RKG Logo 434-978-4300
Alan Rimm-Kaufman

Security Tip: Never Display Fatal Stack Traces To Users

Title: Security Tip: Never Display Fatal Stack Traces To Users
URL: http://www.rimmkaufman.com/rkgblog/2008/09/19/security-tip-never-display-fatal-stacktraces-to-users/
Printed: January 6, 2009
Source: The Rimm-Kaufman Group Blog, info@rimmkaufman.com

We’ve ranted on this before:

Never send fatal errors to outside world.

These stack traces provide too much information to hackers.

It is OK to dump debugging messages to the browser for users behind the firewall or for users on the dev site, but never for your production site.

fatals-to-browser

If you run an online store, ask your IT folks to check that your servers are configured correctly on this.

If you like this post, consider subscribing to our RSS feed. You can also have new posts sent to you via email.


Possibly Similar Posts

Trackback

http://www.rimmkaufman.com/rkgblog/2008/09/19/security-tip-never-display-fatal-stacktraces-to-users/trackback/

No Comments Yet

Your comment will be first!

Your Comment

Tags

RKG Tags: , ,

Technorati Tags: , ,

Email Updates

Categories

Recent Comments

  • George Michie: Happy New Year, John. Market Motive is a good place to start. Keep a close eye on other good blogs: ours, SearchEngineLand, ClickZ....
  • john: Hi George and Happy New Year. I work for large Company who created a new SBU of New Media Specialists, basically resellers of Google And...
  • George Michie: Shelley, I hear you! We had a candidate who listed HTML as a proficiency on her resume. When pressed for specifics she said:...
  • Erin: Actually, I am always wondering this about myself. I surprise myself by what I know, but I don’t feel super confident about my...
  • Shelley Ellis: I like the sports analogy. My husband was a baseball coach for years and I still get tickled thinking about the time a mom told him...
  • AJ @ Web Domains, UK: I think the problem is spamming scripts are being written that target prominent blogging/comments systems such as Movable...
  • Debra Askanase: Hi Alan, Thanks for the quick overview. Just want to point out that the Wufoo outgoing link actually connects to Survey Monkey....
  • George: Vijay, that’s the best idea I’ve heard in months! Rick, your point is well-taken. It’s really noisy, and for many retail...
  • Alan: You can use this toy model in any channel where you can sales definitively tie sales back to an advertisement or promotion using a tracking...
  • Patrick: Nice model. What I’m wondering however is what type of net sales you should include. I believe these should be the sales resulting...
  • Vijay R: With mobile phones being ubiquitous, why not use them as a channel to measure effect of online on offline sales? For instance, offer a...
  • George: Not all of our clients do think this way. Many do, but others are more concerned about share of voice, and the trappings of a good program....
  • Jim Novo: George, I have to ask the same question I asked Alan on his “melons” post - how do we get people to care about profits? Every...
  • Rick Galan: Even doing specific geo-targeted tests really don’t get us all of the way there though. There is so much fluctuation in consumer...
  • Andrew: $800 billion is perhaps “only” 5% of GDP, but it exceeds all of the federal government’s other (individual) outlays....

Blog Stats

  • Posts: 802
  • Words: 356,638
  • Comments: 1,584

Administration