This is one of those moments in history which you must be really
lucky to witness. Can you believe MSDN actually had a connection
string problem in their website which were exposed wide open to the
public? Also they deployed the site in debug mode in order to see
the error. Moreover, they actually turned on showing remote errors.
Must have been really hard to find what was wrong with the
site.
So, what we learn from here?
- Don’t deploy production site in debug mode
- Do not set “off” to
. Anyone can see stack
trace of your web application. Hackers can collect valuable
information from these stack traces - Put enough logging in your code so that you can analyze server
side log in order to find out what’s wrong with your web app. Don’t
just turn off custom errors in order to see why the site is not
working. - Put a good custom error page which apologizes to users and
gives them enough links to either contact support or go to some
other pages. - Produce error alerts via email, SMS or IM Client when your site
experiences such problems. This is the best way to learn about
fatal errors on site and take action quickly.
omg !!!!
its really big alert for me too. thanks 🙂
you should mention “So, what we learn from here?”‘s source, which is MSDN !! it’s seems like they don’t do what they are learning us!
I was trying a couple a days ago in IE7 search box (set up to live.com) to type “” as a search criteria and the live com crashed 🙂
Try it for yourself 🙂
http://www.live.com/?q=%3Cnunit2%3E
Oh, God save us. Live.com crash too.
Bye