[
https://issues.apache.org/jira/browse/THRIFT-3830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15286988#comment-15286988
]
Jens Geyer commented on THRIFT-3830:
------------------------------------
{quote}
If I had a public interface using thrift I would not want to divulge a stack
trace
{quote}
I was about to say the same. That's called [Information Leakage and Improper
Error
Handling|https://www.owasp.org/index.php/Top_10_2007-Information_Leakage_and_Improper_Error_Handling],
a topic that was in the OWASP TOP 10 in 2007. We really should not exposure
such information **by default**.
Of course that does not free the developer from the burden of taking care of
proper error handling, but we should not make it worser.
> Add detail exception message between server-side and client-side
> ------------------------------------------------------------------
>
> Key: THRIFT-3830
> URL: https://issues.apache.org/jira/browse/THRIFT-3830
> Project: Thrift
> Issue Type: Improvement
> Components: Java - Library
> Affects Versions: 0.9.3
> Reporter: Dongchao Ding
> Priority: Minor
>
> At present,when one TExcpetion occurs at server-side, we just get one same
> error tip like "Internal error processing ${invoke-method-name}", the detail
> exception(exception message and exception stack) was gone.
> I think it's better to send detail error info to client .
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
