My
test team try to hack on the system, they found out that GWT-RPC call returned a sensitive information (class name as emphasis as below) in response format "//EX" message. I'm amazed that I can't find any postings on this issue.
HTTP Request (Request payload):
7|0|5|http://localhost:8080/Test_Web/|14B8AB60CF9C73722670313BAE18D294|abc|abc|abc|1|2|3|4|1|5|0|
HTTP Response:
//EX[2,1,["com.google.gwt.user.client.rpc.IncompatibleRemoteServiceException/3936916533","This application is out of date, please click the refresh button on your browser. ( Blocked attempt to access
interface 'abc', which is not implemented by 'com.testProject.client.customerClassService'; this is either misconfiguration or a hack attempt)"],0,7]
Specially the part that says "either misconfiguration or a hack attempt". In my case is hack attempt as HTTP Response, because the exception states that '
abc' is not implemented by '
com.testProject.client.customerClassService'.
Any ideas to hide the sensitive information (class name) in the error message as above ? I try with all browsers available it is not from the browser.
Urgent. Any help will be appreciated.
Thanks.