[RFR] 8205525 : Improve exception messages during manifest parsing of jar archives
Weijun Wang
weijun.wang at oracle.com
Mon Sep 10 14:57:15 UTC 2018
> On Sep 10, 2018, at 10:46 PM, Langer, Christoph <christoph.langer at sap.com> wrote:
>
> Hi Sean, Max,
>
> do you think we need property jdk.includeInExceptions=jar<File/Path> at all, if we don't resolve the absolute path?
I think so. File path is still sensitive.
In fact, I tend to believe people usually use absolute paths for JAR files (or maybe made absolute by using a file:// URL somewhere inside JDK). Do you really see relative jar paths while testing this code change?
>
> @Matthias:
> small remark to the code:
> src/java.base/share/classes/sun/security/util/SecurityProperties.java
> 36 public static String privilegeGetOverridable(String propName) {
>
> Should that method really be public? At the moment it doesn't seem to be used outside of SecurityProperties.
I like it to be public. There are quite some other such system/security properties (Ex: jdk.serialFilter) that can make use of this method.
Thanks
Max
>
> Best regards
> Christoph
More information about the security-dev
mailing list