Details
-
Bug
-
Resolution: Fixed
-
Low
-
7.4.0, 7.13.0, 7.15.0
-
40
-
Severity 3 - Minor
-
64
-
Description
NOTE: This suggestion is for Confluence Server.
Problem Definition
The Confluence error page typically displays "Oops - an error has occurred", it displays System error, the cause, then the stack trace that deals with that error. This is not desirable for all instances as it could be a security risk or provide unnecessary complexity for normal users.
As noted in Open Web Application Security's Improper Error Handling suggestions:
Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These messages reveal implementation details that should never be revealed. Such details can provide hackers important clues on potential flaws in the site and such messages are also disturbing to normal users.
Suggested Solution
Have Confluence error pages have the possibility to have admins edit this page to not show the stack trace (or display a custom message) and just inform the user that an error has happened and that he/she need to grab assistance from the admin.
Attachments
Issue Links
- blocks
-
CONFSERVER-40891 option to suppress system error
- Gathering Interest
- is cloned from
-
- Gathering Interest
- is related to
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to