Idea ID: 2825482

Avoid vulnerabilities on REST APIs configured in HP SM by avoiding exposing the field names

Status : Accepted
9 months ago

When APIs are invoked with wrong values in the parameters, the response body is exposing the dbdict field names [SQL field names , table name] are getting exposed in the error messages. This can lead to a security vulnerability.

It is better to expose the label field names configured in APIs or some generic messages  instead of giving the exact field names/tables names.

Tags: