Chris Kinsman made the following comment on my earlier post about the Exception Handling Application Block:
I also thought it was cool at first, however think about it. You are allowing external entities, i.e. end users, decide how errors should be handled in your code! Can you imagine the security holes this could open up? they can actually change the flow of execution, etc just by changing policies.
What do you think? Does the exception handling application block open security holes? What are the best practices for minimizing risk when using external policy files to define how we handle exceptions in our application?