For further actions, you may consider blocking this person and/or reporting abuse
Read next
Day 9: Unleashing Creativity in Android Development - Crafting a Dynamic Recipe App!
Himanshu Gaur -
Item 81: Prefira os utilitários de concorrência ao wait e notify
Java para Iniciantes (Oracle) -
Creating and Managing Projects in Jira: A Beginner’s Guide
Nelly -
Melhores APIs JavaScript para carregamento (upload) de arquivos em 2025
danielroncaglia -
Top comments (2)
I very much appreciate the intent of this, and in general I completely agree. Especially if you’re making a library, good error messages are really helpful.
We do need to be careful, though. Error messages can disclose the inner-workings of our applications, which can be harmful from a security perspective.
If you have an image resizing web service, “I couldn’t access the image” and “what I accessed wasn’t an image” are both too much information. If I know you couldn’t access the image, I can probe a bit more and hope that I’ll get a different message if I figure out how to trick your program. If you tell me you don’t think my malicious payload was an image, now I know to try and defeat that validation. It would be far better to respond “I don’t know what happened, but I couldn’t fulfill your request,” then I have a lot less to go on in trying to defeat your safeguards.
Cool, keep it up