Avoid exposing sensitive information in error messages

Avoid exposing sensitive information in error messages

Description

Simpl-Open shall ensure that error messages do not expose sensitive system or user information to prevent security leaks.

SMART Breakdown

• Specific: Error messages must not contain stack traces, internal system details, or sensitive user data (e.g., passwords, tokens, database queries). Instead, they should return generic error messages with detailed logs stored securely.
• Measurable: Measured through code reviews, security testing, and automated scanning tools that flag unsafe error messages.
• Achievable: Achieved by implementing centralised error handling mechanisms and configuring logging frameworks to capture details securely.
• Realistic: Preventing sensitive data exposure in error messages is a fundamental security best practice.
• Timely: Implemented during development, with ongoing security testing to detect potential information leaks.

Back to Simpl requirements overview