Re[2]: Exception handling in thin client: should we pass stack traces to the client?

2020-08-25 Thread Zhenya Stanilovsky 


Thanks ! now its clear for me, ones more want to repeat my position — sending 
exceptions to the client side looks like bad design, because exceptions its 
about unhealthy system recognition from administrator side, not from client of 
course, but looks like for now it`s more informative than existing decision. 
 
>>
>> Alexey.
>>
>> This option should be on the server side, so server administrator can
>> disable stack trace for all clients.
>> Correct?
>>
>Yes, correct.
>  
 
 
 
 

Re: Exception handling in thin client: should we pass stack traces to the client?

2020-08-25 Thread Alexey Goncharuk 
>
> Alexey.
>
> This option should be on the server side, so server administrator can
> disable stack trace for all clients.
> Correct?
>

Yes, correct.

Re: Exception handling in thin client: should we pass stack traces to the client?

2020-08-25 Thread Nikolay Izhikov 
Alexey.

This option should be on the server side, so server administrator can disable 
stack trace for all clients.
Correct?

> 25 авг. 2020 г., в 12:47, Alexey Goncharuk  
> написал(а):
> 
> Zhenya,
> 
> Stacktraces are considered to be able to expose sensitive information about
> code, see [1]. So as previously, I agree with Pavel that we should have an
> option to disable this behavior.
> 
> [1]
> https://wiki.sei.cmu.edu/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information

Re: Exception handling in thin client: should we pass stack traces to the client?

2020-08-25 Thread Alexey Goncharuk 
Zhenya,

Stacktraces are considered to be able to expose sensitive information about
code, see [1]. So as previously, I agree with Pavel that we should have an
option to disable this behavior.

[1]
https://wiki.sei.cmu.edu/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information

Re: Exception handling in thin client: should we pass stack traces to the client?

2020-08-21 Thread Pavel Tupitsyn 
I think this behavior should be configurable.
We can have it on by default, but have a setting to disable, e.g.:
ThinClientConfiguration.excludeErrorStackTraces

On Fri, Aug 21, 2020 at 9:54 AM Zhenya Stanilovsky
 wrote:

>
> Guys, does anyone else bothers about it ?)
> Ones more — i really not sure that all exceptions have been thrown from
> server side have informative message visible from client side, if client
> would receive full stack trace from server side it would reduce additional
> efforts from cluster administrator side, in one case i agree here — this is
> not pretty a bit.
> If no quorum would be here — ok, i fill a ticket for optionally enable
> such behavior, as was discussed earlier, and leave the current one as it is.
> thanks !
> >Hi,
> >
> >I agree with Zhenya, that a stack from server side will be able to help in
> >investigation of issues, but it really confused in production environment.
> >I see all participants tell the same.
> >
> >Pavel, do you mean this behavior should be switching by configuration?
> >
> >On Thu, Aug 20, 2020 at 5:00 PM Pavel Tupitsyn < ptupit...@apache.org >
> wrote:
> >
> >> Link to the original discussion:
> >>
> >>
> >>
> http://apache-ignite-developers.2346864.n4.nabble.com/Exception-handling-in-thin-client-should-we-pass-stack-traces-to-the-client-td22392.html
> >>
> >> On Thu, Aug 20, 2020 at 4:46 PM Zhenya Stanilovsky
> >> < arzamas...@mail.ru.invalid > wrote:
> >>
> >> >
> >> > I want to resurrect this discussion, i don`t understand what sensitive
> >> > information you are talking about ?
> >> > Can you show some examples or something else ? I never listen that
> thread
> >> > dumps belong to sensitive info.
> >> > I believe that one linear error can`t help user to recognize problem
> and
> >> > logs from server side can be simple unreachable or logging disabled at
> >> all.
> >> > So i suggest to request full thread dump in case of server side error
> >> > occurred.
> >> >
> >> > what do you think ?
> >> >
> >> >
> >> > >Igniters,
> >> > >
> >> > >We had a discussion about how to propagate error information from
> >> cluster
> >> > >nodes to the client. My opinion is that we should pass a kind of
> vendor
> >> > >code plus optional error message, if vendor code is not very
> specific.
> >> > >
> >> > >Alternative idea is to pass the whole stack trace as well. I agree
> that
> >> > >this is very useful for debugging purposes, but on the other hand
> IMO it
> >> > >imposes security risk. By sending invalid requests to the server user
> >> > might
> >> > >get sensitive information about server configuration, such as it's
> >> > version,
> >> > >version of the underlying database, frameworks etc.. This information
> >> may
> >> > >help attacker to apply some version-specific attacks. This is precise
> >> > >reason why default error pages of web servers with stack traces are
> >> always
> >> > >replaces with some stubs.
> >> > >
> >> > >This is why I think we should not include stack traces.
> >> > >
> >> > >What do you think?
> >> > >
> >> > >Vladimir.
> >> >
> >> >
> >> >
> >> >
> >>
> >
> >--
> >Vladislav Pyatkov
> >
>
>
>
>

