[Geoserver-devel] [jira] Created: (GEOS-2972) SQL query is shown in WFS response on error

_Failed_to_Retrieve · May 1, 2009, 1:52pm

SQL query is shown in WFS response on error
-------------------------------------------

                 Key: GEOS-2972
                 URL: http://jira.codehaus.org/browse/GEOS-2972
             Project: GeoServer
          Issue Type: Bug
          Components: Oracle, WFS
    Affects Versions: 1.7.3
         Environment: WFS and Oracle
            Reporter: Simon Peter Haverdings
            Assignee: Andrea Aime
            Priority: Critical

I created a view in the database and created a feature type for that view.
After that I deleted the view.
When performing a WFS request on that feature type, instead of getting a (generic) error, I get an error with the precise SQL query that was being performed!

Why does an error in the backend result in the backend being exposed in the front-end!
This is a serious security bug and should never have allowed to happen!
When an error occurs on the backend, it should be logged and the requester (client) should be notified with an (nice) error message of geoserver (a code with/out a description) that briefly describes the kind of error that has occured, but not the actual error.

So I would like to see this:
<?xml version="1.0" ?>
<ServiceExceptionReport
   version="1.2.0"
   xmlns="http://www.opengis.net/ogc"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.opengis.net/ogc http://schemas.opengis.net/wfs/1.0.0/OGC-exception
.xsd">
   <ServiceException>
       error:GEOS12345: Could not request the data from the system
</ServiceException></ServiceExceptionReport>

Instead of the current response:

<?xml version="1.0" ?>
<ServiceExceptionReport
   version="1.2.0"
   xmlns="http://www.opengis.net/ogc"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.opengis.net/ogc http://schemas.opengis.net/wfs/1.0.0/OGC-exception
.xsd">
   <ServiceException>
       error:Translator error
Translator error
Error reading Features
Could not aquire feature:org.geotools.data.DataSourceException: Error Performing SQL query: SELECT &quot
;NAME", "CENTRE" FROM "VIEW" WHERE "NAME" = &apos
;GEM_CENTRE'
Error Performing SQL query: SELECT "NAME", "CENTRE" FROM "VIEW
" WHERE "NAME" = 'GEM_CENTRE'
ORA-00942: Tabel of view bestaat niet.

</ServiceException></ServiceExceptionReport>

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira