Page History

*EXC32-J-EX1*: A secure application must also abide by [EXC01EXC06-J. Do not allow exceptions to transmit sensitive information]. To follow this rule, an application might find it necessary to catch all exceptions at some top-level to sanitize (or suppress) them. This is also summarized in the CWE entries, [CWE 7|http://cwe.mitre.org/data/definitions/7.html] and [CWE 388|http://cwe.mitre.org/data/definitions/388.html]. If exceptions need to be caught, it is better to catch {{Throwable}} instead of {{Exception}} \[[Roubtsov 03|AA. Java References#Roubtsov 03]\].