[RFR] 8205525 : Improve exception messages during manifest parsing of jar archives

Sean Mullan sean.mullan at oracle.com
Mon Sep 10 14:24:29 UTC 2018

On 9/8/18 11:42 AM, Wang Weijun wrote:
> Thinking about this again. Looks like the absolute path is not necessary. Even if there are multiple files using the same name, they will be in different directories, no matter absolute or relative. Suppose the jarPath info is used for debugging purpose mostly like the developer can find out what the current working directory is and can find the files. *Matthias*: Is the absolute path really necessary? Are you working on actual case?
> As for the possible global effect of a security property, maybe we can emphasis that this is both a security property and system property, and if it’s just for one time use, it’s better to use a system property.
> BTW, does the existing value “hostInfo” of the property have a similar problem?

No. In that case, the sensitive data (IP address) is provided by the 
caller, so there is no leakage of sensitive data from trusted code that 
it is calling.


More information about the core-libs-dev mailing list