[166285] in North American Network Operators' Group
Re: REMINDER: Error messages should include parameters
daemon@ATHENA.MIT.EDU (Bryan Tong)
Tue Oct 15 18:23:20 2013
In-Reply-To: <18571323.1695.1381875452378.JavaMail.root@benjamin.baylink.com>
Date: Tue, 15 Oct 2013 16:23:08 -0600
From: Bryan Tong <contact@nullivex.com>
To: Jay Ashworth <jra@baylink.com>
Cc: NANOG <nanog@nanog.org>,
outages-discussion <outages-discussion@outages.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
However it is simple to expose huge security holes when using global error
handlers that don't inspect the content of the error messages and can
accidentally show user names passwords or sensitive exploit information.
This is the reason that most production code does not and will not show you
more in-depth information. Especially on a public service.
On Tue, Oct 15, 2013 at 4:17 PM, Jay Ashworth <jra@baylink.com> wrote:
> Off the Yahoo MX discussion, just a reminder for those who write code:
>
> *Always* include the parameters in the error message; pronouns and
> implicit references are Evil, Bad and Wrong. The 30 seconds you take to
> add the actual name of what you can't find/talk to could save some sysadmin
> *weeks* (I am not making that up; something once took me weeks).
>
> We now return you to your normal router configuration conversations.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth Baylink
> jra@baylink.com
> Designer The Things I Think RFC
> 2100
> Ashworth & Associates http://baylink.pitas.com 2000 Land
> Rover DII
> St Petersburg FL USA #natog +1 727 647
> 1274
>
>
--
eSited LLC
(701) 390-9638
