Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris

Re: Re: CGI Error Handling

by davorg (Chancellor)
on Dec 10, 2001 at 15:06 UTC ( #130627=note: print w/replies, xml ) Need Help??

in reply to Re: CGI Error Handling
in thread CGI Error Handling

Whilst this is great to use when you're developing a script, I wouldn't advise using it in production code. This is because the error messages that it gives can be a source of useful information for anyone trying to crack your site. In some cases, just knowing that you've got Perl installed on you server can give crackers a head start.

Error messages like this belong in the server error log where the webmaster can read them. There's a good reason why Apache gives a plain 500 error page by default.


"The first rule of Perl club is you do not talk about Perl club."
-- Chip Salzenberg

Replies are listed 'Best First'.
Re: Re: Re: CGI Error Handling
by Fastolfe (Vicar) on Dec 11, 2001 at 01:05 UTC
    It almost sounds like you're warning people away from using CGI::Carp entirely. (You probably aren't, but I wanted to post this for the benefit of other readers that might also be confused.) It's mainly the fatalsToBrowser and warningsToBrowser bits that we don't want to see in production code. CGI::Carp's primary purpose is to format out nice, debug-friendly error messages in your server's error logs, so I definitely recommend its use even in production code.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://130627]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (4)
As of 2022-05-21 13:37 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (76 votes). Check out past polls.