Keep It Simple, Stupid | |
PerlMonks |
Re: Does fatalsToBrowser give too much information to a cracker?by Ryszard (Priest) |
on Apr 10, 2002 at 11:25 UTC ( [id://157996]=note: print w/replies, xml ) | Need Help?? |
IMO any un-necessary information is too much information.
For logging in type applications, I dont even relay explicitly which out of username or password is incorrect. just tell the user to enter it again. If you have a production application that may fail, I personally dont see any good in reporting the error to a user, and have the user feeback the error... I think better style may be to write a die handler, issue a generic page, log the error, and send an alert via pager/email/whatever suits. Even tho the user may be faced with a nondescript page, which may be frustrating, they wont be faced with an "interpreter" level error message (less professional). Lesser of two evils... I generally program by the philoposphy, hide all errors, and report back generic stuff only. No version numbers, no OS / external app error messages, nothing. the user is there to use the application, not understand the engine. Draconian, yes.
In Section
Seekers of Perl Wisdom
|
|