Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

network security
error handling

What is information leakage and improper error handling?

Educative Answers Team

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Answers Code
widget

Information leakage occurs when errors are improperly handled – this results in internal error messages being displayed to the hacker. The hacker can then use the additional information to better target the attack set to that service. Web services generate many error messages and display these messages directly to the user. This can reveal errors, but it can also reveal important information such as Apache version, build number, and memory pointer location.

The following error occurs when access is denied for SQL:

Warning: sql_pconnect(): access denied for user: 'root@localhost' (Using password: A13KpO9) in usr/local/www/ds/includes/database.inc on line 6.

As you can see, this error displays the credentials of the user to access the database.

A way to prevent information leakage could be to display the following error:

Error:
Access denied!

This ensures that sensitive user information is not displayed.

Prevention

Information leakage can easily be prevented by making use of the following tips:

  • Specific policies on how to handle errors, e.g., if an error should be logged or displayed.
  • Assume all users are hostile and develop the error handling mechanism.
  • Develop default error handlers that return sanitized error messages for most users.

RELATED TAGS

network security
error handling
Copyright ©2022 Educative, Inc. All rights reserved

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Answers Code
Keep Exploring