Exception handling in thin client: should we pass stack traces to the client?

2020-08-21 Thread Zhenya Stanilovsky 

Guys, does anyone else bothers about it ?)
Ones more — i really not sure that all exceptions have been thrown from server 
side have informative message visible from client side, if client would receive 
full stack trace from server side it would reduce additional efforts from 
cluster administrator side, in one case i agree here — this is not pretty a bit.
If no quorum would be here — ok, i fill a ticket for optionally enable such 
behavior, as was discussed earlier, and leave the current one as it is.
thanks !
>Hi,
>
>I agree with Zhenya, that a stack from server side will be able to help in
>investigation of issues, but it really confused in production environment.
>I see all participants tell the same.
>
>Pavel, do you mean this behavior should be switching by configuration?
>
>On Thu, Aug 20, 2020 at 5:00 PM Pavel Tupitsyn < ptupit...@apache.org > wrote:
> 
>> Link to the original discussion:
>>
>>
>>  
>> http://apache-ignite-developers.2346864.n4.nabble.com/Exception-handling-in-thin-client-should-we-pass-stack-traces-to-the-client-td22392.html
>>
>> On Thu, Aug 20, 2020 at 4:46 PM Zhenya Stanilovsky
>> < arzamas...@mail.ru.invalid > wrote:
>>
>> >
>> > I want to resurrect this discussion, i don`t understand what sensitive
>> > information you are talking about ?
>> > Can you show some examples or something else ? I never listen that thread
>> > dumps belong to sensitive info.
>> > I believe that one linear error can`t help user to recognize problem and
>> > logs from server side can be simple unreachable or logging disabled at
>> all.
>> > So i suggest to request full thread dump in case of server side error
>> > occurred.
>> >
>> > what do you think ?
>> >
>> >
>> > >Igniters,
>> > >
>> > >We had a discussion about how to propagate error information from
>> cluster
>> > >nodes to the client. My opinion is that we should pass a kind of vendor
>> > >code plus optional error message, if vendor code is not very specific.
>> > >
>> > >Alternative idea is to pass the whole stack trace as well. I agree that
>> > >this is very useful for debugging purposes, but on the other hand IMO it
>> > >imposes security risk. By sending invalid requests to the server user
>> > might
>> > >get sensitive information about server configuration, such as it's
>> > version,
>> > >version of the underlying database, frameworks etc.. This information
>> may
>> > >help attacker to apply some version-specific attacks. This is precise
>> > >reason why default error pages of web servers with stack traces are
>> always
>> > >replaces with some stubs.
>> > >
>> > >This is why I think we should not include stack traces.
>> > >
>> > >What do you think?
>> > >
>> > >Vladimir.
>> >
>> >
>> >
>> >
>>
>
>--
>Vladislav Pyatkov
>  
 
 
 
 

Re: Exception handling in thin client: should we pass stack traces to the client?

2020-08-20 Thread Vladislav Pyatkov 
Hi,

I agree with Zhenya, that a stack from server side will be able to help in
investigation of issues, but it really confused in production environment.
I see all participants tell the same.

Pavel, do you mean this behavior should be switching by configuration?

