RFR [11] 8207846: Generalize the jdk.net.includeInExceptions security property
Sean Mullan
sean.mullan at oracle.com
Mon Jul 23 15:58:41 UTC 2018
On 7/23/18 6:09 AM, Chris Hegarty wrote:
> After given this some more thought, I now think that I gave in to the
> comment to change whitespace handing too easy. While maybe not
> consistent, with the already inconsistent, whitespace handling in
> java.security, I think ( for this particular case ) the original - trim
> leading and trailing - is the right thing to do. It avoids your above
> scenario where someone accidentally adds a leading space, which could be
> difficult to debug/find without a warning - which we should avoid if
> possible.
Thanks for making that change.
> I’d like to re-propose the original webrev for consideration ( whitespace
> handling is the only change ):
>
> http://cr.openjdk.java.net/~chegar/8207846/webrev.00/
A few nits and wording suggestions in the java.security file:
"By default, several exception messages do not include potentially
sensitive information such as file names, host names, or port numbers."
I think the following sounds a bit better:
"By default, exception messages should not include potentially sensitive
information such as file names, host names, or port numbers."
Also, the 2nd and 3rd sentences basically say the same thing. I would
remove the 2nd sentence.
"The categories, to enable enhanced exception message information, are:"
I would remove ", to enable enhanced exception message information,"
since it seems redundant (and I believe is grammatically incorrect).
hostInfo - IOExceptions thrown by java.net.Socket and also the ...
Remove "also" (not really necessary).
--Sean
More information about the security-dev
mailing list