REMINDER: Error messages should include parameters

Bryan Tong contact at nullivex.com
Tue Oct 15 22:23:08 UTC 2013


However it is simple to expose huge security holes when using global error
handlers that don't inspect the content of the error messages and can
accidentally show user names passwords or sensitive exploit information.

This is the reason that most production code does not and will not show you
more in-depth information. Especially on a public service.


On Tue, Oct 15, 2013 at 4:17 PM, Jay Ashworth <jra at baylink.com> wrote:

> Off the Yahoo MX discussion, just a reminder for those who write code:
>
> *Always* include the parameters in the error message; pronouns and
> implicit references are Evil, Bad and Wrong.  The 30 seconds you take to
> add the actual name of what you can't find/talk to could save some sysadmin
> *weeks* (I am not making that up; something once took me weeks).
>
> We now return you to your normal router configuration conversations.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth                  Baylink
> jra at baylink.com
> Designer                     The Things I Think                       RFC
> 2100
> Ashworth & Associates     http://baylink.pitas.com         2000 Land
> Rover DII
> St Petersburg FL USA               #natog                      +1 727 647
> 1274
>
>


-- 
eSited LLC
(701) 390-9638



More information about the NANOG mailing list