Proper Error Handling

Within Apache, you can use the ErrorDocument directive to redirect users to custom pages that do not contain any sensitive details for specific error codes:

ErrorDocument 404 /error.php

For more advanced error handling, Apache also supports various redirect server variables that are set when an error code is triggered and can be used within a PHP script to perform more intelligent redirects:

REDIRECT_STATUS=4 0 4 REDIRECT_SERVER_PORT=4 4 3 REDIRECT_URL=/nonexistent.html

More complex web applications also need to ensure that all devices within the web application architecture have their error messages controlled so they are only visible to relevant technical employees.

Custom errors produced by the web applications must not reveal sensitive information and should not allow an attacker to determine valid and invalid database content based on differing errors and responses. An error message that isn't revealing would be

Error: Login failed.

Designers and developers need to go through security awareness and secure coding training so they can start to think about security issues that may arise when creating an application.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment