ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dmitry Pavlov <dpavlov....@gmail.com>
Subject Re: Exception handling in thin client: should we pass stack traces to the client?
Date Tue, 19 Sep 2017 07:42:47 GMT
Hi Vladimir,

All of these arguments are relevant. I suggest to provide full stacktrace
at least by server option. This is also common practice on web servers.

Sincerely,
Dmitriy Pavlov

вт, 19 сент. 2017 г. в 10:20, Vladimir Ozerov <vozerov@gridgain.com>:

> Igniters,
>
> We had a discussion about how to propagate error information from cluster
> nodes to the client. My opinion is that we should pass a kind of vendor
> code plus optional error message, if vendor code is not very specific.
>
> Alternative idea is to pass the whole stack trace as well. I agree that
> this is very useful for debugging purposes, but on the other hand IMO it
> imposes security risk. By sending invalid requests to the server user might
> get sensitive information about server configuration, such as it's version,
> version of the underlying database, frameworks etc.. This information may
> help attacker to apply some version-specific attacks. This is precise
> reason why default error pages of web servers with stack traces are always
> replaces with some stubs.
>
> This is why I think we should not include stack traces.
>
> What do you think?
>
> Vladimir.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message