[Tutor] Value of tracebacks to malicious attackers?
Alan Gauld
alan.gauld at btinternet.com
Sun Jan 24 04:17:10 EST 2016
On 24/01/16 04:52, boB Stepp wrote:
> How much concern do you give this in designing and implementing your
> production code? How far do you go in handling exceptions to ensure
> that tracebacks cannot arise for a malicious user?
When I was writing commercial code that went into "the wild" we
had a policy to wrap the entire main program in a try/except
that logged all error output in a file (on the server). If it
was a PC desktop app you could email it to a support site
- although I've never personally written commercial apps
other than server side.
Our main concern was to prevent spooking the user, but nowadays
the security risk is definitely valid too.
--
Alan G
Author of the Learn to Program web site
http://www.alan-g.me.uk/
http://www.amazon.com/author/alan_gauld
Follow my photo-blog on Flickr at:
http://www.flickr.com/photos/alangauldphotos
More information about the Tutor
mailing list