Handling errors

Question 1

What can automatically generated error messages include?

Answer 1

They may include sensitive information about their environment, users or associated data.
Sensitive information may be valuable information on its own or it may be useful for launching other more serious attacks

Question 2

Handling errors

Answer 2

Handling errors helps in handling software errors gracefully and helps execution to resume when interrupted

Question 3

What happens in the worst-case scenarios?

Answer 3

The error handling mechanisms force an application to log the user off and shut down the system

Question 4

What 2 ways can error messages be generated?

Answer 4

Externally-generated
Self-generated

Question 5

Externally-generated error messages

Answer 5

The external environment, such as a language interpreter, handles the error and constructs its own message, whose contents are not under direct control by the programmer

Question 6

Self-generated error messages

Answer 6

The source code explicitly constructs the error message and delivers it

Question 7

What sensitive information can automatically generated error messages include

Answer 7

Private, personal info, such as personal messages, financial data, geographic location or contact details.
System status and environment, such as the operating system and installed packages
Business secrets and intellectual property
Network status and configuration.
The applications own code or internal state
Metadata, e.g. logging of connections or message headers

Question 8

Flask error handling

Answer 8

Allows for custom error pages in which we can define our own error messages and therefore help prevent information leakage.