Menu
We are running multiple Sitecore websites and just got feedback that it might be dangerous to have stacktraces available to users of the website when getting errors. Will the website be alot more vulnarable to hackers now that people get stacktraces?
229
It absolutely does more harm than good. Depending on what the exception in case is, you are exposing information about your system that a visitor with ill intentions could use to look for vulnerabilities.
For example, your stack trace could be showing errors coming from the System.Data.Sql namespace, telling the person that SQL Server is to be found as part of this setup (as opposed to System.Data.MySql or Oracle, for example).
It also tells the person, which .NET calls are being made, when causing the error. Now for the sake of argument, assume that one of these had a vulnerability known only to this person - this could then be exploited to gain access.
All thought up scenarios obviously, or are they?.... ;-)
Second opinion that more or less agrees, here.
70
Potentially. But it should never be an issue.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
