lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Branham, Jeremy (Experis)" <jb...@allstate.com>
Subject Re: Re: Suppress stack trace in error response
Date Fri, 22 Feb 2019 15:44:49 GMT
Thanks Edwin – You’re right, I could explain that a bit more.
My security team has run a scan against the SOLR servers and identified a few things they
want suppressed, one being the stack trace in an error message.

For example –
<response>
<lst name="responseHeader">
<int name="status">500</int>
<int name="QTime">1</int>
<lst name="params">
<str name="rows">`</str>
</lst>
</lst>
<lst name="error">
<str name="msg">For input string: "`"</str>
<str name="trace">
java.lang.NumberFormatException: For input string: "`" at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at …


I’ve got a long-term solution involving middleware changes, but I’m not sure there is
a quick fix for this.

 
Jeremy Branham
jbrcm@allstate.com

On 2/21/19, 9:53 PM, "Zheng Lin Edwin Yeo" <edwinyeozl@gmail.com> wrote:

    Hi,
    
    There's too little information provided in your questions.
    You can explain more on the issue or the exception that you are facing.
    
    Regards,
    Edwin
    
    On Thu, 21 Feb 2019 at 23:45, Branham, Jeremy (Experis) <jbrcm@allstate.com>
    wrote:
    
    > When Solr throws an exception, like when a client sends a badly formed
    > query string, is there a way to suppress the stack trace in the error
    > response?
    >
    >
    >
    > Jeremy Branham
    > jbrcm@allstate.com<mailto:jbrcm@allstate.com>
    > Allstate Insurance Company | UCV Technology Services | Information
    > Services Group
    >
    >
    

Mime
View raw message