Comment by wvenable
3 days ago
If your error logging is leaking privileged information to attackers that's a completely different problem from what you should do in code when throwing exceptions.
Wrapping exceptions to remove information is mostly a pointless exercise. You should be doing it only to add additional context.
It's not a different problem, my whole point was that letting exceptions bubble is not a universally acceptable policy. Sometimes you want to bubble, sometimes you want to wrap, and sometimes you want to wrap with information hiding to avoid leaking information.
> my whole point was that letting exceptions bubble is not a universally acceptable policy.
It should be. It should bubble to whatever boundary you have (web API, event loop, etc). At that boundary, if it's not supposed to leak information then don't. Do whatever sanitation you need at one point only. Good use of exceptions should have as few "catch" blocks as possible.