 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / CLR / September 2006Concerns about exception string revealing internals/data about the
Hello, We have a global error handler in our .NET 2.0 Framework application and I am wondering if there is a possiblity that an error message (i.e. ex.GetBaseException.ToString) could display any program data or database field names, etc. The application reads data from a database and if a crash occurs; I want to know if I print the exception text (like shown above) if the error text could display any data in my program OR any database field names. For example, could it say something like "invalid field name X" or "error parsing string Y"; where X is a name of a field in the database and Y is the contents of a string. I was thinking that GetBaseException.ToString or Exception.ToString would give a generic error like "Field not found" or "Error parsiing string" while not revelaing the field name or data contents. The application involves medical data for patients and we cannot reveal any data to the operator (should someone be hacking). I would like to be able to display the error to the operator, but am concerned it might reveal data. Can it reveal data as I mentioned?  SignatureThank you. It would be provider dependent. Your best bet would be to handle such exceptions in your data tier (building a message that gets sent back to you with full information) then throws an application specific exception that can be displayed to the user. Cheers, Greg > Hello, > [quoted text clipped - 19 lines] > display the error to the operator, but am concerned it might reveal data. > Can it reveal data as I mentioned? Hi, Yes, just as Greg pointed out, the database operation exception is controlled by the underlying data provider and database. The .Net BCL just encapsulates the error returned from the data provider and throws it out as an exception. If this exception is not caught in code, it will unwind up to your global exception handler. So the message text you got from Exception.ToString is all the information, you can not customize the code in .Net to tell the data provider and database to return more specific information. However, you'd better catch this exception in data tier .Net code, although you will get the same exception as the global exception handler, you can have much more context information, for example, you can log all the local variables and parameters when this exception is thrown, which is not available in global exception handler. By doing this, you will have more meaningful context information, which will be more helpful to debugging. Hope this helps. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. If I am using a Microsoft SQL Server 2000 database and if I am using the built in controls from Microsoft; is there still a possibility that an error message could contain data or database field information? I know you said it depended upon the provider, so in this case the provider is Microsoft. SignatureThank you. > Hi, > [quoted text clipped - 37 lines] > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. Hi KTJ, Can you tell me what controls you are using in your scenario? Do you use the build-in controls in SQL Server2000 or .Net winform/Asp.net controls? I think this is the implementation specific. Based on my experience, if the underlying provider really incoporates well with the underlying database, I think the provider will encapsulate enough internal information regarding in the .Net exception. So the upper layer code can get enough information in the exception object. The upper layer code only reads the exception object, no matter the upper controls are Microsoft or not, the result is the same. The information is determined by the underlying provider. I think most good providers will provide the information you wanted. Do you meet the scenario that the Microsoft provider does not provide the information your wanted? Actually, I am not an ADO.net expert. Since this newsgroup mainly focuses on CLR related runtime issues, I recommend you post your questions in: microsoft.public.dotnet.framework.adonet --- if your wanted information about data provider in .Net side(your controls refer to .Net controls) microsoft.public.sqlserver.server --- if you are using SQL Server controls There will be more data related experts in these newsgroup. Thanks for your understanding. Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. My question is related to the CLR as I am just trying to determine if exceptions could return certain information as part of the error message. The application deals with a database and contains social security numbers and other sensitive information. I am just trying to determine if an exception occurs in my program, is it possible that the exception error message (i.e. Exception.ToString) could display/contain data from the database and/or field names in the database. For example, it would be bad if the error displayed something like "Error parsing [Social Security Number] 111-11-1111". I know you said it depends upon the "provider"; I am using the built in ADO objects in Visual Studio for Microsoft SQL Server. Thus, I am using a Microsoft provider. I do NOT need any particular information in the error message. I am trying to PREVENT certain information from appearing in an error message. Thus I don't see this as an ADO issue but a general question on what Visual Studio puts in error messages (exceptions). Everything I have seen so far in the messages imply this will not happen (i.e. typical error message; System.Threading.ThreadStartException: Thread failed to start. ---> System.Threading.ThreadAbortException: Thread was being aborted. --- End of inner exception stack trace --- at System.Threading.Thread.StartInternal(IPrincipal principal, StackCrawlMark& stackMark) at System.Threading.Thread.Start() at xxxxx.xxxxService.Sessions.NewPluginsAvailable() in C:\STuff.cs:line 387 SignatureThank you. > Hi KTJ, > [quoted text clipped - 43 lines] > ================================================== > This posting is provided "AS IS" with no warranties, and confers no rights. Hi KTJ, Thanks for your feedback! Yes, I see your concern. I know that you want to control what detailed information the Exception object contains. We may divide the problem into 2 parts: 1. Just as you have been awared of, the underlying .Net data provider will do the actual database operation on behalf of ADO.net code. Whenever an error is generated from SQL Server, the provider will recognize this situation. It will construct an Exception object and throw out this exception to the upper layer ADO.net code. The key point is that: the detailed information that is contained in the Exception object is constructed when the Exception object is created, and the error message is passed through the Exception object constructor. That is why we said the detailed error message is out of control of CLR, but controlled by .Net data provider. 2. I think your concern is that what we can do on .Net side to reduce the sensitive information from leaking out, if the .Net data provider really places sensitive information in the error message. In this scenairo, since the sensitive information is already placed in the Exception object, what we can do is parsing the error message to cut out the sensitive information. I do not think there is a general solution for this approach, you may just think about all the possible sensitive information keywords/pattern, then you may use string parsing to trim the sensitive data/string. Additionally, regarding #1, if you want to know if .Net data provider exposes any programming interface for us to control the Exception error message, my personal experience is no. However, I am not an ADO.net expert, that's why I said you may contact ADO.net newsgroup for more detailed confirmation. Thanks for your understanding. If I have misunderstood your concern, please feel free to tell me. Thanks Best regards, Jeffrey Tan Microsoft Online Community Support ================================================== Get notification to my posts through email? Please refer to http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif ications. Note: The MSDN Managed Newsgroup support offering is for non-urgent issues where an initial response from the community or a Microsoft Support Engineer within 1 business day is acceptable. Please note that each follow up response may take approximately 2 business days as the support professional working with you may need further investigation to reach the most efficient resolution. The offering is not appropriate for situations that require urgent, real-time or phone-based interactions or complex project analysis and dump analysis issues. Issues of this nature are best handled working with a dedicated Microsoft Support Engineer by contacting Microsoft Customer Support Services (CSS) at http://msdn.microsoft.com/subscriptions/support/default.aspx. ================================================== This posting is provided "AS IS" with no warranties, and confers no rights. John .. you should be catching these exceptions in your data layer and rethrowing your own application exceptions (possibly with the original exception as an inner exception depending how you are handling it later). As an example .. while inserting a customer I would have code such as. try { //do insert } catch (SqlException Ex) { throw new MyDataLayerException("Unable to save customer to the database, the database returned an error", Ex); } Not only does this prevent you from showing undesirable information it also helps clean up the contract from your data layer .. Your data layer can now only throw your application exception (as opposed to being able to throw 22 different exceptions). Also, the information in these exceptions will be quite useful to you when you need to debug any problems (but should not be shown in a production application). When you start getting exceptions like these you can do things such as have them "phone home" ... when they do you can also get the inner exception to see what has actually happenned. Someone once told me a great rule of thumb of "never show an exception directly to the user". I agree with this in principle (an application should shutdown when it gets an exception, it should not show it to the user except in some edge conditions like your users happen to be programmers). Cheers, Greg > My question is related to the CLR as I am just trying to determine if > exceptions could return certain information as part of the error message. [quoted text clipped - 82 lines] >> This posting is provided "AS IS" with no warranties, and confers no >> rights. > Not only does this prevent you from showing undesirable information it > also helps clean up the contract from your data layer .. Your data layer [quoted text clipped - 12 lines] > user except in some edge conditions like your users happen to be > programmers). I disagree. I think what an app does after an exception is context dependent, and what it does after an UE is a policy decision that the application should determine when it occurs. The rule of thumb above works only for a subset of applications. I also disagree with hiding the details of an exception unless there are very good reasons for not doing so (for me, security is about the only one). For my purposes I want every little detail to be reported because it makes it easier to determine what went wrong, and more importantly, provides clues about what to do to correct or workaround the problem. I do think that thought must be given to the audiences that will see the exception report, but it should work for all audiences, not just some of them. I think this is also application-dependent. For home/retail users you may want to simplify the report to avoid confusing them but for industrial applications every little detail is important, and may even be required for regulatory or other reasons. regards, Dave Sorry in last post I meant an "unhandled" exception should never be shown to a user. > My question is related to the CLR as I am just trying to determine if > exceptions could return certain information as part of the error message. [quoted text clipped - 82 lines] >> This posting is provided "AS IS" with no warranties, and confers no >> rights. > Sorry in last post I meant an "unhandled" exception should never be shown > to a user And this is still bad policy. If you can't find your assemblies, I want (at least!) to know it's a "FileNotFoundException" so I can fire up filemon and start tuning ACLs. Yes and that is the type of exception which should be handled in code to say "File not found: filename" >> Sorry in last post I meant an "unhandled" exception should never be shown >> to a user > > And this is still bad policy. If you can't find your assemblies, I want > (at least!) to know it's a "FileNotFoundException" so I can fire up > filemon and start tuning ACLs.
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.