On Thu, Aug 20, 2020 at 5:00 PM Pavel Tupitsyn  wrote:

> Link to the original discussion:
>
>
> http://apache-ignite-developers.2346864.n4.nabble.com/Exception-handling-in-thin-client-should-we-pass-stack-traces-to-the-client-td22392.html
>
> On Thu, Aug 20, 2020 at 4:46 PM Zhenya Stanilovsky
>  wrote:
>
> >
> > I want to resurrect this discussion, i don`t understand what sensitive
> > information you are talking about ?
> > Can you show some examples or something else ? I never listen that thread
> > dumps belong to sensitive info.
> > I believe that one linear error can`t help user to recognize problem and
> > logs from server side can be simple unreachable or logging disabled at
> all.
> > So i suggest to request full thread dump in case of server side error
> > occurred.
> >
> > what do you think ?
> >
> >
> > >Igniters,
> > >
> > >We had a discussion about how to propagate error information from
> cluster
> > >nodes to the client. My opinion is that we should pass a kind of vendor
> > >code plus optional error message, if vendor code is not very specific.
> > >
> > >Alternative idea is to pass the whole stack trace as well. I agree that
> > >this is very useful for debugging purposes, but on the other hand IMO it
> > >imposes security risk. By sending invalid requests to the server user
> > might
> > >get sensitive information about server configuration, such as it's
> > version,
> > >version of the underlying database, frameworks etc.. This information
> may
> > >help attacker to apply some version-specific attacks. This is precise
> > >reason why default error pages of web servers with stack traces are
> always
> > >replaces with some stubs.
> > >
> > >This is why I think we should not include stack traces.
> > >
> > >What do you think?
> > >
> > >Vladimir.
> >
> >
> >
> >
>


-- 
Vladislav Pyatkov

Re: Exception handling in thin client: should we pass stack traces to the client?

2020-08-20 Thread Pavel Tupitsyn 
Link to the original discussion:

http://apache-ignite-developers.2346864.n4.nabble.com/Exception-handling-in-thin-client-should-we-pass-stack-traces-to-the-client-td22392.html

On Thu, Aug 20, 2020 at 4:46 PM Zhenya Stanilovsky
 wrote:

>
> I want to resurrect this discussion, i don`t understand what sensitive
> information you are talking about ?
> Can you show some examples or something else ? I never listen that thread
> dumps belong to sensitive info.
> I believe that one linear error can`t help user to recognize problem and
> logs from server side can be simple unreachable or logging disabled at all.
> So i suggest to request full thread dump in case of server side error
> occurred.
>
> what do you think ?
>
>
> >Igniters,
> >
> >We had a discussion about how to propagate error information from cluster
> >nodes to the client. My opinion is that we should pass a kind of vendor
> >code plus optional error message, if vendor code is not very specific.
> >
> >Alternative idea is to pass the whole stack trace as well. I agree that
> >this is very useful for debugging purposes, but on the other hand IMO it
> >imposes security risk. By sending invalid requests to the server user
> might
> >get sensitive information about server configuration, such as it's
> version,
> >version of the underlying database, frameworks etc.. This information may
> >help attacker to apply some version-specific attacks. This is precise
> >reason why default error pages of web servers with stack traces are always
> >replaces with some stubs.
> >
> >This is why I think we should not include stack traces.
> >
> >What do you think?
> >
> >Vladimir.
>
>
>
>

Exception handling in thin client: should we pass stack traces to the client?

2020-08-20 Thread Zhenya Stanilovsky 

I want to resurrect this discussion, i don`t understand what sensitive 
information you are talking about ?
Can you show some examples or something else ? I never listen that thread dumps 
belong to sensitive info.
I believe that one linear error can`t help user to recognize problem and logs 
from server side can be simple unreachable or logging disabled at all. So i 
suggest to request full thread dump in case of server side error occurred.
 
what do you think ?  

  
>Igniters,
>
>We had a discussion about how to propagate error information from cluster
>nodes to the client. My opinion is that we should pass a kind of vendor
>code plus optional error message, if vendor code is not very specific.
>
>Alternative idea is to pass the whole stack trace as well. I agree that
>this is very useful for debugging purposes, but on the other hand IMO it
>imposes security risk. By sending invalid requests to the server user might
>get sensitive information about server configuration, such as it's version,
>version of the underlying database, frameworks etc.. This information may
>help attacker to apply some version-specific attacks. This is precise
>reason why default error pages of web servers with stack traces are always
>replaces with some stubs.
>
>This is why I think we should not include stack traces.
>
>What do you think?
>
>Vladimir. 
 
 
 
 

Re: Exception handling in thin client: should we pass stack traces to the client?

2017-09-19 Thread Yakov Zhdanov 
Fully agree. As Alex mentioned web servers support dev and prod modes. We
need to do the same and default mode should be dev with warning on startup
and ability to change in runtime.

