I agree users shouldn't see the stacktrace, but neither should they get a page that looks basically right but with no data, no errors, and no explanation that a problem has occurred - this might be even worse, as it might lead them to believe something (there is no data matching their search, for instance) that isn't true. The stacktrace is easy to avoid by implementing error handler stylesheets and installing them in your production sitemap, which is what we are doing. The user gets a friendly error message that exposes nothing internal, but lets them know something is wrong.
-Christopher On Wednesday, August 28, 2002, at 05:57 , Christopher Painter-Wakefield wrote: > This problem (I won't say bug, in case it is something we've > done!) is very > detrimental to development, since we have to go look in the > logs to find > out we got an exception. Any help would be appreciated! Although this is indeed annoying when developing, I would tend to view this a A Good Thing(tm) for a production server, as exposing a stacktrace to anyone who gets the error is kinda, err... personal. It seems to me -- I could be wrong on this -- that the more internal information disclosed, the more vulnerable one could be. I'm still using 2.0.2 so I haven't seen this. A. --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>
