Hi Matthias,
I am not a reviewer and neither do I have enough knowledge about whether
jar/file _names_ are considered security sensitive. However, the patch
that's proposed for this change, prints the file _path_ (and not just
the name). That I believe is security sensitive.
-Jaikiran
On 06/07/18 6:14 PM, Baesken, Matthias wrote:
Hi Alan ,so it looks like JDK-8204233 added a switch (system property)
to enable the enhanced socket IOException messages . That would be an
option as well for 8205525 . 8205525 adds the jar file name and the
line number info to the exception message . In case that only the jar
file name would be considered sensitive , I would prefer to just
output the line number (and omit the system property ). What do you
think ? Best regards, Matthias
-----Original Message----- From: Alan Bateman
[mailto:alan.bate...@oracle.com] Sent: Montag, 25. Juni 2018 16:52
To: Baesken, Matthias <matthias.baes...@sap.com>; core-libs-
d...@openjdk.java.net Cc: Lindenmaier, Goetz
<goetz.lindenma...@sap.com> Subject: Re: [RFR] 8205525 : Improve
exception messages during manifest parsing of jar archives On
25/06/2018 15:29, Baesken, Matthias wrote:
Hi, do you consider both the file name and line number as sensitive ?
There was a similar discussion on net-dev recently related to
leaking host names in exceptions. Something similar may be needed here
Do you know the outcome of this discussion ?
All the details are in JDK-8204233 and the associated CSR. -Alan