Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Remove stacktrace from error message #5478

Merged
merged 3 commits into from
May 28, 2020
Merged

fix: Remove stacktrace from error message #5478

merged 3 commits into from
May 28, 2020

Conversation

purplefox
Copy link
Contributor

@purplefox purplefox commented May 26, 2020
edited
Loading

Description

Fixes: #5398

As a general rule servers should log internal errors but not expose internal stack traces to clients. Sending stack traces to clients can create a security risk - stack traces expose implementation details of servers - libraries used, class names, private IP, paths, etc, that can potentially be used to compromise the server or leak information that the server administrator does not want to be public.

Testing done

Updated tests

Reviewer checklist

  • Ensure docs are updated if necessary. (eg. if a user visible feature is being added or changed).
  • Ensure relevant issues are linked (description should include text like "Fixes #")

@purplefox purplefox requested a review from a team as a code owner May 26, 2020 09:54
@agavra
Copy link
Contributor

agavra commented May 26, 2020

Requesting review from @rodesai - in cloud environments, the user doesn't have access to the server logs so there's no way for them to debug an error without some stack trace. What's the usual pattern for debugging PROD errors in cloud products outside of ksqlDB?

@agavra agavra requested a review from rodesai May 26, 2020 15:54
rodesai
rodesai approved these changes May 28, 2020
View reviewed changes
Copy link
Contributor

@rodesai rodesai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@purplefox purplefox merged commit b63d7e8 into confluentinc:master May 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rodesai rodesai rodesai approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

REST API exposes stack traces on error
3 participants
@purplefox @agavra @rodesai