Home > Design Patterns > Exception Shielding
Exception Shielding

Exception Shielding (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)

How can a service prevent the disclosure of information about its internal implementation when an exception occurs?

Problem

Unfiltered exception data output by a service may contain internal implementation details that can compromise the security of the service and its surrounding environment.

Solution

Potentially unsafe exception data is "sanitized" by replacing it with exception data that is safe by design before it is made available to consumers.

Application

This pattern can be applied at design time by reviewing and altering source code or at runtime by adding dynamic sanitization routines.

Impacts

Sanitized exception information can make the tracking of errors more difficult due to the lack of detail provided to consumers.

Architecture

Service
Exception Shielding: Potentially unsafe information is sanitized by routines added to the service logic, thereby releasing only safe exception information to service consumers.

Potentially unsafe information is sanitized by routines added to the service logic, thereby releasing only safe exception information to service consumers.

Related Patterns in This Catalog

Service Agent, Service Perimeter Guard, Utility Abstraction

Related Service-Oriented Computing Goals

Increased Organizational Agility, Reduced IT Burden