SM Web client should display friendly but generic error messages

SM Web client should display friendly but generic error messages

The application error messages of Service Manager are not really user-friendly:

 

What does this tell the user?

      Unrecoverable error in application x.y, z

On the other hand error messages do expose frequently some code or queries, which is in general information that should not be shared as it might provide indications of a vulnerability.

 

The idea is:

Implement a generic error message like "Update failed because of internal server error. Please retry later.".

Just keep validation error messages or similiar that give the user concrete information that the issue is with his input.

Only with capability "Debug" or "SysAdmin" detailed application errors should be displayed.

 

Reference:

https://www.owasp.org/index.php/Improper_Error_Handling

QCCR1E68924

Tags (3)
1 Comment
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor
Status changed to: Waiting for Votes
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.