包装异常并隐藏敏感细节 [英] Wrapping an exception and hiding sensitive details

问题描述

如何隐藏java异常中的敏感细节？是否可以通过将异常包装到另一个来实现？

How can I hide sensitive details in a java exception? Is it only possible to do by wrapping the exception with another?

如果是这样，这是如何隐藏异常的，因为如果我在异常@调试时间，我可以看到有关旧例外的所有信息，我正在包装它，不是吗？

If so, how exactly does this hide the exception because if I put a watch on the exception @ debug time, I'd be able to see all information on the old exception and the one I am wrapping it with, no?

BTW，这不像ASP.NET我可以调用Response.Write（）来写一个友好的字符串到网页/响应流。这是一个java插件，在一个基于java的Web应用程序（你安装一个内置的服务器的排序）。

BTW, this is not like ASP.NET where I can call Response.Write("") to write a friendly string to the webpage/response stream. This is a java plugin, in a java web-based app (the sort you install with a built-in server).

谢谢

推荐答案

我不确定你应该依靠任何语言机制或VM机制来保护敏感数据免遭这种入侵。如果正在使用调试器，那么他们可以放置一个产生异常的断点，并查看数据。

I'm not sure you should rely on any language mechanisms or VM mechanisms for securing sensitive data against this sort of intrusion. If one is using the debugger, they could just put a breakpoint where the exception is generated and see the data.

最大的风险在于一个未捕获的异常会流向点，生产用户可以看到它，或（通常只是一样糟糕），它可以存储在日志消息中。很好的例子是与数据库通信 - 当有任何类型的故障（甚至是一个简单的超时）时，整个查询都被存储的时间很多。

The big risk is that an uncaught exception would flow to a point where a production user could see it, or (often just as bad), where it could be stored in a log message. Good examples of this are communicating with a database - many time the entire query is stored logged when there's any kind of failure (even a simple timeout).

IM HO IM IM lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest lowest点，您希望捕获敏感数据的异常，并创建一个处理旧的异常并且不提供任何敏感数据。

IMHO, For these reasons, the best course of action might be to not store sensitive data in the new exception to begin with, or to create a new exception at the lowest point where you expect to catch the exception with the sensitive data, and create one that disposes of the old exception and does not provide any sensitive data.

例如，如果你在将敏感数据的查询提交到数据库的方法中创建异常，不要存储实际的查询文本，或者用一些散列替换参数（如果可能）。这样你就可以找到重复的违规者，而不会暴露数据内容。

For instance, if you create an exception in a method that submits a query with sensitive data to the database, do not store the actual query text, or replace the arguments (if possible) with some hash. This way you could find repeat offenders without exposing the data contents.

如果您使用的第三方组件将数据写入您控制之外的页面，那么首先可能需要重新考虑使用该插件。据我所知，如果您在执行某些隐私政策的司法管辖区内，如果您使用不符合这些政策的第三方工具，您仍然可能承担责任。

If you are using a third-party component that writes data like that to the page outside your control, you might want to reconsider using that plugin in the first place. To the best of my knowledge, if you are in jurisdictions that enforce certain privacy policies, you could still be liable if you use a third-party tool that does not comply with these policies.

这篇关于包装异常并隐藏敏感细节的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！