Larry Isaacs wrote:
>
> Hi Sam,
>
> I cleaned up some error handling last night and committed the changes this
> morning after some further testing. The change includes removing the stack
> traces from the default exception handling. I agree with Costin and others
> that this reveals more information than is desirable.
What is the new default exception handling behavior? Is it really a security
issue to show the stack trace? I may be ignorant here, but I just don't see
it.
The stack trace is *really* useful during debugging. In fact, it's pretty
much the only tool you have to find out what's wrong. Having to do something
special to activate it will cause a lot of grief for developers, I'm sure.
Please explain what the security issue is so we can see if there's another
way to address it.
Hans
--
Hans Bergsten hans@gefionsoftware.com
Gefion Software http://www.gefionsoftware.com
|