In Error (2)

Tuesday, June 24, 2008 0:53 | Filed in Life, Standards, Technology

Found on a website when trying to read the latest gossip about Newcastle United:

DA.EmptyDataReader.GetOrdinal(String name) in D:\XXXXXXX\Public Site\XXXXXXX\DA\EmptyDataReader.cs:92
Data.TextResources.LoadCache(Int64 cultureId) in D:\XXXXXXX\Public Site\XXXXXXX\Data\TextResources.cs:50

…althought I’ve removed the references to the site itself, obviously. Showing this sort of information is not a good idea.

Can I just point out that if you are writing a .NET application — such as the one you’ve written in C# there, it is not a good idea to have error messages that expose the technologies you rely on, your data directory structure, your file names and so on.

Now, it may not give away information which will be of benefit to a hacker, but even if it doesn’t, it means your users encounter the dreaded .NET ‘yellow screen of death’. It’s of no benefit to them, it exposes information which may be of benefit to hackers.

And it’s very easy to avoid: build in your error detection where you expect to encounter errors, but you can also throw error-handling in at the application level quite easily — bung it in the global.asax class. It’s not hard, and it makes your site look that teensy bit more professional.

…or at the very least, don’t output your stack trace to all and sundry on the web: tie it down so that these errors aren’t reported remotely…

You can leave a response, or trackback from your own site.

4 Comments to In Error (2)

  1. says:

    August 30th, 2011 at 10:41 pm

    Queens University Blog…

    …We are absolutely sure that right skill is very useful when doing something new and especially if it is something very important..[...]…

  2. removing skin moles says:

    July 23rd, 2012 at 5:38 am

    This is a good post. This post give truly quality information.I’m definitely going to look into it.Really very useful tips are provided here.thank you so much.Keep up the good works.

  3. abstract prints says:

    July 25th, 2012 at 12:00 pm

    This became truly very helpful site. I truly enjoyed what sort of written content had been published. I will be content to help save this web site in to our folder.Many thanks!The way you express yourself is awesome.

  4. Destrie says:

    September 2nd, 2012 at 9:00 pm

    I rlleay wish there were more articles like this on the web.

Leave a comment