• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SCEA 5/1- Question about securitiy

 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a question regarding this statement bellow:

"Someone has been trying to expose application level information by intentionally causing exceptions."

Question : What is the technical explanation for "exposing the app level info intentionally causing exceptions"?

Tks in advance!!!
 
Andrew Monkhouse
author and jackaroo
Marshal Commander
Pie
Posts: 12007
215
C++ Firefox Browser IntelliJ IDE Java Mac Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They are suggesting that someone is trying to make the data visible to the programmers. Presumably the "application level information" is sensitive - it may be customer data. And presumably by putting the data in an exception, the malicious programmer is getting access to the data in an easy to find manner.

Does that help?

Regards, Andrew
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm thinking they're perhaps trying to mess up the program and get exception stack traces on the screen. Lots of time when a program messes up, rather than a friendly page, you get an exception stack trace.

Many posts on JavaRanch have people posting exception stack traces to get some help on their problems. That's fine and dandy, but I roll my eyes sometimes when I see stack traces that look like this:

Exception causes by:

com.bigbank.insurance.security.jaas.usernames.passwordhelper.Passowords
...ServerPassword("ABC", "123").....


You can learn alot about how a system is implemented by following a stack trace. And the more you know about how it was implemented, the closer you are to hacking it. Try and trigger some out of bounds exceptions, or throw in some non-standard characters, and you're probably going to get something.

-Cameron McKenzie

[ May 06, 2008: Message edited by: Cameron Wallace McKenzie ]
[ May 06, 2008: Message edited by: Cameron Wallace McKenzie ]
 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Cameron, with regards to my nickname...sending a private message to you ;-)

As far the question above..right right..I've got it....as English is my second language sometimes some easy expressions get a little confused

Tks Andrew, tks Cameron!! ;-)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic