[RFR] 8205525 : Improve exception messages during manifest parsing of jar archives
Sean Mullan
sean.mullan at oracle.com
Mon Sep 10 14:24:29 UTC 2018
On 9/8/18 11:42 AM, Wang Weijun wrote:
> Thinking about this again. Looks like the absolute path is not necessary. Even if there are multiple files using the same name, they will be in different directories, no matter absolute or relative. Suppose the jarPath info is used for debugging purpose mostly like the developer can find out what the current working directory is and can find the files. *Matthias*: Is the absolute path really necessary? Are you working on actual case?
>
> As for the possible global effect of a security property, maybe we can emphasis that this is both a security property and system property, and if it’s just for one time use, it’s better to use a system property.
>
> BTW, does the existing value “hostInfo” of the property have a similar problem?
No. In that case, the sensitive data (IP address) is provided by the
caller, so there is no leakage of sensitive data from trusted code that
it is calling.
--Sean
More information about the security-dev
mailing list