RFR [11] 8207846: Generalize the jdk.net.includeInExceptions security property

Sean Mullan sean.mullan at oracle.com
Mon Jul 23 15:58:41 UTC 2018


On 7/23/18 6:09 AM, Chris Hegarty wrote:

> After given this some more thought, I now think that I gave in to the
> comment to change whitespace handing too easy. While maybe not
> consistent, with the already inconsistent, whitespace handling in
> java.security, I think ( for this particular case ) the original - trim
> leading and trailing - is the right thing to do. It avoids your above
> scenario where someone accidentally adds a leading space, which could be
> difficult to debug/find without a warning - which we should avoid if
> possible.

Thanks for making that change.

> I’d like to re-propose the original webrev for consideration ( whitespace
> handling is the only change ):
> 
>    http://cr.openjdk.java.net/~chegar/8207846/webrev.00/

A few nits and wording suggestions in the java.security file:

"By default, several exception messages do not include potentially 
sensitive information such as file names, host names, or port numbers."

I think the following sounds a bit better:

"By default, exception messages should not include potentially sensitive
information such as file names, host names, or port numbers."

Also, the 2nd and 3rd sentences basically say the same thing. I would 
remove the 2nd sentence.

"The categories, to enable enhanced exception message information, are:"

I would remove ", to enable enhanced exception message information," 
since it seems redundant (and I believe is grammatically incorrect).

hostInfo - IOExceptions thrown by java.net.Socket and also the ...

Remove "also" (not really necessary).

--Sean



More information about the security-dev mailing list