: Should error pages be strictly html? I'm using PHP on Apache server I'm wondering.. If the error pages should best be served as pure and simple html, without database connection etc.? This would
I'm using PHP on Apache server
I'm wondering.. If the error pages should best be served as pure and simple html, without database connection etc.?
This would remove any chance of repeating/complicating an error that was caused by php or database, no?
More posts by @Gail5422790
4 Comments
Sorted by latest first Latest Oldest Best
You should only serve very generic error page to the user, as providing more details on error may disclose highly valuable information for malicious attacker.
However you need more information for debugging. There are following solutions:
Log all error information rather than just responding with it. This is good for production servers as allows to analyse error that happened to the end user and otherwise would never be seen by you.
If you have a testing server, make your software specifically configurable to respond with full error information only if it runs on a testing server.
If you only use your workstation for testing, only respond with full error information if the request is from the local host.
It depends on your situation.
Your PHP could also handle the lack of database connection in a nice way. But if you have a custom PHP with many possibilities for bugs and problems, go for an HTML page.
If you're using a system such as Drupal or WordPress it's best to go with whatever is provided there, possibly adding something such as a module such as Search 404 on Drupal that will take your visitors to a search page.
If you have a lot of traffic and the load on your servers might go up considerably when suddenly hundreds of people are refreshing a page it can be an idea to serve an image instead, served from a 3rd party service (e.g. Amazon) since it will take people more time to load the image and it will keep them from hitting Ctrl-R very quickly which would cause your load to go up even more.
I would say yes, simply because there isn't any need for dynamic error pages. For example: If your database is down or under pressure, it is unlikely that you will want your error pages to be attempting database connections. Likewise, if your server is under pressure, you don't want your error pages to be carrying out any server-side processing. All-in-all, I think that it is better to keep things simple in this regard.
In saying that, 404 error pages might prove to be the exception to this. Example: Showing the end-user a list of links to pages that are similar to the page that they were looking for.
This really depends on the error being served. For a 404 error, there would be no reason that there are any issues with the server - meaning all the php stuff should be working find. But if you have a 500 there may be an issue with the server, preventing php from running. This really depends on your tolerance for risk.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.