Hello, after latest comments from Alan and Jaikiran I created a new webrev :
http://cr.openjdk.java.net/~mbaesken/webrevs/8205525.2/ The jar file path is now printed in case jdk.includeInExceptions contains jarpath (this approach is "borrowed" from the enhanced socket exceptions ) . The line number is always printed . Best regards, Matthias > -----Original Message----- > From: Baesken, Matthias > Sent: Dienstag, 10. Juli 2018 11:53 > To: 'Alan Bateman' <alan.bate...@oracle.com>; core-libs- > d...@openjdk.java.net; 'jai.forums2...@gmail.com' > <jai.forums2...@gmail.com> > Cc: Lindenmaier, Goetz <goetz.lindenma...@sap.com> > Subject: RE: [RFR] 8205525 : Improve exception messages during manifest > parsing of jar archives > > Hi Alan, thanks for commenting on this . > > Jaikiran mentioned that printing just the jar file name and not file with > path might be okay : > > > I am not a reviewer and neither do I have enough knowledge about > whether > > jar/file _names_ are considered security sensitive. However, the patch > > that's proposed for this change, prints the file _path_ (and not just > > the name). That I believe is security sensitive. > > What do you think ? > > Best regards, Matthias > > > > -----Original Message----- > > From: Alan Bateman [mailto:alan.bate...@oracle.com] > > Sent: Sonntag, 8. Juli 2018 09:36 > > To: Baesken, Matthias <matthias.baes...@sap.com>; core-libs- > > d...@openjdk.java.net > > Cc: Lindenmaier, Goetz <goetz.lindenma...@sap.com> > > Subject: Re: [RFR] 8205525 : Improve exception messages during manifest > > parsing of jar archives > > > > On 06/07/2018 13:44, Baesken, Matthias wrote: > > > Hi Alan ,so it looks like JDK-8204233 added a switch (system > > > property) > to > > enable the enhanced socket IOException messages . > > > > > > That would be an option as well for 8205525 . > > Yes, it's documented in conf/security/java.security and something > > equivalent could be done here. The giveaway in your original patch is > > that it needed a privileged block to create the exception message. > > > > > > > > 8205525 adds the jar file name and the line number info to the > > exception message . > > > > > > In case that only the jar file name would be considered sensitive , I > would > > prefer to just output the line number (and omit the system property ). > > > > > That should be okay (I can't think of any concerns). > > > > -Alan
