Skip to content

The DBMS must restrict error messages, so only authorized personnel may view them.

An XCCDF Rule

Description

<VulnDiscussion>If the application provides too much information in error logs and administrative messages to the screen, this could lead to compromise. The structure and content of error messages need to be carefully considered by the organization and development team. The extent to which the information system is able to identify and handle error conditions is guided by organizational policy and operational requirements. Some default DBMS error messages can contain information that could aid an attacker in, among others things, identifying the database type, host address, or state of the database. Custom errors may contain sensitive customer information. It is important that error messages are displayed only to those who are authorized to view them. This calls for inspection of application source code, which will require collaboration with the application developers. It is recognized that in many cases, the database administrator (DBA) is organizationally separate from the application developers and may have limited, if any, access to source code. Nevertheless, protections of this type are so important to the secure operation of databases that they must not be ignored. At a minimum, the DBA must attempt to obtain assurances from the development organization that this issue has been addressed and must document what has been discovered.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-219786r879656_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

i)  For each end-user-facing application that displays DBMS-generated error messages, configure or recode it to suppress these messages.

(If the application is coded in Oracle PL/SQL, the EXCEPTION block can be used to suppress or divert error messages.  Most other programming languages provide comparable facilities, such as TRY ... CATCH.)

ii)  For each unauthorized user of each tool, remove the ability to access it.  For each tool where access to DBMS error messages is not required and can be configured, suppress the messages.  For each role/user that needs access to the error messages, or needs a tool where the messages cannot be suppressed, document the need in the system security plan.