Back to Security Pattern Catalog




Exception Shielding


Classification Key : Perimeter Security, Information Disclosure

Problem

How do you prevent a Web service from disclosing information about the internal implementation of the service when an exception occurs?

Solution

Use the Exception Shielding pattern to sanitize unsafe exceptions by replacing them with exceptions that are safe by design. Return only those exceptions to the client that have been sanitized or exceptions that are safe by design. Exceptions that are safe by design do not contain detailed stack trace, either of which might reveal sensitive information about the Web service’s inner workings.

Known Uses

HTTP error messages that suppress information or provide wrong information.

Related Patterns

Hidden Implementation

Source

Microsoft Book

Tags

Error Message, Exception


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz