Custom database code and associated application code must not contain information beyond what is needed for troubleshooting.
An XCCDF Rule
Description
<VulnDiscussion>Error codes issued by custom code could provide more information than needed for problem resolution and should be vetted to make sure this does not occur.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-251625r807742_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure custom database code, and associated application code not to divulge sensitive information or information useful for system identification in error messages.