Adding SocketChannel toString to connection exception messages (original) (raw)
David Lloyd david.lloyd at redhat.com
Fri Dec 22 15:22:41 UTC 2017
- Previous message: Adding SocketChannel toString to connection exception messages
- Next message: Adding SocketChannel toString to connection exception messages
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Dec 21, 2017 at 6:35 PM, David Holmes <david.holmes at oracle.com> wrote:
I believe there are concerns with too much information that can be considered "sensitive" (like host names and IP addresses) appearing in error messages due to them ending up in log files and bug reports.
I tend to agree here. However - and this is a big "however" - while this is a good policy for the JDK, higher-level applications and libraries often do not have such concerns, since they can often more accurately determine whether a piece of information is actually sensitive; the JDK must simply assume that it is. It should be possible for libraries and applications to add this information. Right now this is a very, very difficult task: there is an entire hierarchy of exceptions, and there is no easy way to change the message of an exception. The only option is to wrap the exception with another, more descriptive exception, which is not great for users or for developers.
It would be nice if there were some way to set some supplementary information on SocketException (or even IOException) after the exception were constructed, which would be included in getMessage() if set. This would allow frameworks and applications to provide some context without causing a security problem for the JDK.
--
- DML
- Previous message: Adding SocketChannel toString to connection exception messages
- Next message: Adding SocketChannel toString to connection exception messages
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]