On Thu, 17 Jun 2021 17:21:04 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> More loudly and precise warning messages when a security manager is either >> enabled at startup or installed at runtime. >> >> This is new PR for the `openjdk/jdk17` repo copied from >> https://github.com/openjdk/jdk/pull/4400. A new commit is added. > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > verbose warning message test and renaming in System.java Hello Sean, Weijung, >From what I have known, the Java/JDK code has always taken extra precaution >when it comes to printing out potentially sensitive details like IP addresses >and paths to file, like jar files in the log messages or exception >stacktraces. In fact, one of the annoying things about some of the error >messages that the JarFile API throws is that it doesn't even print out the jar >file name, let alone the full path of the jar file which ran into issues. At >least that was the case, unless that has changed in recent times. Furthermore, >as you will surely know, to print out these details there's an security >property which needs to be explicitly enabled ("jdk.includeInExceptions") with >the right values. Given all that, do you think that we should be printing the jar file paths in this WARNING message by default? I read the linked CSR, but I didn't see why the location of the jar or the name of the jar would be useful in this warning message. As long as the caller class (and perhaps the caller method) is printed, I think that should be enough of a summary on what's triggering this warning. ------------- PR: https://git.openjdk.java.net/jdk17/pull/13
