Web applications attacks/Display errors

From aldeid

Jump to navigation Jump to search

Description

Displaying of errors is a good thing on a development environment since it provides debugging information for the developer. Although, make sure the eventual errors are NOT displayed on your production environment since they could provide hackers with critical information about your code/database structure.

Example

HackThisSite.org, Realistic, Level 13 shows how to exploit error messages to gather critical information about the database model.

Protection

If you use PHP, make sure "display_errors" parameter is set to "false" on your production environment.
Catch error messages by "try/catch" directives.

Tools

Comments

Talk:Web applications attacks/Display errors

Retrieved from "https://www.aldeid.com/w/index.php?title=Web_applications_attacks/Display_errors&oldid=35571"

Penetration-testing/Information-exposure/Error-display

Share your opinion