|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
|
|
#1
September 19th, 2003, 02:40 AM
|
|||
|
|||
|
Quoting Stored Procedures In Error Messages...
I'll try to explain this as best I can
We have a large client application with a sql server backend. Generally when a user reports an error within the application we determine where it happened and then go through the code to try and trace why the error occurred. In order to speed up error tracibility I have begun to insert a lot of error handling in stored procedures which then return unique error codes to determine success or failure. If a stored procedure fails then I quote the returned code in a message box. I've now come up with the idea of quoting the stored procedure in the message box along with the returned error code such as below: "An error occurred while updating the database, please contact IT on x000 and quote the following information: '[Stored Procedure Name] [Error Code]'" My colleague is very dismissive about the idea and doesn't recall ever seeing such a technique, suggesting that it can alienate users?? I personally believe its a good idea and will help our support team determine errors that bit faster. What is everyone elses opinion on this matter, is it a bad idea? Have you used the technique in any applications you have written? Any feedback would be much appreciated. P.S. sorry for the essay 
|
|
#2
September 21st, 2003, 01:16 AM
|
||||
|
||||
|
I have used the same type of error reporting extensively. It makes debugging much less nighmarish when your error message tells you the exact location it is being reported (not that that is necessarily where the problem lies!). In most of my cases, the error messages was a popup on the user's screen and they could call us and either read the message or (some of our people were real computer phobes) get us to go out to the plant floor and read it ourselves. Just keep this security implication in mind: The better your error messages, the more information you give potential hackers. If the app is only used in-house, not such a big deal. If it is web based, you are providing a road map into your application/database for any hacker to browse. If you are putting the app in an uncontrolled environment, you can dump your errors to a specific database then return some unique identifier to the user and have them call the help desk with that ID. Then you can look up your friendly error messages but hackers can't.
__________________
Left DevShed May 28, 2005. Reason: Unresponsive administrators. Free code: http://sol-biotech.com/code/. Secure Programming: http://sol-biotech.com/code/SecProgFAQ.html. Performance Programming: http://sol-biotech.com/code/PerformanceProgramming.html. It is not that old programmers are any smarter or code better, it is just that they have made the same stupid mistake so many times that it is second nature to fix it. --Me, I just made it up The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore, all progress depends on the unreasonable man. --George Bernard Shaw
|
|
#3
September 22nd, 2003, 02:33 AM
|
|||
|
|||
|
Thanks for the feedback.
The application is in-house so there is little threat of a hacker formulating a roadmap into our SQL Server, but still its an interesting point that I had not considered.
|
|
| Viewing: Dev Shed Forums > Databases > Database Management > Quoting Stored Procedures In Error Messages... |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
