> -----Original Message-----
> From: Connie Chan [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 16, 2002 11:38 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: How fatalsToBrowser works ?
> 
> 
> I am on a Win32 system, and  I use the fatalsToBrowser to 
> prompt errors 
> with some scripts. However, the error mesg will also prompt 
> where exactly
> the file(script) is located. In case, I don't want the full 
> path is exposed.
> Can I modify sth , perhaps regex s///, to mask the root path ?
> 
> like :
> File not found : html/log/connie.txt at 
> C:\WWWroot\CGI-ALL\index.pl line 12.
> 
> is better be masked as :
> File not found : html/log/connie.txt at /index.pl line 12.

Why is revealing the full path to your script risky? What could a bad guy do
with that information? If you're concerned about that, using fatalsToBrowser
is probably a bad idea.

If you really want to munge the message, you could subclass CGI::Carp and
install your munger in front of the call to CGI::Carp::die in the
$SIG{__DIE__} handler.

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to