Exception Shielding (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)
How can a service prevent the disclosure of information about its internal implementation when an exception occurs?
Unfiltered exception data output by a service may contain internal implementation details that can compromise the security of the service and its surrounding environment.
Potentially unsafe exception data is “sanitized” by replacing it with exception data that is safe by design before it is made available to consumers.
This pattern can be applied at design time by reviewing and altering source code or at runtime by adding dynamic sanitization routines.
Sanitized exception information can make the tracking of errors more difficult due to the lack of detail provided to consumers.
Potentially unsafe information is sanitized by routines added to the service logic, thereby releasing only safe exception information to service consumers.