Note: This guide describes Kentico CMS version 7. Unfortunately, we cannot support this guide from version 8 forward. Go to latest documentation

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

When designing error messages, you should always consider the level of information revealed to the user. If you reveal too much information, the user may be overwhelmed and confused. Moreover, malicious users may exploit this information to gain detailed understanding of the system.

On the other hand, if you do not provide enough information for the user to understand the problem, seeing such error messages may be very frustrating for the user.

Information you should include in the error messages:

  • What is the problem (generic description)
  • What can the user do to fix the problem (suggestions)
  • What can the user do to prevent this problem in the future

Information you should NOT include in the error messages:

  • Stack trace
  • Debug information

Correct

Wrong

 

Handled and unhandled error messages

Be careful about creating error messages for handled errors. Having different error pages for handled and unhandled exceptions can be a severe security risk.

You should always have only one error page for both of these cases.

 

 

 

Configuring the error messages

To configure the system to display custom error messages, modify the web.config file, as described in the Web.config file settings topic.

Instead of showing detailed information about the problem in the error message, store the debug data and stack trace into the event log. The following example logs an event in the event log:

private bool LogEvent(Exception)
{
     // Logs an error type event
	 EventLogProvider.LogEvent(EventType.ERROR, "API Example", "APIEXAMPLE", eventDescription: "An error happened. Message: " ex.Message + ", StackTrace:" + ex.StackTrace);
}

 

  • No labels