...
The previous compliant solution logs the exception instead of revealing sensitive information. (See guideline EXC06-J. Do not allow exceptions to transmit sensitive information) and as a result. for more information.) Sometimes no sensitive information can be revealed by any of the possible exceptions. In such cases, an equivalent mechanism that allows exceptions to be wrapped can be used. This allows the caller to obtain better diagnostic information. For example, if an applet doesn't have access to read system files that contain fonts, it can accomplish the task from a privileged block without revealing any sensitive information. In fact, if non-sensitive exceptions provide more information, the client can deduce the symptoms of a read failure more easily.
...
Returning references to sensitive resources from within a doPrivileged block can break encapsulation and confinement. Any caller who can invoke the privileged code directly and obtain a reference to a sensitive resource or field can maliciously modify its elements.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
SEC02- J | medium | likely | high | P6 | L2 |
...