Re: Does fatalsToBrowser give too much information to a cracker?

In terms of aesthetics .. the 500 error page is just ugly. However, for the most part it doesnt give you any more or less information then most 'dienice' pages, as they usually just say 'there has been a problem'. However, a dienice routine does confirm that the error is on their side, not your browser. (Yes im aware cgi=serverside, however browsers can do funny things.)

Comment on Re: Does fatalsToBrowser give too much information to a cracker?

Replies are listed 'Best First'.
Re: Re: Does fatalsToBrowser give too much information to a cracker? by schumi (Hermit) on Apr 10, 2002 at 17:16 UTC
However, a dienice routine does confirm that the error is on their side, not your browser. That is quite true. However, there is no need to give any more information than that the problem was indeed server-side, how to contact the administrator, what information to provide when contacting the admin, and what to do instead (such as try again later). I usually find that when I get the time and date of when an error occurred, I can find out what went wrong by looking at the error-log. Of course, often enough the user will be pissed off, to various degrees, but against that, hardly any dienice-routine helps ... (: --cs There are nights when the wolves are silent and only the moon howls. - George Carlin	[reply]
A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Re: Does fatalsToBrowser give too much information to a cracker? by davorg (Chancellor) on Apr 11, 2002 at 08:13 UTC
In terms of aesthetics .. the 500 error page is just ugly. Well, yeah. But what's stopping you from defining your own? Most web servers allow you to control exactly what the error pages look like. -- <http://www.dave.org.uk> "The first rule of Perl club is you do not talk about Perl club." -- Chip Salzenberg	[reply]