Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
We are running multiple Sitecore websites and just got feedback that it might be dangerous to have stacktraces available to users of the website when getting errors. Will the website be alot more vulnarable to hackers now that people get stacktraces?
It absolutely does more harm than good. Depending on what the exception in case is, you are exposing information about your system that a visitor with ill intentions could use to look for vulnerabilities.
For example, your stack trace could be showing errors coming from the System.Data.Sql namespace, telling the person that SQL Server is to be found as part of this setup (as opposed to System.Data.MySql or Oracle, for example).
It also tells the person, which .NET calls are being made, when causing the error. Now for the sake of argument, assume that one of these had a vulnerability known only to this person – this could then be exploited to gain access.
All thought up scenarios obviously, or are they?…. 😉
Second opinion that more or less agrees, here.