RE: Concerns about exception string revealing internals/data about

My question is related to the CLR as I am just trying to determine if
exceptions could return certain information as part of the error message.
The application deals with a database and contains social security numbers
and other sensitive information. I am just trying to determine if an
exception occurs in my program, is it possible that the exception error
message (i.e. Exception.ToString) could display/contain data from the
database and/or field names in the database. For example, it would be bad if
the error displayed something like "Error parsing [Social Security Number]
111-11-1111". I know you said it depends upon the "provider"; I am using the
built in ADO objects in Visual Studio for Microsoft SQL Server. Thus, I am
using a Microsoft provider. I do NOT need any particular information in the
error message. I am trying to PREVENT certain information from appearing in
an error message. Thus I don't see this as an ADO issue but a general
question on what Visual Studio puts in error messages (exceptions).
Everything I have seen so far in the messages imply this will not happen
(i.e. typical error message;

System.Threading.ThreadStartException: Thread failed to start. --->
System.Threading.ThreadAbortException: Thread was being aborted.
--- End of inner exception stack trace ---
at System.Threading.Thread.StartInternal(IPrincipal principal,
StackCrawlMark& stackMark)
at System.Threading.Thread.Start()
at xxxxx.xxxxService.Sessions.NewPluginsAvailable() in C:\STuff.cs:line 387

--
Thank you.


""Jeffrey Tan[MSFT]"" wrote:

Hi KTJ,

Can you tell me what controls you are using in your scenario? Do you use
the build-in controls in SQL Server2000 or .Net winform/Asp.net controls?

I think this is the implementation specific. Based on my experience, if the
underlying provider really incoporates well with the underlying database, I
think the provider will encapsulate enough internal information regarding
in the .Net exception. So the upper layer code can get enough information
in the exception object. The upper layer code only reads the exception
object, no matter the upper controls are Microsoft or not, the result is
the same. The information is determined by the underlying provider. I think
most good providers will provide the information you wanted.

Do you meet the scenario that the Microsoft provider does not provide the
information your wanted?

Actually, I am not an ADO.net expert. Since this newsgroup mainly focuses
on CLR related runtime issues, I recommend you post your questions in:
microsoft.public.dotnet.framework.adonet --- if your wanted information
about data provider in .Net side(your controls refer to .Net controls)
microsoft.public.sqlserver.server --- if you are using SQL Server controls

There will be more data related experts in these newsgroup. Thanks for your
understanding.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: Concerns about exception string revealing internals/data about
    ... Sorry in last post I meant an "unhandled" exception should never be shown to ... exceptions could return certain information as part of the error message. ... built in ADO objects in Visual Studio for Microsoft SQL Server. ... the build-in controls in SQL Server2000 or .Net winform/Asp.net controls? ...
    (microsoft.public.dotnet.framework.clr)
  • Re: Prefetch objects failed Error when added more than 2 table as
    ... Is there any further info from Microsoft on this issue? ... using transactional replication and we got similar error message: ... Exception Type: Microsoft.SqlServer.Management.Smo.FailedOperationException ... This replication job failed twice in its history with the same message shown ...
    (microsoft.public.sqlserver.replication)
  • Re: Concerns about exception string revealing internals/data about
    ... exception as an inner exception depending how you are handling it later). ... helps clean up the contract from your data layer .. ... exceptions could return certain information as part of the error message. ... built in ADO objects in Visual Studio for Microsoft SQL Server. ...
    (microsoft.public.dotnet.framework.clr)
  • Re: Form designer looses controls
    ... Could you tell me what controls are placed on the form? ... You can also submit a bug or suggestion on Visual Studio in the Microsoft ... Microsoft Online Community Support ... showed up error message. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: im a new java user im having problems with my program using the try and catch
    ... program should prompt the user to enter the value for N and then ... If there is any exception as the user is ... entering the N numbers an error message should be displayed and the ... Copyright 1985-2001 Microsoft Corp. ...
    (comp.lang.java.programmer)