[11] RFR: 8208691: Tighten up jdk.includeInExceptions security property

Roger Riggs roger.riggs at oracle.com
Tue Aug 7 14:13:20 UTC 2018


+1

On 8/7/18 9:09 AM, Sean Mullan wrote:
> On 8/7/18 3:09 AM, Alan Bateman wrote:
>> On 06/08/2018 20:23, Sean Mullan wrote:
>>> After further evaluation of the new jdk.includeInExceptions security 
>>> property originally introduced in JDK-8204233 [1] and further 
>>> generalized in JDK-8207846 [2], I felt that a stronger warning 
>>> should be added to the description of the property alerting the user 
>>> to the potential risks of setting the property. I also added a test 
>>> to ensure that the property was not accidentally turned on by 
>>> default (mainly to catch accidental pushes where the property was 
>>> left on as part of testing, etc).
>>>
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8208691/webrev.00/
>> I think it would simpler and read a bit better to just say "Use 
>> caution before ...", meaning drop "NOTE" and "extra". The rest of the 
>> text is okay. The additional test looks okay too.
>
> I'll remove "extra" but I'd prefer to keep "NOTE" to draw attention to 
> it.
>
> --Sean




More information about the security-dev mailing list