Wrapping an exception and hiding sensitive details_问答_开发者

Wrapping an exception and hiding sensitive details

开发者 https://www.devze.com 2023-02-04 13:22 出处：网络

How can I hide sensitive details in a java exception? Is it only possible to do by wrapping the exception with another?

If so, how exactly does this hide the exception because if I put a watch on the exception @ debug time, I'd be able to see all information on the old exception and the one I am wrapping it with, no?

BTW, this is not like ASP.NET where I can call Response.Write("") to write a friendly string to the webpage/response stream. This is a java plugin, in开发者_如何学JAVA a java web-based app (the sort you install with a built-in server).

Thanks

I'm not sure you should rely on any language mechanisms or VM mechanisms for securing sensitive data against this sort of intrusion. If one is using the debugger, they could just put a breakpoint where the exception is generated and see the data.

The big risk is that an uncaught exception would flow to a point where a production user could see it, or (often just as bad), where it could be stored in a log message. Good examples of this are communicating with a database - many time the entire query is stored logged when there's any kind of failure (even a simple timeout).

IMHO, For these reasons, the best course of action might be to not store sensitive data in the new exception to begin with, or to create a new exception at the lowest point where you expect to catch the exception with the sensitive data, and create one that disposes of the old exception and does not provide any sensitive data.

For instance, if you create an exception in a method that submits a query with sensitive data to the database, do not store the actual query text, or replace the arguments (if possible) with some hash. This way you could find repeat offenders without exposing the data contents.

If you are using a third-party component that writes data like that to the page outside your control, you might want to reconsider using that plugin in the first place. To the best of my knowledge, if you are in jurisdictions that enforce certain privacy policies, you could still be liable if you use a third-party tool that does not comply with these policies.