SQL query is shown in WFS response on error
-------------------------------------------
Key: GEOS-2972
URL: http://jira.codehaus.org/browse/GEOS-2972
Project: GeoServer
Issue Type: Bug
Components: Oracle, WFS
Affects Versions: 1.7.3
Environment: WFS and Oracle
Reporter: Simon Peter Haverdings
Assignee: Andrea Aime
Priority: Critical
I created a view in the database and created a feature type for that view.
After that I deleted the view.
When performing a WFS request on that feature type, instead of getting a
(generic) error, I get an error with the precise SQL query that was being
performed!
Why does an error in the backend result in the backend being exposed in the
front-end!
This is a serious security bug and should never have allowed to happen!
When an error occurs on the backend, it should be logged and the requester
(client) should be notified with an (nice) error message of geoserver (a code
with/out a description) that briefly describes the kind of error that has
occured, but not the actual error.
So I would like to see this:
<?xml version="1.0" ?>
<ServiceExceptionReport
version="1.2.0"
xmlns="http://www.opengis.net/ogc";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.opengis.net/ogc
http://schemas.opengis.net/wfs/1.0.0/OGC-exception
.xsd">
<ServiceException>
error:GEOS12345: Could not request the data from the system
</ServiceException></ServiceExceptionReport>
Instead of the current response:
<?xml version="1.0" ?>
<ServiceExceptionReport
version="1.2.0"
xmlns="http://www.opengis.net/ogc";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.opengis.net/ogc
http://schemas.opengis.net/wfs/1.0.0/OGC-exception
.xsd">
<ServiceException>
error:Translator error
Translator error
Error reading Features
Could not aquire feature:org.geotools.data.DataSourceException: Error
Performing SQL query: SELECT "
;NAME", "CENTRE" FROM "VIEW" WHERE "NAME" =
&apos
;GEM_CENTRE'
Error Performing SQL query: SELECT "NAME", "CENTRE" FROM
"VIEW
" WHERE "NAME" = 'GEM_CENTRE'
ORA-00942: Tabel of view bestaat niet.
</ServiceException></ServiceExceptionReport>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
