nanog mailing list archives

Re: REMINDER: Error messages should include parameters

From: Bryan Tong <contact () nullivex com>
Date: Tue, 15 Oct 2013 16:23:08 -0600

However it is simple to expose huge security holes when using global error
handlers that don't inspect the content of the error messages and can
accidentally show user names passwords or sensitive exploit information.

This is the reason that most production code does not and will not show you
more in-depth information. Especially on a public service.


On Tue, Oct 15, 2013 at 4:17 PM, Jay Ashworth <jra () baylink com> wrote:

Off the Yahoo MX discussion, just a reminder for those who write code:

*Always* include the parameters in the error message; pronouns and
implicit references are Evil, Bad and Wrong.  The 30 seconds you take to
add the actual name of what you can't find/talk to could save some sysadmin
*weeks* (I am not making that up; something once took me weeks).

We now return you to your normal router configuration conversations.

Cheers,
-- jra
--
Jay R. Ashworth                  Baylink
jra () baylink com
Designer                     The Things I Think                       RFC
2100
Ashworth & Associates     http://baylink.pitas.com         2000 Land
Rover DII
St Petersburg FL USA               #natog                      +1 727 647
1274



-- 
eSited LLC
(701) 390-9638

Current thread:

REMINDER: Error messages should include parameters Jay Ashworth (Oct 15)
- Re: REMINDER: Error messages should include parameters Bryan Tong (Oct 15)
- <Possible follow-ups>
- Re: REMINDER: Error messages should include parameters Laurence F. Sheldon, Jr. (Oct 15)