[Zope-dev] Re: [Zope] isecure XML-RPC handling.

Rossen Raykov raikovr@yahoo.com
Sat, 6 Apr 2002 11:07:27 -0500


> > Shall the dump help the regular surfer? I doubt so.
> >
> > Shall it benefit the developer or the tester? Most probably not since
they
> > are not performing their activities on the production site.
>
> Oh, they most definitely help the developer or tester, because errors do
> appear on production sites too, and it can be very hard to recreate the
> problem.

The only one problem there is that if a surfer sees the dump most probably
he will not send it to the developer....

>
> BUT: The developer has access to the system, and the dump doesn't have to
be
> included in the HTML output. Maybe error dumps could be sent to a disk-log
> of some sort?
>

Exactly that's my point.
Log it with as many details as you can!
Log it on the local file system or use syslog or a database but do not send
it to the users browser.
Do not put it in the response if the server is running without -D option.

Regards,
Rossen


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com