mistercrunch commented on issue #7764: Show generic error msg and hide stacktrace if feature flag is enabled URL: https://github.com/apache/incubator-superset/pull/7764#issuecomment-505076901 Showing stacktrace is generally super useful, but has potential security concerns. It may inform an attacker about specificities around the environment, and we don't control what gets bubbled up or not. I think the intent with `SHOW_STACKTRACE` (config key was introduced super early by me) was to make showing the stacktrace optional. Ideally all areas of the code that may show a stacktrace should boil down to calling a same function so that logic isn't duplicated and can be centrally managed. For instance in the future we maybe want to redact only some parts of the stacktrace, or we may want to assign RBAC-style controls to it.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
