-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck,
On 11/30/12 5:28 PM, Caldarale, Charles R wrote: >> From: Leo Donahue - RDSA IT [mailto:leodona...@mail.maricopa.gov] >> Subject: RE: Error page messages > >> I don't know of any public facing websites, off hand, that show >> uncaught exception messages. > > You need to get out more - there are tons of poorly implemented > websites that will splatter stack traces to the browser, especially > during those odd hours when something is out for backup, > maintenance, etc. My favorite ones run IIS. They give you loads of information about what "really" went wrong. I've even seen a site with a Perl-based (or was it PHP-based) service bombed because it couldn't connect to the database. In the error message were the credentials the script had tried to use as well as the hostname of the database, etc. Basically, a recipe book for attacks. Fail. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlC5NogACgkQ9CaO5/Lv0PD7jQCggobiKE0Vqxlt6H7QBLA5vhaT jhEAoI2E+TyHim7vd6D0/f7eJvt6rOTj =CDmP -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org