tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hans Bergsten <h...@gefionsoftware.com>
Subject Re: Outstanding bugs before 3.2 final?
Date Thu, 21 Sep 2000 18:31:18 GMT
Larry Isaacs wrote:
> 
> Hi Sam,
> 
> I cleaned up some error handling last night and committed the changes this 
> morning after some further testing.  The change includes removing the stack 
> traces from the default exception handling.  I agree with Costin and others 
> that this reveals more information than is desirable.

What is the new default exception handling behavior? Is it really a security
issue to show the stack trace? I may be ignorant here, but I just don't see
it.

The stack trace is *really* useful during debugging. In fact, it's pretty
much the only tool you have to find out what's wrong. Having to do something
special to activate it will cause a lot of grief for developers, I'm sure.

Please explain what the security issue is so we can see if there's another
way to address it.

Hans
-- 
Hans Bergsten		hans@gefionsoftware.com
Gefion Software		http://www.gefionsoftware.com

Mime
View raw message