No stack trace generated on client site for NullPointerException?

Question

I've been learning Java for about a month now, and not very familiar with a client/server situation like this one.

Basically I ran into a situation where our client java software (GUI) displayed a nullpointerexception popup but no stack trace on the client side. Someone had to go check the server side for the stack trace.

My question is, shouldn't the client side receive this precious information as well? Are situations like that ok, the rationale being one only needs one copy of the stack trace?

Answer 1

Not really. It is not recommended to show the way your app works from behind to the client. Mainly for security reasons. Your stacktrace shows all the objects being called, methods and if compiled with debug info, even lines. That's too much information for the client, it is ok to have it on the server.

This among SQL injection, Cross side script and others that I cannot remember, improper exception handling is a security vulnerability.

EDIT: Here are other vulnerabilities ( although I don't see this one listed :( )

http://en.wikipedia.org/wiki/Vulnerability_(computing)

Answer 2

The client only needs to know hat it needs to know. In alot of cases it perfectly fine to not show any stacktraces on your client. Your users should get clear error messages but dont care about a stacktrace.

For debugging purposes a stacktrace is generally lost anyway, application gives errors, users restart it and gone is any excpetion, so if you need to know the errors use a logging framework.

Answer 3

Thank you for the help!