function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Philip Meldrum08237737677563425Philip Meldrum08237737677563425 

Exception Handling and the Security Review

Our App has been rejected in the Security Review because of 'Information Disclosure'
"Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack. An information leak occurs when system data or debugging information leaves the program through an output stream or logging function"

The tester managed to break one of our triggers, and an error was displayed:
Error: Invalid Data. 
Review all error messages below to correct your data.
Apex trigger aiAP1.aiAPtrig_OrderItem caused an unexpected exception, contact your administrator: aiAP1.aiAPtrig_OrderItem: execution of BeforeInsert caused by: System.NullPointerException: Attempt to de-reference a null object: (aiAP)

What I'm doing is adding a try..catch... in all trigger and using addError to say:
SALESFORCE do not allow error messages from Appexchange apps - so all I can tell you is you did something wrong. Please ask your System Admin to contact Alpha Publisher

Any comments?
Is this common practice? Or do you try to write to an error log so you at least have some chance of fixing the issue?