I see you ignored my advice.
Quote:
|
Originally Posted by Nathan
We create the errors in this way so the clients notice them, we know our clients...
|
You just called your clients idiots, good job! You probably know that for a fact cause they chose you!
Quote:
The location disclosure of NATS itself is also no problem because in now-a-days exploits the path can be retreived anyway, its not so hard ya know, people that use exploits will find it fast anyway (in case they even NEED it, which is not even the case)... There is a reason why not even apache has a problem with disclosing full paths to websites, nor does PHP on standard php errors...
We tried many different error displays in the past, we also had it turned off totally for some time and only did logging, we had too many clients get problems because of it and this way simply fixes things faster (98% of the time)...
The errors do not disclose information that could not be retreived in many other ways if you want to exploit someone...
|
dude, look at all the data I fetched from a simple error
I don't want to think how much shit can be fetched from your script.
You are supposed to take security seriously and not this fuck it attitude.
Just because it can happen in other ways doesn't mean your script has
to allow it.