users@glassfish.java.net

Re: Sun Java Application Server 9.1 / Glassfish v2.1 Hardening Guide

From: Hassan Schroeder <hassan.schroeder_at_gmail.com>
Date: Sun, 5 Jul 2009 19:36:30 -0700

On Thu, Jul 2, 2009 at 12:11 AM, <glassfish_at_javadesktop.org> wrote:

> I am looking at guides to secure my application server, such as preventing stack trace displayed to users or custom error page which conceal / hide the errors encountered such as 404 / 500 etc.
>
> I have browsed through documentation but could not find any related topics for this.

Maybe that's because Error Pages are part of the JSP spec -- see
e.g. "JSP.1.4.3 Using JSPs as Error Pages" in the JSP 2.1 version.

And their configuration is covered by the Servlet Spec as part of the
deployment descriptor.

I'd suggest reading those, and then come back if you have specific
questions or implementation issues.

FWIW,
-- 
Hassan Schroeder ------------------------ hassan.schroeder_at_gmail.com
twitter: @hassan