在不泄露任何敏感信息的情况下显示错误消息的最佳实践是什么?

时间:2019-05-29 22:20:25

标签: c# asp.net-mvc error-handling

返回客户错误消息是否被视为最佳实践?为什么呢?有什么情况吗?

 // GET: Student/Details/5
    public ActionResult Details(int? id)
    {
        if (id == null)
        {
            return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
        }
        Student student = db.Students.Find(id);
        if (student == null)
        {
            return HttpNotFound();
        }
        return View(student);
    }

将自定义消息与HttpStatusCode.BadRequest一起使用

 // GET: Student/Details/5
public ActionResult Details(int? id)
{
    if (id == null)
    {
        return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "Custom Message");
    }
    Student student = db.Students.Find(id);
    if (student == null)
    {
        return HttpNotFound(); //does this reveal anything ?
    }
    return View(student);
}

攻击者可以从HttpStatusCode响应中获取哪些信息?

0 个答案:

没有答案
相关问题
最新问题