RFR  8207846: Generalize the jdk.net.includeInExceptions security property
chris.hegarty at oracle.com
Mon Jul 23 16:10:33 UTC 2018
Thanks for the review Sean,
> On 23 Jul 2018, at 16:58, Sean Mullan <sean.mullan at oracle.com> wrote:
> A few nits and wording suggestions in the java.security file:
> "By default, several exception messages do not include potentially sensitive information such as file names, host names, or port numbers."
> I think the following sounds a bit better:
> "By default, exception messages should not include potentially sensitive
> information such as file names, host names, or port numbers."
> Also, the 2nd and 3rd sentences basically say the same thing. I would remove the 2nd sentence.
> "The categories, to enable enhanced exception message information, are:"
> I would remove ", to enable enhanced exception message information," since it seems redundant (and I believe is grammatically incorrect).
> hostInfo - IOExceptions thrown by java.net.Socket and also the ...
> Remove "also" (not really necessary).
Agreed. Here’s where this ended up.
# Enhanced exception message information
# By default, exception messages should not include potentially sensitive
# information such as file names, host names, or port numbers. This property
# accepts one or more comma separated values, each of which represents a
# category of enhanced exception message information to enable. Values are
# case-insensitive. Leading and trailing whitespaces, surrounding each value,
# are ignored. Unknown values are ignored.
# The categories are:
# hostInfo - IOExceptions thrown by java.net.Socket and the socket types in the
# java.nio.channels package will contain enhanced exception
# message information
# The property setting in this file can be overridden by a system property of
# the same name, with the same syntax and possible values.
More information about the core-libs-dev