Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You dont expose error details to the user for security reasons, even though it does indeed make the user experience worse.


I understand not exposing a full stack trace, but I don't see any excuse to not even expose a googleable error code. If me having an error code makes your product insecure, then you have a much bigger problem.


I show the stack trace on AGPL projects. Why hide what they can already see for themselves?


The reason I see is that it might expose the value of secret keys or other sensitive variables. But if you are certain it won't happen, then yes




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: