REMINDER: Error messages should include parameters
Bryan Tong
contact at nullivex.com
Tue Oct 15 22:23:08 UTC 2013
However it is simple to expose huge security holes when using global error
handlers that don't inspect the content of the error messages and can
accidentally show user names passwords or sensitive exploit information.
This is the reason that most production code does not and will not show you
more in-depth information. Especially on a public service.
On Tue, Oct 15, 2013 at 4:17 PM, Jay Ashworth <jra at baylink.com> wrote:
> Off the Yahoo MX discussion, just a reminder for those who write code:
>
> *Always* include the parameters in the error message; pronouns and
> implicit references are Evil, Bad and Wrong. The 30 seconds you take to
> add the actual name of what you can't find/talk to could save some sysadmin
> *weeks* (I am not making that up; something once took me weeks).
>
> We now return you to your normal router configuration conversations.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth Baylink
> jra at baylink.com
> Designer The Things I Think RFC
> 2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land
> Rover DII
> St Petersburg FL USA #natog +1 727 647
> 1274
>
>
--
eSited LLC
(701) 390-9638
More information about the NANOG
mailing list