Hi team,
We are doing Pentesting for our application and found one security issue with the IDAcalls. So if we intercept the transaction parameter with a invalid string in the request of IDACall we are getting below highlighted response sayng [<BR> "XML parser fatal error: file '(in memory stream)' line 1:
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in
prolog."<BR>]. We want to restrict this error and not expose this to client side.
We have alreadt tried with the below configurations added in server.properties but its not helping. Could you please let us know if there is any other parameter which could help to restrict this error exposure.
servlet.sendStackTraceToClient: false
isomorphic.log.level=WARN
isomorphic.log.xml=false
smartclient.xml.errors.log=true
smartclient.xml.errors.sendToClient=false
# Custom Error Messages
rpc.customErrorMessage=An unexpected error occurred. Please contact support.
exception.returns.stacktrace: false
We are doing Pentesting for our application and found one security issue with the IDAcalls. So if we intercept the transaction parameter with a invalid string in the request of IDACall we are getting below highlighted response sayng [<BR> "XML parser fatal error: file '(in memory stream)' line 1:
org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Content is not allowed in
prolog."<BR>]. We want to restrict this error and not expose this to client side.
We have alreadt tried with the below configurations added in server.properties but its not helping. Could you please let us know if there is any other parameter which could help to restrict this error exposure.
servlet.sendStackTraceToClient: false
isomorphic.log.level=WARN
isomorphic.log.xml=false
smartclient.xml.errors.log=true
smartclient.xml.errors.sendToClient=false
# Custom Error Messages
rpc.customErrorMessage=An unexpected error occurred. Please contact support.
exception.returns.stacktrace: false
Comment