Replace Verbose Errors with Custom Messages

Web applications issue HTTP error messages, such as Error Code 500 (Internal Server Error) and Error Code 404 (Not Found), for servlet exceptions that occur at run time (for example, when a servlet is processing the form data). Some internal error messages are verbose and provide sensitive system information.

To tighten the security on your production systems, Oracle recommends that you replace the verbose error messages with brief customized messages.

You can create an HTML error page containing a custom message, and then use the XML error-page element and subelements in the web.xml file to specify the HTML error page to use for the servlet exceptions. You can create a different error message for each error number or use the same generic message for more than one error.

Oracle recommends that you edit the web.xml file for the:

• RDC Onsite application
• OPA Administration utility