Hi all,
We are working on hardening our DataMiner system and would like to reduce the information that is returned by the API when making an invalid call from an external system.
The current error response includes a stacktrace.
Is there a configuration that allows us to reduce the amount of information that is returned in the error message
From DataMiner versions 10.1.0 [CU6] and 10.1.9 onwards, the API should not expose any stacktraces anymore on valid calls. If you somehow still get an error with a stacktrace, then please let us know so we can fix it.
For invalid calls, the error gets thrown from the .NET Framework, so we can’t control this. Enabling customErrors in the web.config is the only way to hide those errors, but this will impact the error handling in our web applications (Monitoring, Dashboards, Jobs, Ticketing, etc).
Should be fixed in versions 10.1.0(CU14), 10.2.0(CU2) and 10.2.5. (RN33052)
Hi Ive,
I think you can set customErrors to mode ‘On‘ in the web.config (located in C:\Skyline DataMiner\Webpages\API\web.config):
<customErrors mode=”On” />
<!– Off: returns stacktraces –>
According to the documentation, you can also set it to ‘RemoteOnly’, meaning the stacktrace will only be returned on the local server (not to remote clients). See: https://docs.microsoft.com/en-us/previous-versions/dotnet/articles/aa480514(v=msdn.10)?redirectedfrom=MSDN#faultfaultmessage
Note that this will break the error handling in the web applications (Monitoring, Dashboards, Ticketing, Jobs, etc).
Is there a functional reason why these apps rely on the stack trace for error handling?
We still see some unexpected stack traces.
I’ll raise a ticket.