tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Bergsten <>
Subject Re: Outstanding bugs before 3.2 final?
Date Thu, 21 Sep 2000 18:31:18 GMT
Larry Isaacs wrote:
> Hi Sam,
> I cleaned up some error handling last night and committed the changes this 
> morning after some further testing.  The change includes removing the stack 
> traces from the default exception handling.  I agree with Costin and others 
> that this reveals more information than is desirable.

What is the new default exception handling behavior? Is it really a security
issue to show the stack trace? I may be ignorant here, but I just don't see

The stack trace is *really* useful during debugging. In fact, it's pretty
much the only tool you have to find out what's wrong. Having to do something
special to activate it will cause a lot of grief for developers, I'm sure.

Please explain what the security issue is so we can see if there's another
way to address it.

Hans Bergsten
Gefion Software

View raw message