--Yakov

Re: Exception handling in thin client: should we pass stack traces to the client?

2017-09-19 Thread Vladimir Ozerov 
Thanks, folks!

Excellent catch - we should not decide whether to allow it or not, but
rather make it configurable.

On Tue, Sep 19, 2017 at 10:43 AM, Alexey Goncharuk <
alexey.goncha...@gmail.com> wrote:

> I think the protocol should allow both, and the behavior should be either
> configurable or enabled via a system property. Every web server known to me
> allows exposing this information for debugging purposes.
>
> 2017-09-19 10:20 GMT+03:00 Vladimir Ozerov :
>
> > Igniters,
> >
> > We had a discussion about how to propagate error information from cluster
> > nodes to the client. My opinion is that we should pass a kind of vendor
> > code plus optional error message, if vendor code is not very specific.
> >
> > Alternative idea is to pass the whole stack trace as well. I agree that
> > this is very useful for debugging purposes, but on the other hand IMO it
> > imposes security risk. By sending invalid requests to the server user
> might
> > get sensitive information about server configuration, such as it's
> version,
> > version of the underlying database, frameworks etc.. This information may
> > help attacker to apply some version-specific attacks. This is precise
> > reason why default error pages of web servers with stack traces are
> always
> > replaces with some stubs.
> >
> > This is why I think we should not include stack traces.
> >
> > What do you think?
> >
> > Vladimir.
> >
>

Re: Exception handling in thin client: should we pass stack traces to the client?

2017-09-19 Thread Dmitry Pavlov 
Hi Vladimir,

All of these arguments are relevant. I suggest to provide full stacktrace
at least by server option. This is also common practice on web servers.

Sincerely,
Dmitriy Pavlov

вт, 19 сент. 2017 г. в 10:20, Vladimir Ozerov :

> Igniters,
>
> We had a discussion about how to propagate error information from cluster
> nodes to the client. My opinion is that we should pass a kind of vendor
> code plus optional error message, if vendor code is not very specific.
>
> Alternative idea is to pass the whole stack trace as well. I agree that
> this is very useful for debugging purposes, but on the other hand IMO it
> imposes security risk. By sending invalid requests to the server user might
> get sensitive information about server configuration, such as it's version,
> version of the underlying database, frameworks etc.. This information may
> help attacker to apply some version-specific attacks. This is precise
> reason why default error pages of web servers with stack traces are always
> replaces with some stubs.
>
> This is why I think we should not include stack traces.
>
> What do you think?
>
> Vladimir.
>

Re: Exception handling in thin client: should we pass stack traces to the client?

2017-09-19 Thread Alexey Goncharuk 
I think the protocol should allow both, and the behavior should be either
configurable or enabled via a system property. Every web server known to me
allows exposing this information for debugging purposes.

2017-09-19 10:20 GMT+03:00 Vladimir Ozerov :

> Igniters,
>
> We had a discussion about how to propagate error information from cluster
> nodes to the client. My opinion is that we should pass a kind of vendor
> code plus optional error message, if vendor code is not very specific.
>
> Alternative idea is to pass the whole stack trace as well. I agree that
> this is very useful for debugging purposes, but on the other hand IMO it
> imposes security risk. By sending invalid requests to the server user might
> get sensitive information about server configuration, such as it's version,
> version of the underlying database, frameworks etc.. This information may
> help attacker to apply some version-specific attacks. This is precise
> reason why default error pages of web servers with stack traces are always
> replaces with some stubs.
>
> This is why I think we should not include stack traces.
>
> What do you think?
>
> Vladimir.
>

Exception handling in thin client: should we pass stack traces to the client?

2017-09-19 Thread Vladimir Ozerov 
Igniters,

We had a discussion about how to propagate error information from cluster
nodes to the client. My opinion is that we should pass a kind of vendor
code plus optional error message, if vendor code is not very specific.

Alternative idea is to pass the whole stack trace as well. I agree that
this is very useful for debugging purposes, but on the other hand IMO it
imposes security risk. By sending invalid requests to the server user might
get sensitive information about server configuration, such as it's version,
version of the underlying database, frameworks etc.. This information may
help attacker to apply some version-specific attacks. This is precise
reason why default error pages of web servers with stack traces are always
replaces with some stubs.

This is why I think we should not include stack traces.

What do you think?

Vladimir.