Recent articles:
- Measuring client-side response time
- Java: A platform for platforms?
- OSJP: Java Caching System
- Jump into JavaFX, Part 1
- Spring Web Flow: A boon to JSF developers
Popular archives:
- Inheritance vs composition (1998)
- J2EE object caching frameworks (2004)
- XFire: Easy and simple Web services (2006)
Java: A platform for platforms
Sun's reorg may seem promising to shareholders but it's also a scramble for position. The question now is whether Sun can,
or wants to, maintain its hold on Java technology. Especially with enterprise leaders like SpringSource and RedHat investing
heavily in Java's future as a platform for platforms
Also see:
Discuss: Tim Bray on 'What Sun Should Do'
Sponsored Links
Can you securely read a password on the command line?
Securely reading a password from the command line in Java is difficult, but there are some (imperfect) solutions
- Feedback
- Discuss
I need to read passwords from the command line. Is there a way to easily read characters from the command line securely in
Java? Specifically, how do you echo * to the command line?
I've seen that question many times. Unfortunately, there does not appear to be a way to securely accept passwords on the command
line from within a Java program by simply using the supplied Java APIs. Let's look at why that is the case.
To read items in from the command line, we use the input stream System.in. If we dig into the code a bit, we see that the default System.in input stream is really just an InputStream. Digging into my implementation of Java (IBM 1.1.7), the true implementation type of that System.in is a FileInputStream. That input stream is set to read in from the source file descriptor FileDescriptor.in. However, FileDescriptor.in is initialized by natively defined code. It is left to the system to point the FileDescriptor.in at the standard input handle.
If we look at the API definition for FileInputStream, we see that the read method is natively defined. Typed data is not taken from the command line and made available from the
standard in file descriptor until the return button is pressed. Since we cannot grab a character as it is typed, there is
no way to intercept the character and echo a * to the command line. Instead, we can only grab complete lines.
That leaves us with few alternatives. Unfortunately, most of the solutions require us to dive into native code or employ a GUI frontend. Briefly, here are a few solutions:
About the author
Tony Sintes is a senior consultant at ObjectWave Corporation who specializes in telecommunications. Tony has worked with Java since 1997 and is a Sun-certified Java 1.1 programmer and Java 2 developer.- Forgo a command-line-based username/password interface. Instead, use a graphical frontend. Swing provides for protected text fields. Of course, that approach is useless if you plan to deploy on a terminal or another nongraphical environment.
- Forget writing that piece of your application in Java. Instead, write a process based on C or C++ that reads from the command line. Your Java application can talk to that process over the wire through sockets or some other protocol such as CORBA. There are some disadvantages to that approach: first, you must recompile the code for each deployment environment. Second, you'll need to encrypt the password since it may pass over the network.
- Write your own JNI command line reader and call it from your code, thus bypassing the input stream. Again, you'll need to recompile your library for each platform.
- If you feel really adventurous, you can always extend
FileInputStreamand provide your ownread()implementation.
- Feedback
Sponsored Links
About Us | Advertise | Contact Us | Terms of Service/Privacy
Copyright, 2006-2008 Network World, Inc. All rights reserved.