>From page 202 of "Python Crash Course": "..., but it's also not a good idea to let users see tracebacks. Nontechnical users will be confused by them, and in a malicious setting, attackers will learn more than you want them to know from a traceback. For example, they'll know the name of your program file, and they'll see a part of your code that isn't working properly. A skilled attacker can sometimes use this information to determine which kind of attacks to use against your code."
How much concern do you give this in designing and implementing your production code? How far do you go in handling exceptions to ensure that tracebacks cannot arise for a malicious user? Is it even possible to prevent this from happening? I am highly doubtful that it is possible to handle all possible exceptions in any reasonably complex application. Of course for many applications these concerns are probably inconsequential. I don't think I would be gravely concerned if someone cracked into my ticktacktoe game deployed to some freebie site. OTOH, if I was deploying an online payment system, I would be much more concerned. Awaiting your collective wisdom... TIA! boB _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: https://mail.python.org/mailman/listinfo/tutor