Exception Gatekeeper

From Guidance Share

Jump to: navigation, search


Exceptions propagate up the call stack until they are caught and handled. Letting exception details propagate beyond the current trust boundary can expose sensitive data to a potential attacker and/or cause the application to fail in a non-graceful manner. Exposing database details is a particular problem.


How to prevent sensitive exception details propagating back to the client.


You want to prevent sensitive details that might be of use to an attacker, propagating to the client.


Implement a catch-all exception handler at the main entry point into the application or service in order to prevent exception details propagating back beyond this point. Log exception details and return a generic error message instead.

Personal tools