As part of my continued crusade to get rid of all database errors returned from the application to the user, one of our developers sent me the following error message coming from

SF error

SF Error

SF Error

So, what can we learn from the error?

  • SF uses Java as a backend
  • SF uses Oracle as the database
  • The application is programmed using stored program units – in this case package sLead with procedure update_leads
  • Checks are performed at the PL/SQL level and custom exceptions are being thrown – ORA-20096
  • The Java application uses bind variables to call into the PL/SQL layer – good for them!
  • My guess is that the username/schema for this particular SF account is SNEEZY and it contains Oracle types with the names CUSER and SLEAD

All in all, I’d say that SF did a good, secure job in implementing the application (bind variables, etc.) but missed the “never return DB errors to the customer” part.

So, what will it take to educate developers not to display errors? Thoughts?