security audit
Knowledge Base : Suppressing Stack Traces on HTTP 500 Errors
posted by SpringSource on May 18, 2010 04:33 AM
Security Audits may identify issues with 500 errors, and require the stack traces to be suppressed.
By default when a 500 error (Internal Server Error) occurs in Tomcat it will display a full stack trace on the error page. This can give a hacker information about what technology is being used within the application. To control the error response, it is recommended to customize your own error reporting valve. The current error reporting valve is a good starting point and can be modified to meet your needs. To remove the stack trace element alone will mean removing two lines of code.
Here is the source to the current valve:
Happening Now on TomcatExpert
peufla commented Building extensions to jdbc-pool- kb18001 commented Apache Tomcat 7.0.25 released
Active Members
Tags in Tags
apache
Apache Tomcat 7
cloud computing
clustering
connector
deployment
enterprise
ERS
java
migration
mod_jk
server
ssl
Tomcat
Tomcat 5.5
Tomcat 6
Tomcat 7
Tomcat Admin
Tomcat Configuration
Tomcat JMX
Tomcat JVM
Tomcat Logging
Tomcat Manager
Tomcat Memory
Tomcat Performance
Tomcat Security
Tomcat SSL
Tomcat Support
Tomcat Windows
upgrade
Popular Links