DotNetKicks.com Has No Global Exception Handler?
Wow, who’da thunk it? The (otherwise) very smart dudes who run DotNetKicks usually have their s#!+ together. So imagine my surprise a couple of days ago when I mosey on over to the site, and was greeted by this.
Whoops. I guess DotNetKicks was busy that morning. That’s perfectly understandable. However, spilling the guts of your program to end users when an unhandled exception occurs is not.
You’ll notice that the stack trace has been unwound and dumped to the screen. Of course, this is very valuable information for a developer trying to debug an error. Unfortunately, it’s also very valuable information for a malicious user looking for vulnerabilities to exploit, which is why I’ve blurred it in the screenshot.
The Yellow Screen of Death – while only partially yellow and not actually deadly - is definitely not a good way to communicate to your web audience!
Perhaps the powers that be should remember to turn customErrors mode to On. Or better yet, look into a full-featured global error handling solution like ELMAH.
By the way, I love DotNetKicks – really, I do. So please don’t ban me. ;-)
Subscribe to this blog for more cool content like this!
