Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Diese E-Mail ist vertraulich. Falls Sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.
This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.
--
You received this message because you are subscribed to the Google Groups "platform-architecture-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to platform-architect...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/platform-architecture-dev/CAHTsK6Ut-N_nsTEjR%3DdZRHO7AHW5fsoAd%2BU7stBu5eE5%3DipLEA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/platform-architecture-dev/CAFSTc_geBTpJPVPunEmXOu4OrBLsjum6vQXWLJPxdmcz%2BcMZaw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/platform-architecture-dev/CABg10jxS-%2B--eVuSY2x_twSq0NWr06do9ax0Cw3dRiXhvW5MMQ%40mail.gmail.com.
try {NativeIO.ThrowWithUnsanitizedMessage();} catch (e) {// Nicely handle an error, e.g. show an error dialog to users, etc.// => |e| won't be printed on the console.}
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/platform-architecture-dev/CAOaYce70YhWDSwMVPowS1c1Qe8oenRTHcBnKiSNpzEarw8%3DsGQ%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/platform-architecture-dev/CAN0uC_RtVa5z6PVYnXEF%2BNWSnJBi_RNy_NS5vWHaKvqheuJ6EQ%40mail.gmail.com.
How sensitive are these information?
@yukishiino: Unsanitized messages are intended mostly for local debugging since they expose information that is somewhat sensitive. Even if most exceptions are caught by a well-written program eventually, this can be changed for local debugging (by printing some exceptions selectively), which makes it possible to see information that is not exposed otherwise.
I agree that a full-fledged integration of our API into DevTools may provide a better experience for developers, but this comes with very significant development costs. Feedback from early adopters indicates that receiving messages to the console is enough to significantly improve their experience.
A concrete use case is a developer using NativeIO opening many files and eventually failing. This could be caused by insufficient memory, or too many open files for the process. Both are platform-specific, so we want to exercise caution when exposing them. On the other hand, the actual error gives important information to the developer. I believe that unsanitized messages are a good trade-off for this problem.
@yhirano : Extending what pwnall@ said, I believe there is a difference between revealing something directly to the web and revealing it only after an attacker has performed a deliberate attack. In particular, I believe that fingerprinting efforts would be strongly disincentivized when requiring a deliberate attack.
Best,
Richard
@yukishiino: Unsanitized messages are intended mostly for local debugging since they expose information that is somewhat sensitive. Even if most exceptions are caught by a well-written program eventually, this can be changed for local debugging (by printing some exceptions selectively), which makes it possible to see information that is not exposed otherwise.
I agree that a full-fledged integration of our API into DevTools may provide a better experience for developers, but this comes with very significant development costs. Feedback from early adopters indicates that receiving messages to the console is enough to significantly improve their experience.
A concrete use case is a developer using NativeIO opening many files and eventually failing. This could be caused by insufficient memory, or too many open files for the process. Both are platform-specific, so we want to exercise caution when exposing them. On the other hand, the actual error gives important information to the developer. I believe that unsanitized messages are a good trade-off for this problem.