All Questions
Tagged with error-handlingweb-application
6 questions
0votes
1answer
117views
Error message when logging in with valid credentials while registration not complete
I have a registration login process which includes a one-time activation link sent via email when the user registers. When the user clicks the link the account get's activated. Now what error message ...
1vote
1answer
915views
API Returning Java Exception. Safe?
I just wanted to ask if my concerns here are valid. I am aware that it is unsafe for the API to return a stack trace. I have a similar, but less egregious, situation that I am trying to judge. Is ...
- 113
0votes
2answers
168views
Is there a problem with this approach to handling invalid web probes?
Like any other website owner, I get frequent probes for vulnerabilities e.g. .php .sql or .gz pages. These used to appear in my log files as 404 responses (we host on ASP.NET Core). These also take ...
- 101
39votes
7answers
15kviews
Is it a security vulnerability to tell a user what input characters are valid/invalid?
For input validation on a website, are there any security concerns with disclosing to the user exactly what characters are valid or invalid for a given field? CWE-200: Information Exposure says one ...
- 487
50votes
6answers
8kviews
Should I be concerned if my website throws stack information?
I have a simple login form on my web page and the URL looks like this: example.com/signup/signup.php?q=1 If I try something like this: example.com/signup/signup.php?q=1&() I'm redirected to a ...
- 501
18votes
3answers
9kviews
Is it a vulnerability to display exception messages in an error page?
Our web application has an error page that displays the absolute URL path and query of the page on which the error occurred, the date/time of the error, and the exception message. (We do not display ...
