Adding SocketChannel toString to connection exception messages

[David Lloyd]

On Thu, Dec 21, 2017 at 6:35 PM, David Holmes <david.holmes at oracle.com> wrote:
> I believe there are concerns with too much information that can be
> considered "sensitive" (like host names and IP addresses) appearing in error
> messages due to them ending up in log files and bug reports.

I tend to agree here.  However - and this is a big "however" - while
this is a good policy for the JDK, higher-level applications and
libraries often do not have such concerns, since they can often more
accurately determine whether a piece of information is actually
sensitive; the JDK must simply assume that it is.  It should be
*possible* for libraries and applications to *add* this information.
Right now this is a very, very difficult task: there is an entire
hierarchy of exceptions, and there is no easy way to change the
message of an exception.  The only option is to wrap the exception
with another, more descriptive exception, which is not great for users
or for developers.

It would be nice if there were some way to set some supplementary
information on SocketException (or even IOException) after the
exception were constructed, which would be included in getMessage() if
set.  This would allow frameworks and applications to provide some
context without causing a security problem for the JDK.


-- 
- DML