search

Home  >  Article  >  Backend Development  >  Is it safe to output error messages in a production environment?

Is it safe to output error messages in a production environment?

WBOY
WBOYOriginal
2016-12-01 00:56:34830browse

Will sending more detailed error information to the front end through the header cause security risks? The error message includes the relative path of the file where the error occurred and the line number where the error occurred, as follows: 

<code>header('X-Custom-Msg : Can not find something in App.php on line 122');</code>

Reply content:

Will sending more detailed error information to the front end through the header cause security risks? The error message includes the relative path of the file where the error occurred and the line number where the error occurred, as follows: 

<code>header('X-Custom-Msg : Can not find something in App.php on line 122');</code>

After the Double Eleven Alipay "unionpay" error incident, do you still think it is safe for this kind of error message to be sent to the front end... If it gets serious, be careful of the company being sued in court, then it is not a matter of losing your job (manual Funny)

For details, please see:
http://finance.sina.com.cn/ro...
https://www.zhihu.com/questio...

So, having said that it is a production environment, do not output any back-end error messages to the front-end!! The information to be output must be encapsulated information, user-friendly information! Even if this is typed in the HTTP header, who Do you know when your front-end or APP side is irresponsible or simply does not catch the error and outputs it all at once

Regardless of whether it is sensitive or not, as long as the information is sent to the client, try to avoid such processing.
(1) Impact on user experience: Ordinary users do not understand this kind of information. They only know that there is a problem, but they do not know what the specific problem is or whether to solve it.
(2) There are security risks: For crackers, after seeing such information, it is possible to deduce what server is used and what kind of back-end architecture is used, and the penetration is laid.

There is no danger. However, this approach is not appropriate. It is better to store logs centrally.

No, this is not sensitive information, password and user information are sensitive information

It is easy to debug in the production environment and there will be no problems. The information is not sensitive either

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:Please tell me how to achieve the effect on the picture? This communityNext article:Please tell me how to achieve the effect on the picture? This community

Related articles

See more