Tuesday, August 30, 2005

How to Handle Exceptions Securely

Do not reveal internal system or application details, such as stack traces, SQL statement fragments, and table or database names. Ensure that this type of information is not allowed to propagate to the end user or beyond your current trust boundary.

When you log or report exceptions, if user input is included in exception messages, validate it or sanitize it.

ASP.NET specifics:

By default, in ASP.NET the mode attribute of the <customErrors> element is set to remoteOnly, which returns complete exception information (including the stack trace) only to callers on the same computer as the server. Remote callers receive filtered exception information. In a production environment, you should set the mode attribute to On, so that all callers receive filtered exception information.

Also set pageOutput="false" on the <trace> element to disable trace output.

Define a global error handler in Global.asax to catch any exceptions that are not handled in code.

Adopted from http://msdn.microsoft.com/library/en-us/dnpag2/html/PAGPractices0001.asp.


Post a Comment

<< Home