Comment by wvenable
2 days ago
You should leak implementation details on exceptions -- if an operation fails because of a network timeout or file access issue, that's useful information. Most exceptions cannot be meaningfully caught anyway so let me log with a good stack trace and be done with it.
The inner, wrapped exception is logged. Leaking exception details can also leak privileged information, and if you're not careful this can leak information to attackers too. More information is not necessarily better.
If your error logging is leaking privileged information to attackers that's a completely different problem from what you should do in code when throwing exceptions.
Wrapping exceptions to remove information is mostly a pointless exercise. You should be doing it only to add additional context.
It's not a different problem, my whole point was that letting exceptions bubble is not a universally acceptable policy. Sometimes you want to bubble, sometimes you want to wrap, and sometimes you want to wrap with information hiding to avoid leaking information.