• SavvyWolf@pawb.social
    link
    fedilink
    English
    arrow-up
    65
    ·
    1 year ago

    Willing to bet that the backend that they are using doesn’t actually give any useful error messages.

    • GarytheSnail@programming.dev
      link
      fedilink
      arrow-up
      15
      ·
      1 year ago

      Would they surface that to the user anyway? That’s something to log, not to tell the client that xyz service failed because of error 123.

      • Johanno@feddit.de
        link
        fedilink
        arrow-up
        19
        ·
        edit-2
        1 year ago

        I hate this attitude. Yeah don’t give the user stacktraces on error but if you give it a meaningful headline and go in detail, experienced users will be able to deal with the problem if possible. If you go Microsoft-error of mystic ways you will have people Google “unexpected error e34566xce” and they will see that it has 10 possible reasons so you don’t know what even went wrong.

        • azertyfun@sh.itjust.works
          link
          fedilink
          arrow-up
          9
          ·
          11 months ago

          Anyone who says error codes shouldn’t bubble up to the user are incompetent. Either because an incompetent PM infantilizes their users, or more likely because incompetent teams don’t/won’t take an extra 10 minutes to do proper error handling (and they suffer from this as well since they’re the ones who spend hours deciphering the result of a try {} catch(_) { error("we did a fucky wucky uwu") }).

        • GarytheSnail@programming.dev
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          11 months ago

          There’s nothing a user is going to be able to do if this is a problem with the backend. The person I replied to did specify backend, right?

          • Johanno@feddit.de
            link
            fedilink
            arrow-up
            5
            ·
            11 months ago

            If your code gives attack surface by information about what went wrong maybe you should not even deploy anything. If your code needs to be secret to be secure your code is anything but secure.

            • MonkderZweite@feddit.ch
              link
              fedilink
              arrow-up
              4
              ·
              11 months ago

              Not code but internet. A often seen error is letting Appache/Nginx display their name & version in 403/404 pages. First step in planning an attack.

      • PixxlMan@lemmy.world
        link
        fedilink
        arrow-up
        12
        ·
        edit-2
        11 months ago

        No, please tell the user. They’ve got their big boy pants on and can handle seeing one or two weird squiggles in the worst case, and might be able to actually diagnose and fix the issue themselves (without having to go through support) in the best case.

        • max@feddit.nl
          link
          fedilink
          arrow-up
          13
          arrow-down
          1
          ·
          11 months ago

          If it’s a backend/service issue, tell the user, but the bare minimum. You shouldn’t disclose too much info about your system to the end user (think of stack traces, error codes unique to some dependency you’re using) as it may give an attacker some valuable information.