RFR: 8348986: Improve coverage of enhanced exception messages [v16]
Sean Mullan
mullan at openjdk.org
Fri May 30 17:35:54 UTC 2025
On Fri, 30 May 2025 14:50:28 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
>> src/java.base/share/conf/security/java.security line 1282:
>>
>>> 1280: # Exception messages may include potentially sensitive information such as file
>>> 1281: # names, host names, or port numbers. By default, socket related exceptions
>>> 1282: # have this information restricted (meaning the sensitive details are removed).
>>
>> I found the "By default ..." sentence a little confusing, since other categories are also restricted by default. My initial thought is to just remove this sentence, as reading further will make it more clear that the hostInfoExclSocket category is the only one that is not restricted by default. Alternatively, you could flip the meaning of this sentence and say which exceptions are **not** restricted by default.
>
> Fair point. I think we can make this clearer with a small addition. I propose to add the following sentence after the one starting "By default ..."
>
> # Exception messages relating to Jar files and exceptions containing user
> # identity information are also restricted by default.
I would change "Jar" to "JAR" as I think that is the more common form and used in other places in this file. Looks fine otherwise.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r2116314192
More information about the net-dev
mailing list