That's a good point. I think the previous solution of throwing a new customised exception when an exception is caught on the server handles with this issue. Besides, it is necessary for my application to inform the user that he has submitted a misformed query, and that he needs to reform it. So it is necessary to return an appropriate message to the client.
> Date: Wed, 29 Jul 2009 09:48:07 -0700 > Subject: Re: Handling servre side exceptions and displaying precise error > messages on the client > From: deansjo...@gmail.com > To: Google-Web-Toolkit@googlegroups.com > > > I will raise a minor point.... relaying back EXACT exceptions, with > all failure information, is not a good idea in a production > environment. > > This is generally what we call "Exception Information Leakage" - it > exposes the underlying implementation of your servers architecture, > and certain errors are enough to give away potential sensitive > information useful to compromise your system. > > One site I was using, when a DB access failed, the DB user and > password in the exception!!! ;-) > > _________________________________________________________________ Έχετε Messenger; Έχετε και Windows Live. Μάθετε περισσότερα. http://microsoft.com/windows/windowslive --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To post to this group, send email to Google-Web-Toolkit@googlegroups.com To unsubscribe from this group, send email to google-web-toolkit+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/Google-Web-Toolkit?hl=en -~----------~----~----~----~------~----~------~--~---
