Page History

*EXC14-EX1*: A secure application must also abide by guideline [EXC06-J. Do not allow exceptions to transmitexpose sensitive information]. To follow this guideline, an application might find it necessary to catch all exceptions at some top-level to sanitize (or suppress) them. This is also summarized in the CWE entries, [CWE 7|http://cwe.mitre.org/data/definitions/7.html] and [CWE 388|http://cwe.mitre.org/data/definitions/388.html]. If exceptions need to be caught, it is better to catch {{Throwable}} instead of {{Exception}} \[[Roubtsov 2003|AA. Bibliography#Roubtsov 03]\].