Building Secure ADF Applications

5 of 31

Error Handling (2)

uOracle ADF-generated JavaServer Pages (JSPs) standard practice:

Ø<af:messages/> tag at the top of each page for error handling

§Can be used to display custom error messages to users

§More often uncaught exceptions and stack traces will be displayed.

§Can be revealing to someone analyzing a system for weaknesses.

ØExceptions could reveal information about the data model if thrown during a DML operation.

ØMay also indicate how input parameters are used in other areas of the system.