Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8208691

Tighten up jdk.includeInExceptions security property

    Details

    • Subcomponent:
    • Resolved In Build:
      b26
    • Verification:
      Verified

      Backports

        Description

        After further review, an additional test and wording improvement should be made to tighten up the definition of the new jdk.includeInExceptions security property:

        1. Add a test to check that the jdk.includeInExceptions security property is set to null or the empty String by default. This is mainly to protect against accidental pushes where the property is set to something.

        2. Add a stronger warning to the java.security file about the potential security risks of setting this property; for example:

        "NOTE: Use extra caution before setting this property. Setting this property exposes sensitive information in Exceptions, which could, for example, propagate to untrusted code or be emitted in stack traces that are inadvertently disclosed and made accessible over a public network."

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  mullan Sean Mullan
                  Reporter:
                  mullan Sean Mullan
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: