Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I understand not exposing a full stack trace, but I don't see any excuse to not even expose a googleable error code. If me having an error code makes your product insecure, then you have a much bigger problem.


I show the stack trace on AGPL projects. Why hide what they can already see for themselves?


The reason I see is that it might expose the value of secret keys or other sensitive variables. But if you are certain it won't happen, then yes




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: