Microsoft Code Zone Missing Proper Exception Handling Policy

16 בדצמבר 2006

no comments

On my Enterprise Library 2.0 course which was a part of the MVPs Week that took place last week I've talked about the Exception Handling Application Block which is part of the Enterprise Library and why its so important to handle exceptions the right way…

One of most common failure of system regarding application security is the way application developers handle exceptions in the code, If you do not take care of unexpected exception you might expose some information on your system that you might have wanted to conceal.

For example… take a look at the Microsoft Code Zone… seems like someone haven't looked deeply into the code that was written there as when an unexpected exception happened we begin to start finding some inner application info…

There is a user by the name of UrlRedirection on the system which is used to access to the database.

Well if the big ones fail… probably you too… so take a deep look at your source code and see if you have handled all the exceptions the right way… and that is catching them (or any unhandled exception) on the top most layer before the presentation layer log the exception and replace it with an informative exception that will not expose any details about the real exception.

 

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*