I work for a very large enterprise. Here, we have many WebSphere Application Server clusters, each running many J2EE web applications. Most (but not all) of these applications contain special directives in their web.xml to display custom error page when an unexpected exception occurs. Here’s an example:
By doing that, of course, we aim to show a friendly error page to our customers, but furthermore, we mainly aim to hide the stacktraces which are usually included in standard http 500 error pages. As you should know, these stacktraces include a lot of sensitive data such as packages’ names, classes’ names and even methods’ names. Worst, sometime, these stacktraces contain SQL exceptions, which often reveal which databases server software is used. Even worst, sometime, these stacktraces contain file and folder paths, which, in turn, can reveal on which operating systems’ family our WebSphere Application Server runs. Do I need to mention all the other even more sensitive data which can be reveal by these stacktraces? (Usernames, port numbers, IP addresses, computer/server names, JNDI objects’ names…)
So, no big surprise here, every large enterprise needs to hide these stacktraces to their customers.
But, here’s our problem:
Sometime, even with a custom error page well configured in the web.xml file, WebSphere sends the basic error page to the customers’ web browser. I understand very well why WebSphere do that. As example, I know that when de http response’s headers are already committed, WebSphere cannot reset its buffer to send the custom error page, and then cannot do better than sending a basic error page.
So, here are my questions:
Is it possible to configure WebSphere so it never ever includes any stacktrace in its basic error page? This way, even when, for some technical reason, WebSphere cannot send our custom error page, at least the basic error page wont includes any sensitive data.