Hi all,
i'm discutting with my friend about this question for 30 min and i do not
agree with he. Here is the question:
Why is it important from a security perspective to never display PHP error
messages directly to the end user, yet always log them?
Answers: (choose 2)
Error messages will contain sensitive session information
Error messages can contain cross site scripting attacks
Security risks involved in logging are handled by PHP
X Error messages give the perception of insecurity to the user
X Error messages can contain data useful to a potential attacker
My answers is marked with a X.
some clue about this?
thanks
Augusto Morais
