Do Not Divulge Exception Details to Clients in Production

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Do not divulge exception error details to clients in production. Instead develop a fault contract and return it to your client. When exceptions occur, return concise error messages to the client and log specific details on the server. Do not reveal internal system or application details, such as stack traces, SQL statement fragments, and table or database names to the client. Ensure that this type of information is not allowed to propagate to the end user or beyond your current trust boundary. If you expose any detailed exception information to the client, a malicious user could use the system-level diagnostic information to learn about your application and probe for weaknesses to exploit in future attacks.

By using the FaultContract attribute in a service contract you can specify the possible faults that can occur in your WCF service. This prevents exposing any other exception details to the clients. To define a Fault contract, apply the FaultContract attribute directly on a contract operation, specifying the error detailing type as shown below:
interface ICalculator
   double Divide(double number1,double number2);

In the following example, the FaultContract attribute is limited to the Divide method. Only that method can throw that fault and have it propagated to the client.
class MyService : ICalculator
   public double Divide(double number1,double number2)

      throw new FaultException<DivideByZeroException>(new DivideByZeroException());

Additional Resources

Last edited Jun 12, 2008 at 9:25 PM by prashantbansode, version 1


No comments yet.