问题
How can I hide sensitive details in a java exception? Is it only possible to do by wrapping the exception with another?
If so, how exactly does this hide the exception because if I put a watch on the exception @ debug time, I'd be able to see all information on the old exception and the one I am wrapping it with, no?
BTW, this is not like ASP.NET where I can call Response.Write("") to write a friendly string to the webpage/response stream. This is a java plugin, in a java web-based app (the sort you install with a built-in server).
Thanks
回答1:
I'm not sure you should rely on any language mechanisms or VM mechanisms for securing sensitive data against this sort of intrusion. If one is using the debugger, they could just put a breakpoint where the exception is generated and see the data.
The big risk is that an uncaught exception would flow to a point where a production user could see it, or (often just as bad), where it could be stored in a log message. Good examples of this are communicating with a database - many time the entire query is stored logged when there's any kind of failure (even a simple timeout).
IMHO, For these reasons, the best course of action might be to not store sensitive data in the new exception to begin with, or to create a new exception at the lowest point where you expect to catch the exception with the sensitive data, and create one that disposes of the old exception and does not provide any sensitive data.
For instance, if you create an exception in a method that submits a query with sensitive data to the database, do not store the actual query text, or replace the arguments (if possible) with some hash. This way you could find repeat offenders without exposing the data contents.
If you are using a third-party component that writes data like that to the page outside your control, you might want to reconsider using that plugin in the first place. To the best of my knowledge, if you are in jurisdictions that enforce certain privacy policies, you could still be liable if you use a third-party tool that does not comply with these policies.
来源:https://stackoverflow.com/questions/4651608/wrapping-an-exception-and-hiding-sensitive-details