Comment by naasking
2 days ago
You're leaking implementation details if you let exceptions bubble. Sometimes this is ok if all of the callers are aware of the implementation details anyway, but it can make refactoring or changing implementations more difficult otherwise.
You should leak implementation details on exceptions -- if an operation fails because of a network timeout or file access issue, that's useful information. Most exceptions cannot be meaningfully caught anyway so let me log with a good stack trace and be done with it.
The inner, wrapped exception is logged. Leaking exception details can also leak privileged information, and if you're not careful this can leak information to attackers too. More information is not necessarily better.
If your error logging is leaking privileged information to attackers that's a completely different problem from what you should do in code when throwing exceptions.
Wrapping exceptions to remove information is mostly a pointless exercise. You should be doing it only to add additional context.
1 reply →