Prev: PHP_SAPI
Next: How to output a NULL field?
From: Augusto Flavio on 25 Aug 2009 00:07
Hi all,



i'm discutting with my friend about this question for 30 min and i do not
agree with he. Here is the question:


Why is it important from a security perspective to never display PHP error
messages directly to the end user, yet always log them?


Answers: (choose 2)
Error messages will contain sensitive session information
Error messages can contain cross site scripting attacks
Security risks involved in logging are handled by PHP
X Error messages give the perception of insecurity to the user
X Error messages can contain data useful to a potential attacker


My answers is marked with a X.


some clue about this?


thanks



Augusto Morais
From: Daniel Brown on 25 Aug 2009 12:30
On Tue, Aug 25, 2009 at 00:07, Augusto Flavio<aflavio(a)gmail.com> wrote:
>
> Answers: (choose 2)
>    Error messages will contain sensitive session information
>    Error messages can contain cross site scripting attacks
>    Security risks involved in logging are handled by PHP
> X    Error messages give the perception of insecurity to the user
> X    Error messages can contain data useful to a potential attacker
>
>
> My answers is marked with a X.
>
>
> some clue about this?

Yes, and my answers are marked with an X.

X Buy a study guide.
X Do your own homework.

--
</Daniel P. Brown>
daniel.brown(a)parasane.net || danbrown(a)php.net
http://www.parasane.net/ || http://www.pilotpig.net/
Check out our great hosting and dedicated server deals at
http://twitter.com/pilotpig
 | 
Pages: 1
Prev: PHP_SAPI
Next: How to output a NULL field?