Will sending more detailed error information to the front end through the header cause security risks? The error message includes the relative path of the file where the error occurred and the line number where the error occurred, as follows:
<code>header('X-Custom-Msg : Can not find something in App.php on line 122');</code>
Will sending more detailed error information to the front end through the header cause security risks? The error message includes the relative path of the file where the error occurred and the line number where the error occurred, as follows:
<code>header('X-Custom-Msg : Can not find something in App.php on line 122');</code>
After the Double Eleven Alipay "unionpay" error incident, do you still think it is safe for this kind of error message to be sent to the front end... If it gets serious, be careful of the company being sued in court, then it is not a matter of losing your job (manual Funny)
For details, please see:
http://finance.sina.com.cn/ro...
https://www.zhihu.com/questio...
So, having said that it is a production environment, do not output any back-end error messages to the front-end!! The information to be output must be encapsulated information, user-friendly information! Even if this is typed in the HTTP header, who Do you know when your front-end or APP side is irresponsible or simply does not catch the error and outputs it all at once
Regardless of whether it is sensitive or not, as long as the information is sent to the client, try to avoid such processing.
(1) Impact on user experience: Ordinary users do not understand this kind of information. They only know that there is a problem, but they do not know what the specific problem is or whether to solve it.
(2) There are security risks: For crackers, after seeing such information, it is possible to deduce what server is used and what kind of back-end architecture is used, and the penetration is laid.
There is no danger. However, this approach is not appropriate. It is better to store logs centrally.
No, this is not sensitive information, password and user information are sensitive information
It is easy to debug in the production environment and there will be no problems. The information is not sensitive either