THE RKGBLOG

Security Tip: Never Display Fatal Stack Traces To Users

We’ve ranted on this before:

Never send fatal errors to outside world.

These stack traces provide too much information to hackers.

It is OK to dump debugging messages to the browser for users behind the firewall or for users on the dev site, but never for your production site.

fatals-to-browser

If you run an online store, ask your IT folks to check that your servers are configured correctly on this.

Technorati Tags: , ,

  • Alan Rimm-Kaufman
    Alan Rimm-Kaufman founded the Rimm-Kaufman Group...
  • Comments are closed.