[11] RFR: 8208691: Tighten up jdk.includeInExceptions security property
Roger Riggs
roger.riggs at oracle.com
Tue Aug 7 14:13:20 UTC 2018
+1
On 8/7/18 9:09 AM, Sean Mullan wrote:
> On 8/7/18 3:09 AM, Alan Bateman wrote:
>> On 06/08/2018 20:23, Sean Mullan wrote:
>>> After further evaluation of the new jdk.includeInExceptions security
>>> property originally introduced in JDK-8204233 [1] and further
>>> generalized in JDK-8207846 [2], I felt that a stronger warning
>>> should be added to the description of the property alerting the user
>>> to the potential risks of setting the property. I also added a test
>>> to ensure that the property was not accidentally turned on by
>>> default (mainly to catch accidental pushes where the property was
>>> left on as part of testing, etc).
>>>
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8208691/webrev.00/
>> I think it would simpler and read a bit better to just say "Use
>> caution before ...", meaning drop "NOTE" and "extra". The rest of the
>> text is okay. The additional test looks okay too.
>
> I'll remove "extra" but I'd prefer to keep "NOTE" to draw attention to
> it.
>
> --Sean
More information about the security-dev
mailing list