Re^2: How to make that works with perl

use CGI::Carp qw(fatalsToBrowser); # Remove for production code

I don't, unless I put more sophisticated error handling for end users on the browser. It may confused them but they still have a chance to copy paste what shown and hopefully send it to the appropriate person, instead of merely 500 Internal Server Error. End users don't have access to error.log.

Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!

Comment on Re^2: How to make that works with perl

Replies are listed 'Best First'.
Re^3: How to make that works with perl by Fletch (Bishop) on Apr 14, 2007 at 04:45 UTC
Potential black hats don't have access to the error logs either. Leaving development error output may let out something you don't want being leaked to potential attackers. Set up your web server to send an innocuous error page and leave the detailed errors for the developers' eyes only.l	[reply]
Re^4: How to make that works with perl by naikonta (Curate) on Apr 14, 2007 at 06:57 UTC
You're right :-) I was actually thinking about for internal scope applicaitons only, but I neglected to even mention it. But even then, the black hats remain such a worry in a very big organization. There was also a mix and match but proved to become "mismatch" when I put the "unless" clause. I should have stressed that I prefer the sophisticated (which is freely translated to user friendly) error message instead of the usual 500 ISE page for public apps for neither harmful nor hintful. Thanks for remind me that :-) Open source softwares? Share and enjoy. Make profit from them if you can. Yet, share and enjoy!	[reply]