Page History

*EXC14-EX1*: A secure application must also abide by guideline [EXC06-J. Do not allow exceptions to transmit sensitive information]. To follow this ruleguideline, an application might find it necessary to catch all exceptions at some top-level to sanitize (or suppress) them. This is also summarized in the CWE entries, [CWE 7|http://cwe.mitre.org/data/definitions/7.html] and [CWE 388|http://cwe.mitre.org/data/definitions/388.html]. If exceptions need to be caught, it is better to catch {{Throwable}} instead of {{Exception}} \[[Roubtsov 2003|AA. Bibliography#Roubtsov 03]\].

*EXC14-EX2*: Task processing threads such as worker threads in a thread pool or the swing event dispatch thread are allowed to catch {{RuntimeException}} when they call untrusted code through an abstraction such as {{Runnable}} \[[Goetz 2006 pg 161|AA. Bibliography#Goetz 06]\].