• The Exception class should not be used directly in the code
  • It should be classified into RuntimeException and Errors

Don’ts

Dos

Dos and Don’ts in Exception Handling (Cont’d)

  • The printStackTrace() function should not be used in the code as it reveals all the exception information to the user
  • An attacker can misuse the information to perform attack on the application
  • The exception thrown by an application should be stored in the logger file using a logger application

Don’ts

Dos

Dos and Don’ts in Exception Handling (Cont’d)

  • The vulnerable code throws an exception handler function with the same name from all user functions (isA, isB and isC)
  • This is not a good practice, because when an the error is encountered, it becomes difficult for the developer to identify the exact function that has thrown the error
  • It is a good practice to code separate error functions for every user funciton

Don’ts

Dos

Dos and Don’ts in Exception Handling (Cont’d)

  • Clean up code such as releasing resources, closing input I/O streams, and deleting files should be done in the finally block

Don’ts
– Clean up code should not be kept in try or catch block

Dos
– Clean up code should be kept only in finally block

Dos and Don’ts in Exception Handling (Cont’d)

  • Exceptions should be logged properly using a logger file

Don’ts

Dos