this post was submitted on 09 Dec 2023
628 points (99.1% liked)

Programmer Humor

32716 readers
333 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 19 points 1 year ago* (last edited 1 year ago) (3 children)

I hate this attitude. Yeah don't give the user stacktraces on error but if you give it a meaningful headline and go in detail, experienced users will be able to deal with the problem if possible. If you go Microsoft-error of mystic ways you will have people Google "unexpected error e34566xce" and they will see that it has 10 possible reasons so you don't know what even went wrong.

[–] [email protected] 9 points 1 year ago

Anyone who says error codes shouldn't bubble up to the user are incompetent. Either because an incompetent PM infantilizes their users, or more likely because incompetent teams don't/won't take an extra 10 minutes to do proper error handling (and they suffer from this as well since they're the ones who spend hours deciphering the result of a try {} catch(_) { error("we did a fucky wucky uwu") }).

[–] GarytheSnail 4 points 1 year ago* (last edited 1 year ago)

There's nothing a user is going to be able to do if this is a problem with the backend. The person I replied to did specify backend, right?

[–] [email protected] 3 points 1 year ago (1 children)

Thin line between giving useful error messages and more attack surface.

[–] [email protected] 5 points 1 year ago (1 children)

If your code gives attack surface by information about what went wrong maybe you should not even deploy anything. If your code needs to be secret to be secure your code is anything but secure.

[–] [email protected] 4 points 1 year ago

Not code but internet. A often seen error is letting Appache/Nginx display their name & version in 403/404 pages. First step in planning an attack.