Skip to content

re: Thoughts on "Security Through Obscurity" VIEW POST


I think it's definitely important. One of the biggest examples of this is the stack trace. During development you will want errors to be detailed giving you an instant insight into what the problem is, however once in production these will return a standard error message to the user. Hopefully you'll be logging these errors anyway, so you'll still have the ability to see what went wrong.

This means having different configurations for dev/test/prod something akin to:

    <customErrors mode="Off"/>
    <httpErrors errorMode="Detailed" />
code of conduct - report abuse