I'm new to java and I'm not that familiar with the formatting rules used by an error stack trace when it is thrown and subsequently displayed to an end-user of my web application.
My experience with Oracle database is that the error stack contains internal information, such as schema and procedure names and line number(s), which, while useful for debugging, I would like to prevent the user from seeing. Here's an example:
java.sql.SQLException : ORA-20011: Error description here
ORA-07894: at "NAME_OF_SCHEMA.PROCEDURE_NAME", line 121
ORA-08932: at line 10
The string I want to display to user is Error description here
. I can extract this string using regex expressions because I know (1) this string is always on the first line, so I can extract the first line of the error stack trace, and (2) this string always begins with Error
and ends with the end of the line. [Note for Oracle users (I don't want to mislead you): the above only applies when using RAISE_APPLICATION_ERROR with an error string starting with Error
, otherwise the text Error
is not there].
My questions for Java are:
(1) Is there anything potentially sensitive that you wouldn't want users to see in the error stack? If so, what? For example, file paths, server name/IP, etc.
(2) Are there any formatting rules for the Java error stack trace that I can rely on to extract the non-sensitive information? Or, how to others address this concern?
UPDATE 1:
Thanks for all the replies so far, they've been very helpful. While many people comment to use a function such as getUserFriendlyMessage()
to map errors to useful user messages, I wonder if someone could expand on this mapping. That is, for the common errors (SQL, I/O, etc.), what "reliable" identifier could be used to search this error stack for to identify the type of error that happened, and then what corresponding text string would you recommend to map to this error message to show to the user? @Adarshr's response below is a good start. For example,
Identified Expected If found in error stack, display this friendly msg to user
------------------- ----------------------------------------------------------
SQLException An error occurred accessing the database. Please contact support at support@companyname.com.
IOException Connection error(?). Please check your internet connection.
Assume compile-related errors don't need to addressed, but rather focus those errors that end users might experience during normal use. For reference, here's a list of run-time error messages: http://mindprod.com/jgloss/runerrormessages.html#IOEXCEPTION
Alternatively, is it possible to just use the FIRST LINE of the stack trace to display to user? This link is sort of what I was getting at in my original question above:
http://www3.ntu.edu.sg/home/ehchua/programming/howto/ErrorMessages.html
For example, if the identifier Exception
is always used, one could simply extract the text that comes between Exception
and the end of the first line. I don't know if we can rely on Exception
always being there.
See Question&Answers more detail:
os