in reply to Does fatalsToBrowser give too much information to a cracker?
All that aside, I don't want any visitors to any site of mine to get any debugging information on their screens at all, except possibly something like the really excellent method this site uses, with an error ID that I assume maps to a log entry, so the user can describe what he/she was doing and the programmer can compare that with the resulting error logs.
If the error messages should go anywhere in production code, I feel it should be to error logs on disk or in DB, or by mail to the administrator, or a healthy combination. Not to the user - the user should get a friendly "Sorry" screen, with instructions to try again, and a way to notify the webmaster. No matter what I can or who I am, if I have nothing to do with the site's administration, stack traces and debugging information is just plain ugly, and as a visitor I probably want the friendly screen even if I could understand it. Probably. :)
You have moved into a dark place.
It is pitch black. You are likely to be eaten by a grue.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Does fatalsToBrowser give too much information to a cracker?
by Juerd (Abbot) on Apr 10, 2002 at 11:40 UTC | |
by Dog and Pony (Priest) on Apr 10, 2002 at 12:33 UTC | |
Re: Re: Does fatalsToBrowser give too much information to a cracker?
by ehdonhon (Curate) on Apr 10, 2002 at 15:56 UTC |