Obfuscate error messages

[jfversluis]

When doing a simple GET request through your browser to, i.e. https://www.scrumpoker.online/api/session/create the error message includes the full query which also reveals a tablename and its fieldnames.

While it is no high risk directly, IMHO it's better not to reveal this kind of information to the outside world. Maybe you should look into some general handling of these kinds of errors which still provides the necessary information to the end-user, but no technical details.

[Toxantron]

1. Are you working against trunk or branch?
2. Revealing details is not really an issue, since the app is open source. Otherwise I would agree.

[jfversluis]

1. The live version currently running on scrumpoker.online
2. Ha, of course! Not used to the whole OSS thing yet, you're right!

[Toxantron]

Well, that explains some of your tickets. :-) I will try to get the new version out ASAP.

[Toxantron]

I published 1.5, so that means:

1. Public server now has the new API matching the swagger definition
2. The response object was removed and will no longer include the stackrace. Even though this is not really an issue.

May I close this?

[jfversluis]

No, but I will! ;) great work!