返回客户错误消息是否被视为最佳实践?为什么呢?有什么情况吗?
// GET: Student/Details/5
public ActionResult Details(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
Student student = db.Students.Find(id);
if (student == null)
{
return HttpNotFound();
}
return View(student);
}
将自定义消息与HttpStatusCode.BadRequest一起使用
// GET: Student/Details/5
public ActionResult Details(int? id)
{
if (id == null)
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest, "Custom Message");
}
Student student = db.Students.Find(id);
if (student == null)
{
return HttpNotFound(); //does this reveal anything ?
}
return View(student);
}
攻击者可以从HttpStatusCode响应中获取哪些信息?