[Zope3-dev] X-zope-handle-errors header
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Jan 3 11:29:59 EST 2006
On Thursday 01 December 2005 09:28, Chris Withers wrote:
> Do we want Zope to always respond to this header?
> Yes, it's helpful for testing, but surely it risks information
> disclosure vulnerabilities or worse if used on a production application?
The user would receive no useful information, since he would only get a
SystemError page that contains null information.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list