|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Please bear in mind that in the world of cryptography, the difference between proper error messages and information disclosure vulnerabilities is narrow, or only a nuance.
IMHO, you have it backwards. It is the improper error messages that can pose a security risk. If my OpenSSH program is either misconfigured or malfunctiong, and it may be exposing my systems to something nefarious, then how am I to efficiently debug it and get to the bottom of that if I have to contend with its throwing roadblocks in my face?
This is not nuance by any means. It's just poor programming practice. -- Maurice Volaski, mvolaski@xxxxxxxxxxxx Computing Support, Rose F. Kennedy Center Albert Einstein College of Medicine of Yeshiva University
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Fedora Bible] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]
