Hi, we are using Umbraco for the company's website. The issue is that in case of any error that happens on the website, an error message is sent including the absolute path of the files on the server along with the database table name that it refers to.My company considers this as a risk. An earlier communication was done with some Umbraco developers, and the advise was not to modify any of the codes in Umbraco to meet a specific requirement.
I would like to know if there is any future releases/updates that would address this issue.
By default in the latest Umbraco builds this is set to "RemoteOnly" which means that you can only see the full error message stack if you're on the service that the site is running on, otherwise you get a plain IIS based "an error occured" message. (All ASPX based sites default to RemoteOnly and as far as I've known, it's always been defaulted to RemoteOnly for Umbraco too).
If its set to "Off", then anyone will see the full error message.
Also, check that the site has debug turned off - so in the web.config check that umbracoDebugMode and 'debug' in the compilation section are both set to 'false'.
Absolute path when error
Hi, we are using Umbraco for the company's website. The issue is that in case of any error that happens on the website, an error message is sent including the absolute path of the files on the server along with the database table name that it refers to.My company considers this as a risk. An earlier communication was done with some Umbraco developers, and the advise was not to modify any of the codes in Umbraco to meet a specific requirement.
I would like to know if there is any future releases/updates that would address this issue.
Regards,
Jude
Hi Jude,
By default, any ASPX based sites will show the full stack of the error message based on the CustomErrors setting in the sites web.config.
What you want to check out is what this is set to on your site(s).
http://msdn.microsoft.com/en-us/library/h0hfz6fc(v=vs.71).aspx
By default in the latest Umbraco builds this is set to "RemoteOnly" which means that you can only see the full error message stack if you're on the service that the site is running on, otherwise you get a plain IIS based "an error occured" message.
(All ASPX based sites default to RemoteOnly and as far as I've known, it's always been defaulted to RemoteOnly for Umbraco too).
If its set to "Off", then anyone will see the full error message.
Also, check that the site has debug turned off - so in the web.config check that umbracoDebugMode and 'debug' in the compilation section are both set to 'false'.
If you think that it's still an issue, you can also raise a request for it to be reviewed and considered as a change:
http://our.umbraco.org/contribute/report-an-issue-or-request-a-feature
Cheers,
Drew
Thanks Drew for the reply. Let me check with my team about the settings.
Regards,
Jude
is working on a reply...