Back to Security Pattern Catalog

Exception Shielding

Classification Key : Perimeter Security, Information Disclosure


How do you prevent a Web service from disclosing information about the internal implementation of the service when an exception occurs?


Use the Exception Shielding pattern to sanitize unsafe exceptions by replacing them with exceptions that are safe by design. Return only those exceptions to the client that have been sanitized or exceptions that are safe by design. Exceptions that are safe by design do not contain detailed stack trace, either of which might reveal sensitive information about the Web service’s inner workings.

Known Uses

HTTP error messages that suppress information or provide wrong information.

Related Patterns

Hidden Implementation


Microsoft Book


Error Message, Exception


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz