On Fri, 10 Jun 2022 13:15:11 GMT, Alan Bateman <al...@openjdk.org> wrote:
> We have to be cautious about leaking security sensitive configuration in
> exception messages. Can you look at the security property
> jdk.includeInException (conf/security/java.security) and usages in the JDK
> for ideas on how this might be implemented as opt-in?
Hi Alan , sure we could use something like the already existing hostInfo of
property jdk.includeInException
private static final boolean enhancedExceptionText =
SecurityProperties.includedInExceptions("hostInfo");
and make the enhancement optional/switchable this way.
On the other hand we already print the url (_**Cannot parse url:
ldap://ad_jbs.ttt.net:389/xyz**_ ) in the existing exception text so I wonder
what additional problem the added info would bring? That's why I did not use
the property so far.
But if you think there could be special cases were it would be problematic to
have the enhancement, I'll add the usage of the property.
-------------
PR: https://git.openjdk.org/jdk/pull/9126
