• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

stack trace display only to moderators

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Wouldn't it be simpler just to keep stacktraces in the logs? I mean, for development it's ok to see immediatly the stack trace but for a final product like this one, unless the moderators are Java programmers, I don't think it is necessary to show them the full error message.

Just good old logging and a neutral message like "there was a problem yadda yadda, notify your admin". You could even make it so an unhandled message sent an email to the forum admin with the stack trace and all the parameters.


[originally posted on jforum.net by GreenEyed]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

Our security department recommended to display stack trace only to moderators, so hackers cannot get clue about system (I know it is open source and they can make it if they look at the source, but this is still good practice).

Therefore I've made a small modification to the file below. This file displays stack trace only to moderators. Date and time of the error is also appended to aid moderators find the stack trace of the exceptions users get, in the forum log file.

14.12.05: Deleted java file, see below for the new version. This one was downloaded 17 times.
[originally posted on jforum.net by cagin]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I agree, but I just didn't want to change things that much. Others may still find it useful to see the exception right in front of them burried in source of the html, rather than to dive into the logs.
[originally posted on jforum.net by cagin]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, I will include it in the main distribution, but make it confiurable - allowing by default the current behaviour.

Rafael
[originally posted on jforum.net by Rafael Steil]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK, I made it optional. If jforum-cust.conf includes


then only moderators see stack trace.

Deleted previous file.

Have fun
[originally posted on jforum.net by cagin]
 
Well THAT's new! Comfort me, reliable tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic