[转载]Application Error Handling: How to Avoid Death by a Thousand Cuts

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

When an application error occurs, whether due to user input or an internal function, we as conscientious developers want to present an error message that will help the end user correct the problem. However, it is possible to be too helpful with your error handling approach. By providing overly detailed application error messages to your users, you can actually be opening your site to hackers. Hackers spend the majority of their time performing reconnaissance on a site, slowly gathering multiple pieces of information to determine how a site is vulnerable.