dongpi9164 2014-06-28 16:21 采纳率: 0%
浏览 62
已采纳

在现场网站上处理错误消息的最佳方式[关闭]

Let's say something happens in your application, like some exception thrown. As a developer I would like to see it, but I don't want the typical site user to see it too (it exposes paths and stuff).

I noticed that some sites are encrypting the error message, and the users see:

Oh shit something went wrong. Give this code to the site admin:

*&#BFO*&@BF#*&@BH#OGF*@B#(G*O&GBO*@#BG*@#BG*@BO#GO*@B#(GP
*O&QBOF*UB@#GOF*&B@#G*&OGB*@#O&BG*&@#BG(P*@#HNFIO@NW#FKLJ
*@UB#FO@#B*FB*OBF*O&BW#O*FBWO*G#B&*OGB*W#BGLKJWBGLKJBGLKJ

or something like that. Then the developer can decrypt it and see the message.

Is this a good or bad idea?

Are there any better ways?

  • 写回答

3条回答 默认 最新

  • doudu3961 2014-06-28 17:04
    关注

    Well it usually is a good idea to encrypt the error message since it may contain information about security issues which hackers could exploit.

    On the other hand, end users are more likely to show the webmaster a short error message (like MySQL: Duplicate entry <whatever> for key <whatever> than a bunch of random code they don't understand.

    I usually add automatic error reporting and write something like "An error has occured. The webmaster has been notified and will try to fix the problem as soon as possible. If issues persist, send this code to the webmaster here (link to error reporting form).".

    The error message along with a dump of $_SERVER is encoded using ASCII shift and inside <small> tags to reduce size and scaryness.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 深度学习残差模块模型
  • ¥20 两个不同Subnet的点对点连接
  • ¥50 怎么判断同步时序逻辑电路和异步时序逻辑电路
  • ¥15 差动电流二次谐波的含量Matlab计算
  • ¥15 Can/caned 总线错误问题,错误显示控制器要发1,结果总线检测到0
  • ¥15 C#如何调用串口数据
  • ¥15 MATLAB与单片机串口通信
  • ¥15 L76k模块的GPS的使用
  • ¥15 请帮我看一看数电项目如何设计
  • ¥23 (标签-bug|关键词-密码错误加密)