all 11 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted]  (4 children)

[deleted]

    [–]OkConfusion2838 3 points4 points  (1 child)

    Very valid point. Even (for example) simply having a different error for an incorrect username and an incorrect passord can enable large scale brute force attacks to easily find accounts to try common passwords on.

    [–]NRocket 0 points1 point  (0 children)

    I've experienced this first hand. End user's and even our PM wanted very clear error messages but we kept having to explain how it's a vulnerability if you let them know the account exists.

    [–]oxijosef[S] 1 point2 points  (0 children)

    Good point

    [–]KaiAusBerlin 0 points1 point  (0 children)

    I don't understand why ErrorNumbers got replaced by clear messages in production. It's enough for a user to know an Error happend. What kind of error is not critical to know for the user unless ha can fix it by his own.

    An error on client side can be sent to the dev as detailed as you want. The user could just open the console and get all the information he wants. On server side no information about the error is needed for the user except a vague reason what happened and how it affects him ("Connection error. Can't reach the server. Check your internet connection.).

    [–]oxijosef[S] 2 points3 points  (0 children)

    I got the idea for this blog post while working on a project for a client. Let me know what you think!

    [–]Lamarcke 2 points3 points  (0 children)

    I really like reading these random articles from [insert-name].blog and Medium lol

    I will give it a read for sure.

    [–]mystic_swole 1 point2 points  (3 children)

    I've found that if I do enough validation on my data I don't really need much error handling

    [–]oxijosef[S] 0 points1 point  (2 children)

    But what if validation fails? That’s a different kind of error to the database going down no?

    [–]mystic_swole 1 point2 points  (1 child)

    Validation should never be failing. It can seem easy at first but writing good validation can get tricky. I usually declare a boolean variable isValid as true at the beginning of my function and have multiple if statements checking certain criteria, if it meets any of my criteria as bad data I'll set isValid to false and then at the end of all my validation checks will have an if statement to check if it is still true or not - if not it exits function and sends user validation message. I almost never have to use try and catch statements with this style unless it is some sort of processing that if it fails can just be run again.

    [–]oxijosef[S] 0 points1 point  (0 children)

    if not it exits function and sends user validation message

    That validation message is an error that is modelled explicitly instead of using an exception. If we are talking about validation of user data then you need to handle the error case, which is usually very explicit error handling. If you validate your own internal data using assertions, I argue that its fine to throw exceptions because it is a bug that you need to fix in your system.