[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 156
  • Last Modified:

Error reporting

Hi,
With regard security, I wanted to know wether it's secure to use if .. else to tell the user of my website wether there is a result or not? Is it a good idea to show a blank screen if there are no results or use if...else to show an error message.

Regards,
0
Shopies
Asked:
Shopies
1 Solution
 
CoccoBillCommented:
Error messages should give relevant and helpful information without revealing anything that might compromise the security. Usually internal system error messages should never be shown to the end user, instead use informative messages that are understandable to your users.

For example, "There are problems connecting to the database, please try again later." might be a good error message to the end user, but fairly useless to an admin. "SQLSRV02.domain.com responded with error code 0x800094383." is way too much information for the end user, but might be helpful to an admin.
0

Featured Post

The eGuide to Automating Firewall Change Control

Today‚Äôs IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now