Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Error reporting

Posted on 2009-03-31
1
Medium Priority
?
153 Views
Last Modified: 2012-05-06
Hi,
With regard security, I wanted to know wether it's secure to use if .. else to tell the user of my website wether there is a result or not? Is it a good idea to show a blank screen if there are no results or use if...else to show an error message.

Regards,
0
Comment
Question by:Shopies
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
ID: 24036947
Error messages should give relevant and helpful information without revealing anything that might compromise the security. Usually internal system error messages should never be shown to the end user, instead use informative messages that are understandable to your users.

For example, "There are problems connecting to the database, please try again later." might be a good error message to the end user, but fairly useless to an admin. "SQLSRV02.domain.com responded with error code 0x800094383." is way too much information for the end user, but might be helpful to an admin.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question