Article Details
| Id: | 17748 |
| Product: | finPOWER Connect WS |
| Type: | NEW |
| Version: | 3.03.05.15 |
| Opened: | 18/01/2021 |
| Closed: | 19/01/2021 |
| Released: | 26/02/2021 |
| Job: | J025781 |
 High Importance |
|
 Breaking Change |
|
Security Review; All database errors are now obfuscated
Any database errors returned from Web Services (this includes finPOWER Connect Cloud and Portals) are now obfuscated.
Since we have no control over the information returned in an error message such as one returned from MS SQL Server, this could potentially cause information about the database to be returned to the end user.
All database-related errors (exceptions) are now obfuscated and will return a message similar to one of the following: "An MS SQL Server exception occurred but details are not available." "MS SQL Server exception '#123' occurred but details are not available."
The full exception message is written to the Trace log (finBL.Trace object).