Life like Opossum Posted February 2, 2013 Posted February 2, 2013 (edited) I was browsing my online learning site for my school and i received an ODBC error message. On this message I could view the current working versions of both Microsoft .NET and ASP. NET. Is this an issue that I shold bring to my moderators attention? Both pieces of information were in plain text and clearly visible. Edited February 2, 2013 by Saelani Quote
ihackforfun Posted February 11, 2013 Posted February 11, 2013 You could point out that this is indeed not the best practice, point them to this OWASP web site: https://www.owasp.org/index.php/Information_Leakage Quote
Jason Cooper Posted February 11, 2013 Posted February 11, 2013 If you are viewing a production web site then they should never be shown error messages. Not showing error messages doesn't stop people from abusing any errors in your site, but it does make their job harder. If you were just viewing the site and then came across the error then I would suggest reporting it to the sites owner, that way they are at least aware that their site is broken (after all obscure pages on sites can easily be missed when a change elsewhere causes them to break). Quote
Life like Opossum Posted February 12, 2013 Author Posted February 12, 2013 Ya I opened a ticket with the site admins and they pretty much ignored what I was trying to tell them. I've done all I can, the rest is up them... Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.