On Thu, 29 May 2025 14:35:11 GMT, Michael McMahon <micha...@openjdk.org> wrote:

>> Hi,
>> 
>> Enhanced exception messages are designed to hide sensitive information such 
>> as hostnames, IP 
>> addresses from exception message strings, unless the enhanced mode for the 
>> specific category 
>> has been explicitly enabled. Enhanced exceptions were first introduced in 
>> 8204233 in JDK 11 and 
>> updated in 8207846.
>> 
>> This PR aims to increase the coverage of enhanced exception messages in the 
>> networking code.
>> A limited number of exceptions are already hidden (restricted) by default. 
>> The new categories and 
>> exceptions in this PR will be restricted on an opt-in basis, ie. the default 
>> mode will be enhanced
>> (while preserving the existing behavior).
>> 
>> The mechanism is controlled by the security/system property 
>> "jdk.includeInExceptions" which takes as value
>> a comma separated list of category names, which identify groups of 
>> exceptions where the exception
>> message may be enhanced. Any category not listed is "restricted" which means 
>> that potentially
>> sensitive information (such as hostnames, IP addresses, user identities) are 
>> excluded from the message text.
>> 
>> The changes to the java.security conf file describe the exact changes in 
>> terms of the categories now
>> supported and any changes in behavior.
>> 
>> Thanks,
>> Michael
>
> Michael McMahon has updated the pull request incrementally with one 
> additional commit since the last revision:
> 
>   Additional callsites identified by Mark S.

Thanks for the suggestions. I have committed all of them except for two. One, I 
will modify in another way.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/23929#issuecomment-2921687319

Reply via email to