[WEB SECURITY] Debug symbol in Jave Code
itsecanalyst at gmail.com
Thu May 5 14:42:29 EDT 2011
Thanks everyone for your time and pointers.
On Wed, May 4, 2011 at 3:17 PM, Henri Salo <henri at nerv.fi> wrote:
> On Wed, May 04, 2011 at 01:34:14PM -0700, Gautam wrote:
> > Hi MustLive (Don't know your real name, apologies)
> > So while i am happy i was correct (after reading your mail below) and
> > mentioned that we should not have '-g' debug 'ON' in production build.
> > Now a response to that was 'hey we are just writing web services and they
> > don't put anything on the webpages and if no stack traces are seen we
> > see any security issue here".
> > What are your thoughts on this.
> > Adding WASC mailing list, in case it goes this time.
> > Thanks,
> > Gautam
> * HELLO EVERY*
> Security wise it is be wise to not to have functionality. Thus not Abuse of
> Functionality issues! I like to warn everybody of HTTP 200 code to not allow
> everyone in sites on every platform and to not allow InFoRmaTion LeaKage!!
> Best debug messages & advisory overload,
> Wanabe MusntLive
> Administrator of Pure Logic
> ps. whem do we get end to this MustLive bullshit?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity