Should I catch errors that never occur with a regular user?

Question

Should I catch errors that never occur with a regular user?

I have a row where I take the database row from .get(field = ID). A regular user always sends IDthat exists in the database, but the hacker may not work, and he will throw an exception DoesNotExist. Is it important to catch this explicitly, or should I just throw an exception in this case? In any case, the hacker will not see any message, so there is no security risk in any case.

I am also wondering if I should log this exception. It would be interesting to know what you guys are doing as a general rule of thumb, and your excuse for registering / catching and letting you throw an uncaught exception.

+5

security django web error-handling

babonk Feb 01 '12 at 23:24

source share

1 answer

blacklwhite · Accepted Answer · 2012-02-02T00:04:07+0000

The important part is in what context you use this field. If you access a page through /profile/[ID], I would display a page not found by the user. If you do something like this

ID = context["user"].id
Object.get(field = ID)

I would not try to catch the error separately.

In general, I save every error that cannot be caused by normal user behavior. Then I can look into my error log and immediately see where my site is causing crashes or hackers tried to find a security hole.

Then I fix this undefined behavior so that the error log is as empty as possible.

Should I catch errors that never occur with a regular user?

More articles: