Hi all,

i'm discutting with my friend about this question for 30 min and i do not
agree with he. Here is the question:

Why is it important from a security perspective to never display PHP error
messages directly to the end user, yet always log them?

Answers: (choose 2)
    Error messages will contain sensitive session information
    Error messages can contain cross site scripting attacks
    Security risks involved in logging are handled by PHP
X    Error messages give the perception of insecurity to the user
X    Error messages can contain data useful to a potential attacker

My answers is marked with a X.

some clue about this?


Augusto Morais

Reply via email to