I'm sorry, I didn't mean to refer to his code specifically. When I say the word "your code" that's just an expression. I don't know how else to say it. Okay. The point is that it's not a good idea to expose parts of the source code by accident. especially not the part where the error occurred! because it might contain a real vulnerability which could be exploited by a hacker. And in this case the hackers can even see what's going on under the hood. So, that would help them write the exploit. If an error caused the script to display all sorts of cryptic messages with a dump of the source code, then that's a pretty serious error, I would assume. And there is a possibility that this error was caused by the programmer (faulty code maybe). Of course, it could be many other things too. But if we were to write code from scratch, I think it's better to log errors to a file in a CGI environment. Like the OP said, it's not a good idea to die with an error message.
*Btw when I wrote, "we were to write," I didn't literally mean you and I. It was just a figure of speech. | [reply] |
When I say the word "your code" that's just an expression. I don't know how else to say it.
A clearer way (IMO) to get the message across would have been:
One doesn't want one's buggy code exposed to hackers
or
We don't want our buggy code exposed to hackers
Cheers,
Rob | [reply]
[d/l] |
Don't know about you, but *I* wouldn't want my buggy code exposed to the public (except on Perlmonks, perhaps)
| [reply] |