Re: How much data should flow back from a business exception?

Thread: Re: How much data should flow back from a business exception?

Search this list only Search all lists
Re: How much data should flow back from a business exception?
United Kingdom	2007-05-20 16:22:56
Matthew Peters wrote: > What do other people think? Matthew, the way I handled this in SDO was to introduce a "cause" property, with a getCause() public accessor, plus an additional optional parameter on the constructor for setting it. You can assign any object into the cause, though normally it would be the originating exception. Keeping this data separate from the other properties of the exception gives you a choice over when it is output. In particular, there's no reason for the getMessage() output to be the same as the __toString() output. Whereas if you have logging turned on, I'd expect all available data, including the cause, to be written to the log. Using these two techniques may give you enough control to preserve the information for when it's needed without displaying it when it's inappropriate. (BTW, I didn't myself make up this pattern, I just copied it from Another Language Beginning with J.) -- Caroline --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "phpsoa" group. To post to this group, send email to phpsoagooglegroups.com To unsubscribe from this group, send email to phpsoa-unsubscribegooglegroups.com For more options, visit this group at http:// groups.google.co.uk/group/phpsoa?hl=en -~----------~----~----~----~------~----~------~--~---

Re: How much data should flow back from a business exception?
United States	2007-05-23 10:34:44
OK, several things got discussed here but picking out the essential attitude to the initial question: Mike C says (I am quoting from pecl defect 10994): " I would like to suppress everything with the exception of the exception description and number. Exposing files and backtraces in exceptions to the end user I think is too much info to expose (for security reasons, and simplicity). " Graham says "I think Mike is right that we shouldn't always flow this information. It is a potential security hole as it could divulge more information than we would like." Simon says "I wouldn't expect that a stack trace is required or even useful." That seems a pretty clear message that the default behaviour at least should be to suppress the details from the remote exception. We can debate another time on whether or how it should be revealed, if anyone ever wants it. So, any volunteers to chop it out? We could stop generating the "This wsdl was generated..." comment at the bottom of the wsdl since it was only used for that. Matthew --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "phpsoa" group. To post to this group, send email to phpsoagooglegroups.com To unsubscribe from this group, send email to phpsoa-unsubscribegooglegroups.com For more options, visit this group at http:// groups.google.co.uk/group/phpsoa?hl=en -~----------~----~----~----~------~----~------~--~---

[1-2]

about | contact Other archives ( Real Estate discussion Medical topics )