<<< Previous question <<< Question ID#0688.md >>> Next question >>>
Why is it important from a security perspective to never display PHP error messages directly to the end user, yet always log them?
- A) Error messages give the perception of insecurity to the user
- B) Error messages can contain data useful to a potential attacker
- C) Error messages will contain sensitive session information
- D) Error messages can contain cross site scripting attacks
Answer
Answer: A, B