Adding SocketChannel toString to connection exception messages (original) (raw)

Remi Forax forax at univ-mlv.fr
Fri Dec 22 15:44:07 UTC 2017

Hi David, you can "abuse" of the suppressed exception feature for that, i.e add a CommentException as suppressed exception to the SocketException with no stacktrace and a descriptive error message.

Rémi

----- Mail original -----

De: "David Lloyd" <david.lloyd at redhat.com> À: "David Holmes" <david.holmes at oracle.com> Cc: "core-libs-dev" <core-libs-dev at openjdk.java.net> Envoyé: Vendredi 22 Décembre 2017 16:22:41 Objet: Re: Adding SocketChannel toString to connection exception messages

On Thu, Dec 21, 2017 at 6:35 PM, David Holmes <david.holmes at oracle.com> wrote:

I believe there are concerns with too much information that can be considered "sensitive" (like host names and IP addresses) appearing in error messages due to them ending up in log files and bug reports. I tend to agree here. However - and this is a big "however" - while this is a good policy for the JDK, higher-level applications and libraries often do not have such concerns, since they can often more accurately determine whether a piece of information is actually sensitive; the JDK must simply assume that it is. It should be possible for libraries and applications to add this information. Right now this is a very, very difficult task: there is an entire hierarchy of exceptions, and there is no easy way to change the message of an exception. The only option is to wrap the exception with another, more descriptive exception, which is not great for users or for developers. It would be nice if there were some way to set some supplementary information on SocketException (or even IOException) after the exception were constructed, which would be included in getMessage() if set. This would allow frameworks and applications to provide some context without causing a security problem for the JDK.

-- - DML

More information about the core-libs-dev mailing list