Don t Tell the Attacker Anything

Previous page
Table of content
Next page

Don t Tell the Attacker Anything

Cryptic error messages are the bane of normal users and can lead to expensive support calls. However, you need to balance the advice you give to attackers. For example, if the attacker attempts to access a file, you should not return an error message such as Unable to locate stuff.txt at c:\secretstuff\docs doing so reveals a little more information about the environment to the attacker. You should return a simple error message, such as Request Failed, and log the error in the event log so that the administrator can see what s going on.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2005
Pages: 153
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
MySQL Cookbook
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Microsoft VBScript Professional Projects
Junos Cookbook (Cookbooks (OReilly))
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy