How to avoid content spoofing/improper error handling in druid?
21 views
Skip to first unread message
Laxmikant Pandhare
Sep 15, 2023, 2:38:18 PM9/15/23
to Druid User
Hi All,
I am getting exception as per expectation but those error messages/exceptions showing entire content of the system. How I can stop revealing entire content in exceptions and avoid content spoofing in druid.
This is type of improper error handling as explained here - https://owasp.org/www-community/Improper_Error_Handling
Any help will be appreciated.
Thank You,
Laxmikant
Laxmikant Pandhare
Sep 18, 2023, 12:46:19 PM9/18/23
to Druid User
Anyone has idea about above topic in druid.
Laxmikant Pandhare
Sep 20, 2023, 4:59:33 PM9/20/23
to Druid User
I would like to explain more here.
Let's say I have a druid link - https://Server_Name:PortNumber accessible here but user tried to add some content at the end like https://Server_Name:PortNumber/Iamattackerhere
So, above link is showing 404 page not found error. Like below -
HTTP ERROR 404 Not Found
URI: /Iamattackerhere
STATUS: 404
MESSAGE: Not Found
SERVLET: org.eclipse.jetty.servlet.DefaultServlet-1aac0a47
URI: /Iamattackerhere
STATUS: 404
MESSAGE: Not Found
SERVLET: org.eclipse.jetty.servlet.DefaultServlet-1aac0a47
Instead of echoing this user entered link, I want druid to throw some designed result to avoid this.
Anyone can please help here.
Reply all
Reply to author
Forward
0 new messages