Re: Forgetting your good education

I disagree with your disagreement :-)

Fatals to browser can reveal information that you do not want the users to see. The error message can potentially reveal information about your code that would allow a malicious user to exploit the bug that caused the error in nasty ways.

In production code you log the errors, but don't show them to use user.

Comment on Re: Forgetting your good education

Replies are listed 'Best First'.
Re: Forgetting your good education by crenz (Priest) on Mar 08, 2003 at 14:06 UTC
Okay, I agree that replacing `fatalsToBrowser` with something like `fatalsToMyLogFile` might be even better. But my point still is true :).	[reply]
Re: Re: Forgetting your good education by ihb (Deacon) on Mar 08, 2003 at 19:28 UTC
Uhm, isn't "fatalsToMyLogFile" default behaviour under just about every webserver there is? I only have (some) experience with apache and afaik fatals do end up in the error log on apache.	[reply]
Re: Re: Re: Forgetting your good education by crenz (Priest) on Mar 08, 2003 at 20:08 UTC
Yes, but not everyone has access to their webserver's error log file... (think accounts on most hosting providers)	[reply]
Re: Re: Re: Re: Forgetting your good education by bart (Canon) on Mar 09, 2003 at 12:30 UTC
Re^5: Forgetting your good education by Aristotle (Chancellor) on Mar 09, 2003 at 14:01 UTC