Filtering error string $!, for example remove paths

isync has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,
I'd like to provide users with meaningful error messages, still, plainly giving out the value of $! might pose a security problem.

  # something happened
  print "Sorry guys: an error occured: ".$!
[download]

It's okay to do so if $! = "Permission denied". But what if there's a path in it?, like $! = "/var/www/site/dir/that/you/should/not/know/file.ext, file not found."

Any hints on what I should tink of when implementing a filter($!)? Or is there a module I don't know?

Comment on Filtering error string $!, for example remove paths Select or Download Code

Replies are listed 'Best First'.
Re: Filtering error string $!, for example remove paths by Corion (Patriarch) on Aug 27, 2010 at 19:02 UTC
`$!` never contains the filename that failed. A usual approach would be to show the user just a random error id and to log the error id together with the real error message in a log file.	[reply] [d/l]
Re^2: Filtering error string $!, for example remove paths by isync (Hermit) on Aug 27, 2010 at 19:11 UTC
Oops, yes, you are right! My memory played a trick on me so that I didn't separate enough where debugging style error messages end and live mode error messages begin. It is not $! who behaves talkative... `my $file = '/some/secret/path/to.file'; open(my $fh, "<$file") or die "Error opening $file: $!";` [download] File closed. Should've known that... Thanks!	[reply] [d/l]
Re^3: Filtering error string $!, for example remove paths by Marshall (Canon) on Aug 27, 2010 at 21:49 UTC
... Oh... the many ways of "death" In many cases (like file open), the $! sequence doesn't matter because it expands to the generic "No such file or directory" message shown below. This adds no value to the error message. Adding a "\n" to the die message suppresses the source code line where the error occurred. For a failed open(), I often just put: die "unable to open $file"; .. What would adding $! to that message offer? In realistic terms, wrong name, wrong path, wrong permissions and the "hunt" starts there. When the "die error message" is written, it it up to coder to decide what information to divulge (or not!). #!/usr/bin/perl -w use strict; my $file = '/some/secret/path/to.file'; # open(my $fh, "<$file") or die "Error opening $file: $!"; # error prints: Error opening /some/secret/path/to.file: # No such file or directory at C:\TEMP\junk3.pl line 6. my $file1 = '/some/secret/path/to.file'; # open(my $fh, "<$file1") or die "Error opening $file1\n"; # error prints: Error opening /some/secret/path/to.file my $file2 = '/some/secret/path/to.file'; #open(my $fh, "<$file2") or die "$!"; # error prints: No such file or directory at C:\TEMP\junk3.pl line 1 +5. my $file3 = '/some/secret/path/to.file'; #open(my $fh, "<$file3") or die "$!\n"; # error prints: No such file or directory my $file4 = '/some/secret/path1/to.file'; #open(my $fh, "<$file4") or die ""; # error prints: Died at C:\TEMP\junk3.pl line 31. my $file5 = '/some/secret/path4/to.file'; open(my $fh, "<$file5") or die "\n"; # error prints: NOTHING! [download]	[reply] [d/l]