Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
If your message is informational enough to aid you when debugging, it is probably informational enough to aid a cracker. Of course, that would depend on what, exactly, you are emitting, but for fatalsToBrowser to do any good, error messages should, like normal error messages, contain as much information as possible related to the problem, yes? This could very well include complete SQL statements, "secret" parameter names, file paths, and lots of other potentially harmful things. Also, even if you craft your messages in a protected way, what is to say that something unforseen won't go fatal on you and display something critical?

All that aside, I don't want any visitors to any site of mine to get any debugging information on their screens at all, except possibly something like the really excellent method this site uses, with an error ID that I assume maps to a log entry, so the user can describe what he/she was doing and the programmer can compare that with the resulting error logs.

If the error messages should go anywhere in production code, I feel it should be to error logs on disk or in DB, or by mail to the administrator, or a healthy combination. Not to the user - the user should get a friendly "Sorry" screen, with instructions to try again, and a way to notify the webmaster. No matter what I can or who I am, if I have nothing to do with the site's administration, stack traces and debugging information is just plain ugly, and as a visitor I probably want the friendly screen even if I could understand it. Probably. :)


You have moved into a dark place.
It is pitch black. You are likely to be eaten by a grue.

In reply to Re: Does fatalsToBrowser give too much information to a cracker? by Dog and Pony
in thread Does fatalsToBrowser give too much information to a cracker? by rinceWind

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others imbibing at the Monastery: (5)
    As of 2014-08-31 06:25 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      The best computer themed movie is:











      Results (294 votes), past polls