Error Handling: verbosity−−;

Developers need to implement good error handling procedures in their code. There is nothing more annoying that something like “error 0x4e45ff“.

On the other side, reporting too much details to the end user can lead to security threads! Use Google and search for “mysql error and look the cached pages. There are plenty of indexed pages like:

Warning: mysql_connect(): Access denied for user: 'user@server'
(Using password: YES) in
/var/www/xxx/html/forums/sources/Drivers/mySQL.php on line 65

or

WordPress database error: [MySQL server has gone away]
SELECT option_value FROM wp_options WHERE option_name = 'siteurl'
LIMIT 1

As you can see, WordPress is very verbose when a database error occurs. Those information can be very useful for a hacker. On BlogSecurity, there is an interesting article with a small plugin which fixes this potential issue.

Just download it to your /wp-content/plugins/ directory and activate it via the WordPress web interface (Plugins -> Activate).

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.