In computer security
of software systems
, an important issue is the design of error messages in a way that prevents security vulnerabilities. This aspect of software security has only recently begun to receive increased attention. Some of the primary recommended design principles include:
- When asking a question, give the user enough information to make an intelligent decision. Otherwise, for lack of information, they will choose the choice that allows them to make progress, often resulting in compromised security.
- Don't give so much information that the user is overwhelmed or confused and so unable to make an intelligent decision. If this additional information is sometimes useful for debugging or advanced diagnosing, either hide it by default, log it in a separate location, or require special privileges to view it.
- Don't give error messages that could be exploited by a hacker to obtain information that is otherwise difficult to obtain. Again, if this information is useful, log it in a separate location or strictly limit access to it. A commonly-cited example of this is a system that shows either "Invalid user" or "Invalid password" depending on which is incorrect. This allows an attacker to determine a valid username without knowledge of any user passwords, and so is considered by some to be less secure. Another common example is the IIS 5.0 web server's error page, which features a complete technical description of the error including a source code fragment.