[
https://issues.apache.org/jira/browse/SLING-4049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14171217#comment-14171217
]
Carsten Ziegeler commented on SLING-4049:
-----------------------------------------
I think what we should at least do is ensure that always the error handler with
the highest service ranking is used, right now it picks up the first one it
gets-
A production instance could then simply deploy an error handler with a higher
ranking than the one registered by the servlet ensure and it's ensure that the
production specific wins
> Errorhandling: Allow Configuration of Displaying Stacktraces/Request Progress
> -----------------------------------------------------------------------------
>
> Key: SLING-4049
> URL: https://issues.apache.org/jira/browse/SLING-4049
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Reporter: Dominique Jäggi
>
> it should be configurable whether during error display (40x, 50x, etc)
> stacktraces or the request progress is displayed or not.
> for production systems it is undesirable to exhibit information that may
> allow an attacker to determine internal information such as used scripts,
> paths, classes, line numbers, etc.
> ideally this could be centrally configured, affecting both e.g. the JSP
> handlers (404.jsp) as well as any other facility outputting error conditions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
