Uploaded image for project: 'Apache NiFi'
  1. Apache NiFi
  2. NIFI-5374

Suppress stacktrace being returned to remote client when using NiFi REST API

    Details

      Description

      When a remote user attempts to use an endpoint with a malicious string, Jetty will return a full stacktrace of the error. This provides the remote user with excess information that can be used when attempting to manipulate a system.

      This stacktrace should be logged only to the nifi-app.log and the stacktrace suppressed before returning a 500 error to the user.

        Attachments

        1. image001.png
          318 kB
          Nathan Gough

          Issue Links

            Activity

              People

              • Assignee:
                thenatog Nathan Gough
                Reporter:
                thenatog Nathan Gough
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: