Igniters, We had a discussion about how to propagate error information from cluster nodes to the client. My opinion is that we should pass a kind of vendor code plus optional error message, if vendor code is not very specific.
Alternative idea is to pass the whole stack trace as well. I agree that this is very useful for debugging purposes, but on the other hand IMO it imposes security risk. By sending invalid requests to the server user might get sensitive information about server configuration, such as it's version, version of the underlying database, frameworks etc.. This information may help attacker to apply some version-specific attacks. This is precise reason why default error pages of web servers with stack traces are always replaces with some stubs. This is why I think we should not include stack traces. What do you think? Vladimir.
