RFR [11] 8207846: Generalize the jdk.net.includeInExceptions security property

Chris Hegarty chris.hegarty at oracle.com
Mon Jul 23 16:10:33 UTC 2018


Thanks for the review Sean,

> On 23 Jul 2018, at 16:58, Sean Mullan <sean.mullan at oracle.com> wrote:
> ...
>>   http://cr.openjdk.java.net/~chegar/8207846/webrev.00/
> 
> A few nits and wording suggestions in the java.security file:
> 
> "By default, several exception messages do not include potentially sensitive information such as file names, host names, or port numbers."
> 
> I think the following sounds a bit better:
> 
> "By default, exception messages should not include potentially sensitive
> information such as file names, host names, or port numbers."
> 
> Also, the 2nd and 3rd sentences basically say the same thing. I would remove the 2nd sentence.
> 
> "The categories, to enable enhanced exception message information, are:"
> 
> I would remove ", to enable enhanced exception message information," since it seems redundant (and I believe is grammatically incorrect).
> 
> hostInfo - IOExceptions thrown by java.net.Socket and also the ...
> 
> Remove "also" (not really necessary).

Agreed. Here’s where this ended up.

#
# Enhanced exception message information
#
# By default, exception messages should not include potentially sensitive
# information such as file names, host names, or port numbers. This property
# accepts one or more comma separated values, each of which represents a
# category of enhanced exception message information to enable. Values are
# case-insensitive. Leading and trailing whitespaces, surrounding each value,
# are ignored. Unknown values are ignored.
#
# The categories are:
#
#  hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the
#             java.nio.channels package will contain enhanced exception
#             message information
#
# The property setting in this file can be overridden by a system property of
# the same name, with the same syntax and possible values.
#
#jdk.includeInExceptions=hostInfo

-Chris




More information about the security-dev mailing list