Taking a break from preparing my Adobe MAX 2009 BYOL instructions, I was reading a few news items I had starred in Google Reader. I came across a Wired article on cellphone radiation and decided to see how much closer I've become to lab rat status from using an iPhone for over two years. The article mentions the specific watts per kilogram (W/kg) emitted from various iPhones but I wanted to see how my device stacked up against others. Fortunately there was a link to the Environmental Working Group's Web site where they have a database of devices. After pressing the link I was greeted by the following (press the thumbnail for a larger image):

Developers, please be careful when crafting your error messages and for the love of all that's good in the world, don't expose critical information about your server or Web application. It doesn't matter if you're building a simple ColdFusion application or a content management system like Drupal. You never want to expose system paths, server configuration, usernames/passwords, or application settings like datasource names. Doing so is like shouting: "Hey, come hack me! I'm right here."

Aaron West's Gravatar
About this post:

This entry was posted by Aaron West on September 20, 2009 at 9:42 AM. It was filed in the following categories: ColdFusion, iPhone. It has been viewed 5962 times and has 5 comments.

5 Responses to Be Careful with Your Error Messages

  1. Very interesting! This is exactly what Aaron Wolfe and I are covering in our "Handling Errors with Error Handling" session at BFusion/BFlex in Bloomington next month.

  2. Great Lance, a session every developer should make a point to attend if they're going to BFlex / BFusion.

  3. Thanks for pointing this out Aaron (blog piece creator Aaron) it needs to be constantly restated and I have another entreaty to all. Please keep your exception handling very, very simple so you do not run the risk of the exception handling system causing exceptions, which I have seen happen, several times.

  4. Almost had to laugh but that was overtaken by feelings of amazement and wonder. Hmmm, think i better go break a Joomla instance and see what exception information gets revealed.

  5. That'd certainly be a good idea Doug. =)