[RFR] 8205525 : Improve exception messages during manifest parsing of jar archives
Jaikiran Pai
jai.forums2013 at gmail.com
Sat Jul 7 13:35:11 UTC 2018
Hi Matthias,
I am not a reviewer and neither do I have enough knowledge about whether
jar/file _names_ are considered security sensitive. However, the patch
that's proposed for this change, prints the file _path_ (and not just
the name). That I believe is security sensitive.
-Jaikiran
On 06/07/18 6:14 PM, Baesken, Matthias wrote:
> Hi Alan ,so it looks like JDK-8204233 added a switch (system property)
> to enable the enhanced socket IOException messages . That would be an
> option as well for 8205525 . 8205525 adds the jar file name and the
> line number info to the exception message . In case that only the jar
> file name would be considered sensitive , I would prefer to just
> output the line number (and omit the system property ). What do you
> think ? Best regards, Matthias
>> -----Original Message----- From: Alan Bateman
>> [mailto:Alan.Bateman at oracle.com] Sent: Montag, 25. Juni 2018 16:52
>> To: Baesken, Matthias <matthias.baesken at sap.com>; core-libs-
>> dev at openjdk.java.net Cc: Lindenmaier, Goetz
>> <goetz.lindenmaier at sap.com> Subject: Re: [RFR] 8205525 : Improve
>> exception messages during manifest parsing of jar archives On
>> 25/06/2018 15:29, Baesken, Matthias wrote:
>>> Hi, do you consider both the file name and line number as sensitive ?
>>>> There was a similar discussion on net-dev recently related to
>>>> leaking host names in exceptions. Something similar may be needed here
>>> Do you know the outcome of this discussion ?
>> All the details are in JDK-8204233 and the associated CSR. -Alan
More information about the core-libs-dev
mailing list