What is information leakage and improper error handling?

widget

Information leakage occurs when errors are improperly handled – this results in internal error messages being displayed to the hacker. The hacker can then use the additional information to better target the attack set to that service. Web services generate many error messages and display these messages directly to the user. This can reveal errors, but it can also reveal important information such as Apache version, build number, and memory pointer location.

The following error occurs when access is denied for SQL:

Warning: sql_pconnect(): access denied for user: 'root@localhost' (Using password: A13KpO9) in usr/local/www/ds/includes/database.inc on line 6.

As you can see, this error displays the credentials of the user to access the database.

A way to prevent information leakage could be to display the following error:

Error:
Access denied!

This ensures that sensitive user information is not displayed.

Prevention

Information leakage can easily be prevented by making use of the following tips:

  • Specific policies on how to handle errors, e.g., if an error should be logged or displayed.
  • Assume all users are hostile and develop the error handling mechanism.
  • Develop default error handlers that return sanitized error messages for most users.
Free AI Mock Interviews
Coding Interview
Coding PatternsFree Interview
Gain insights and practical experience with coding patterns through targeted MCQs and coding problems, designed to match and challenge your expertise level.
System Design
You TubeFree Interview
Learn to design a video streaming platform like YouTube by tackling functional and non-functional requirements, core components, and high-level to detailed design challenges.

Free Resources

Copyright ©2025 Educative, Inc. All rights reserved