Whenever you have something that can output, think not about if it's good or bad THAT it outputs, but think about WHAT it can output, and how that might help a cracker.
Apache sends its version number on every request, by default. This allows crackers to use an exploit without any further computer knowlegde.
I'm convinced my source is safe. UPDATE - You may stop commenting on this now. Of course no code is flawless. I just think a cracker gains nothing by knowing pieces of my code, and thus think it's safe to report errors to the user. If it weren't about commercial stuff and copyright, I'd give it to you, saying how proud I am that the source code is completely useless to you. Not because of its bad style (or in the case of juerd.nl, maybe so), but because I'm sure you can't abuse the paths or SQL statements.
When programming for the web, Perl isn't the only method of keeping information safe. *NIX file permissions are way more important, and Apache's methods of disallowing people to view contents, and database servers' techniques for not allowing remote connections are.
Yes, when you're a beginner, better hide your source and debugging information until you're convinced it's safe.
U28geW91IGNhbiBhbGwgcm90MTMgY
W5kIHBhY2soKS4gQnV0IGRvIHlvdS
ByZWNvZ25pc2UgQmFzZTY0IHdoZW4
geW91IHNlZSBpdD8gIC0tIEp1ZXJk
In reply to Re: Does fatalsToBrowser give too much information to a cracker?
by Juerd
in thread Does fatalsToBrowser give too much information to a cracker?
by rinceWind
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |