Never send informative error messages to the browser.

Home
Rkgblog
Fatals To Browser

Alan Rimm-Kaufman

Fatals To Browser

Title:	Fatals To Browser
URL:	http://www.rimmkaufman.com/rkgblog/2006/09/18/fatals-to-browser/
Printed:	October 7, 2008
Source:	The Rimm-Kaufman Group Blog, info@rimmkaufman.com

Alan Rimm-Kaufman
September 18, 2006
1 comment

Last night, came across this error message visiting a well-known site:

Microsoft OLE DB Provider for SQL Server error ‘80004005′
The log file for database ‘xxx’ is full. Back up the transaction log for the database to free up some log space.
/XXXX.asp, line 2208

Try as much as possible never to send internal error messages to the browser. Write them to internal logs. Such public disclosures can provide hackers helpful information to attack your site. More on web security for online retailers

If you like this post, consider subscribing to our RSS feed. You can also have new posts sent to you via email.

Share this post (via email, Digg, Delicious, etc)

Possibly Similar Posts

Trackback

http://www.rimmkaufman.com/rkgblog/2006/09/18/fatals-to-browser/trackback/

Blogs Citing This Post

Pingback: Security Tip: Never Display Fatal Stacktraces To Users on September 19, 2008

Your Comment

Tags

Welcome!

Email Updates

Notable

Recent

Categories

Blogging (rss) (70)
Books (rss) (30)
Business (rss) (228)
Code (rss) (70)
Feeds (rss) (15)
Fun (rss) (35)
Google (rss) (167)
Interviews (rss) (28)
Links (rss) (2)
Microsoft (rss) (62)
Miscellany (rss) (92)
Notable (rss) (2)
Privacy (rss) (10)
Rants (rss) (18)
Reviews (rss) (3)
RKG (rss) (40)
SEM (rss) (219)
SEO (rss) (58)
Social Media (rss) (14)
Uncategorized (rss) (1)
Web Effectiveness (rss) (32)
Web Marketing (rss) (458)
Web Usability (rss) (82)
Yahoo (rss) (70)

Recent Comments

George Michie: Chris, I wouldn't be surprised if that's a real number. Inc says they have 550 employees, so their income would have to be $50...
George Michie: Hi Christian, I suppose they take the same percentage hit off their commission that the retailer does. To my thinking it's the...
Chris Zaharias: I read the magazine on a flight Sunday and recall seeing iCrossing on there at ~~$100M in revenues, and thought the same thing of...
Alan Rimm-Kaufman: Christian -- I didn't mean to imply all retailers will face Q4 losses. But it is not improbable that many retailers will be...
Christian Little: Despite the economic crisis, how could most retailers be facing a Q4 loss? For most retail this is the best time of the year, you...
Christian Little: That's pretty remarkable...makes me want to build a coupon site lol. Don't coupon sites take a huge hit in commissions though...
Stephen Schramke: Sage advice. Thanks for sharing!
George Michie: Could be Neil. I have my doubts. My suspicion is that there just isn't much work being done, other than taking commission checks to...
Neilzb: Those numbers are pretty remarkable, but if I had to guess I would say that it’s possible that they are just 8 people 'outsourcing' full...
Jeff Cornejo: I disagree that a revenue/employee ratio shows ANY kind of profitability. If anything, a mostly-passthrough model, with high...
George Michie: Hi Dan, The IP address of the advertiser isn't a factor, anyone can run geo-targeted ads regardless of where their website resides....
dan shipe: Hey, me again. What about possible exploits to this system? Adwords must evaluate the geographic region based on the IP address of the...
Mark Matsusaki: I think I'm in agreement with the previous posting in that ROI is the metric used by many decision makers to measure the value of...
George Michie: Thanks for your comments Ophir, you raise excellent points. Particularly as Geo-targeting competition in different areas moves...
SEO Services: Nice Post. Thanks for sharing this information with us.

Blog Stats

Posts: 758
Words: 336,078
Comments: 1,340

Administration

Close

Social Web
E-mail

Powered by ShareThis