Is Stacktraces dangerous on a live website?

Question

Is Stacktraces dangerous on a live website?

We are launching several Sitecore websites and have just received feedback that when receiving errors it may be dangerous to have stacks for website users. Will the site be more negligent for hackers now that people will get snapshots?

+3

c # .net website sitecore

Younes Jan 19 '10 at 9:00

source share

6 answers

Potentially. But that should never be a problem .

+2

Ignacio Vazquez-Abrams Jan 19 '10 at 9:02

source share

, stacktraces - . , , . " " .: -)

0

jeremiah 19 . '10 9:38

, -, . , - .

0

geekonweb 19 . '10 9:39

. .

0

Lawrence Dol 19 . '10 9:48

, .

Session [ "user" ] = _; if ( "denied"!= getPermission (Session [ "user" ])) redirect ( " " )

, , , , (, , ) . , getPermission, . , try-catch, (, , , , )

, .

0

Rune FS 19 . '10 9:48

Mark cassidy · Accepted Answer · 2010-01-19T09:28:15+0000

This is absolutely more harm than good. Depending on in which case this exception occurs, you publish information about your system that a visitor with bad intentions can use to search for vulnerabilities.

For example, your stack trace may display errors coming from the System.Data.Sql namespace, telling the person that SQL Server will be found as part of this installation (unlike System.Data.MySql or Oracle, for example).

It also tells the person who calls .NET when an error occurs. Now, for the sake of argument, suppose that one of them had a vulnerability known only to this person - then this can be used to gain access.

All invented scenarios, obviously, or are they? ....; -)

The second opinion, which more or less agrees, is here .

Is Stacktraces dangerous on a live website?

More articles: