks good as we need to make sure the password is
actually read from user's standard input. Suggest to update the comment for
this.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29051#discussion_r2664508342
