Propagating the Exception

There are a number of things we have to do to propagate the ExistingReviewException information to the client. We have to figure out how to augment the general Simple Object Access Protocol (SOAP) failure with the specific information needed when we try to add an additional review. One thing that jumps out immediately is that we do not want the client to be able to see the stack trace of our server code. This is a security issue because it gives people information about how our code is structured, and this could be exploited. So first, let's make sure that the clients cannot see the stack trace. This is accomplished by making a change to the Web.config file in the ServiceInterface directory. Here is the change:

<customErrors mode="RemoteOnly" />

After this change is made, the stack trace is no longer available to users who are not running on the local Web server.

0 0

Post a comment