...
This rule appears in the C++ Secure Coding Standard as ERR12-CPP. Do not allow exceptions to transmit sensitive information.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d83e3e87-376c-4231-8532-8aaff1c34184"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 209 | http://cwe.mitre.org/data/definitions/209.html] "Information Exposure Through an Error Message" | ]]></ac:plain-text-body></ac:structured-macro> | ||
| CWE ID 600, "Uncaught Exception in Servlet" | ||||||
| CWE ID 497, "Exposure of System Data to an Unauthorized Control Sphere" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3483c92355cc1fdd-52760507-4c724c1f-b9a9b51c-f4ebb177b5bb24bb2eab791d"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.1 Security Exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0fd1021a78275e59-42ba02fd-42dd4910-a34299fa-2b9d758b34a7d531b6bf5e1c"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 3-4 Purge sensitive information from exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
...