Back to Security Pattern Catalog
: Perimeter Security, Information Disclosure
How do you prevent a Web service from disclosing information about the internal implementation of the service when an exception occurs?
Use the Exception Shielding pattern to sanitize unsafe exceptions by replacing them with exceptions that are safe by design. Return only those exceptions to the client that have been sanitized or exceptions that are safe by design. Exceptions that are safe by design do not contain detailed stack trace, either of which might reveal sensitive information about the Web service’s inner workings.
HTTP error messages that suppress information or provide wrong information.
Error Message, Exception
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz