You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently this adapter does not provide any API to modify its error handling behaviour and by default it simply converts any Objection errors into a FeathersError.
Unfortunately, this leads to leakage of database details in the form of error messages that usually contain the SQL that Objection is trying to execute. This should be considered a security vulnerability as it can be potentially used by malicious actors.
As FeathersError strip out any information from the original error, it makes it difficult to intercept the error and determine its original Objection error type so that we can re-map the error message. The Objection docs essentially suggest this is what you should be doing: https://vincit.github.io/objection.js/recipes/error-handling.html
Currently this adapter does not provide any API to modify its error handling behaviour and by default it simply converts any Objection errors into a
FeathersError
.Unfortunately, this leads to leakage of database details in the form of error messages that usually contain the SQL that Objection is trying to execute. This should be considered a security vulnerability as it can be potentially used by malicious actors.
As
FeathersError
strip out any information from the original error, it makes it difficult to intercept the error and determine its original Objection error type so that we can re-map the error message. The Objection docs essentially suggest this is what you should be doing: https://vincit.github.io/objection.js/recipes/error-handling.htmlInterestingly,
feathers-knex
already offers an escape hatch that allows you to access the underlying original error: https://github.com/feathersjs-ecosystem/feathers-knex#error-handlingThis could perhaps serve as the frame of reference for where the API should go.
The text was updated successfully, but these errors were encountered: