Web applications attacks/Display errors
Displaying of errors is a good thing on a development environment since it provides debugging information for the developer. Although, make sure the eventual errors are NOT displayed on your production environment since they could provide hackers with critical information about your code/database structure.
- HackThisSite.org, Realistic, Level 13 shows how to exploit error messages to gather critical information about the database model.
- If you use PHP, make sure "display_errors" parameter is set to "false" on your production environment.
- Catch error messages by "try/catch" directives.