Patching DWR to hide exception error message
by Ye Yint Min Thu Htut
Over the years, we have been feeling itchy with Direct Web Remoting framework (DWR - http://directwebremoting.org/dwr/index.html) 's infamous error message:
From compliance perspective, this may trigger disclosure of detailed error messages. Yet developers are NOT in any control over it in any means.
We realised the only way to fix it is to directly modify the source. We managed to fix it.
Watch the video below to patch it yourself just to make our claims work. We will not distribute JAR file as this may lead some guys to accuse us of distributing potentially backdoored JAR files.
Video: Patching DWR 3.0.1 / Video: Patching DWR 2.11 -
https://github.com/yehgdotnet/DWR-Custom-Error-Patching
Over the years, we have been feeling itchy with Direct Web Remoting framework (DWR - http://directwebremoting.org/dwr/index.html) 's infamous error message:
From compliance perspective, this may trigger disclosure of detailed error messages. Yet developers are NOT in any control over it in any means.
We realised the only way to fix it is to directly modify the source. We managed to fix it.
Watch the video below to patch it yourself just to make our claims work. We will not distribute JAR file as this may lead some guys to accuse us of distributing potentially backdoored JAR files.
Video: Patching DWR 3.0.1 / Video: Patching DWR 2.11 -
https://github.com/yehgdotnet/DWR-Custom-Error-Patching
Comments
Post a Comment