Exception Gatekeeper

From Guidance Share

Jump to: navigation, search

Context

Exceptions propagate up the call stack until they are caught and handled. Letting exception details propagate beyond the current trust boundary can expose sensitive data to a potential attacker and/or cause the application to fail in a non-graceful manner. Exposing database details is a particular problem.


Problem

How to prevent sensitive exception details propagating back to the client.


Forces

You want to prevent sensitive details that might be of use to an attacker, propagating to the client.


Solution

Implement a catch-all exception handler at the main entry point into the application or service in order to prevent exception details propagating back beyond this point. Log exception details and return a generic error message instead.



Personal tools