Is it correct or safe to throw an Exception whose message includes the
offending value?
Let's say you are writing a generic doSomething method where you check a
string argument for validity:
public void doSomething(String argument) {
if(!checkArgument(argument)) {
// Argument is not valid
throw new IllegalArgumentException("Argument " + argument + " is not
valid");
}
...
Is throwing an Exception whose message can contain potentially arbitrary
text safe? Or can it expose the program to log forging or some other
security issues?
Is there any best practice to handle such cases?
No comments:
Post a Comment