nanog mailing list archives
Re: REMINDER: Error messages should include parameters
From: Bryan Tong <contact () nullivex com>
Date: Tue, 15 Oct 2013 16:23:08 -0600
However it is simple to expose huge security holes when using global error handlers that don't inspect the content of the error messages and can accidentally show user names passwords or sensitive exploit information. This is the reason that most production code does not and will not show you more in-depth information. Especially on a public service. On Tue, Oct 15, 2013 at 4:17 PM, Jay Ashworth <jra () baylink com> wrote:
Off the Yahoo MX discussion, just a reminder for those who write code: *Always* include the parameters in the error message; pronouns and implicit references are Evil, Bad and Wrong. The 30 seconds you take to add the actual name of what you can't find/talk to could save some sysadmin *weeks* (I am not making that up; something once took me weeks). We now return you to your normal router configuration conversations. Cheers, -- jra -- Jay R. Ashworth Baylink jra () baylink com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
-- eSited LLC (701) 390-9638
Current thread:
- REMINDER: Error messages should include parameters Jay Ashworth (Oct 15)
- Re: REMINDER: Error messages should include parameters Bryan Tong (Oct 15)
- <Possible follow-ups>
- Re: REMINDER: Error messages should include parameters Laurence F. Sheldon, Jr. (Oct 15)