On Fri, 30 May 2025 14:50:28 GMT, Michael McMahon <micha...@openjdk.org> wrote:
>> src/java.base/share/conf/security/java.security line 1282: >> >>> 1280: # Exception messages may include potentially sensitive information >>> such as file >>> 1281: # names, host names, or port numbers. By default, socket related >>> exceptions >>> 1282: # have this information restricted (meaning the sensitive details are >>> removed). >> >> I found the "By default ..." sentence a little confusing, since other >> categories are also restricted by default. My initial thought is to just >> remove this sentence, as reading further will make it more clear that the >> hostInfoExclSocket category is the only one that is not restricted by >> default. Alternatively, you could flip the meaning of this sentence and say >> which exceptions are **not** restricted by default. > > Fair point. I think we can make this clearer with a small addition. I propose > to add the following sentence after the one starting "By default ..." > > # Exception messages relating to Jar files and exceptions containing user > # identity information are also restricted by default. I would change "Jar" to "JAR" as I think that is the more common form and used in other places in this file. Looks fine otherwise. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23929#discussion_r2116314192
