RFR: 8337517: Redacted Heap Dumps
David Holmes
dholmes at openjdk.org
Thu Aug 1 03:40:37 UTC 2024
On Wed, 31 Jul 2024 19:10:41 GMT, Henry Lin <duke at openjdk.org> wrote:
> Adds a command line option `-redact` to `jcmd`, `redact` to `jmap` and `-XX:+HeapDumpRedacted` enabling redacted heap dumps. When enabled, the output binary heap dump has zeroes written out in place of the original primitive values in the object fields. There is a new jtreg test `heapDumpRedactedTest.java` that tests that the fields are properly redacted.
I must be missing something in the approach. The vast majority of confidential data will be in strings yet you focus on primitives that would rarely (if ever for boolean float/double) contain anything that could be recognised as such.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/20409#issuecomment-2261898146
More information about the serviceability-dev
mailing list