Display a generic error page instead of error messages revealing information about the server's configuration

lovasoa / SQLpage

SQL-only webapp builder, empowering data analysts to build websites and applications quickly

https://sql.ophir.dev

MIT License

895 stars 63 forks source link

Display a generic error page instead of error messages revealing information about the server's configuration #145

Closed lovasoa closed 7 months ago

lovasoa commented 7 months ago

Discussed in https://github.com/lovasoa/SQLpage/discussions/144

^{Originally posted by **demogit-code** December 1, 2023} When you make a mistake the problem is shown on the webpage, referring to files, tables and structure, ... If what if you wanted to hide these messages (for security or ..), but instead showing a generic error page (without knowing all possible errors in advance) So is there a way of hiding these message on the webpage, (or cf like dev vs prod) Any ideas?

lovasoa commented 7 months ago

There should be a configuration parameter to tell SQLPage you are running in production and don't want the debug messages.

lovasoa commented 7 months ago

If someone wants to help with that, here are some useful pointers:

configuration handling: https://github.com/lovasoa/SQLpage/blob/main/src/app_config.rs
the error handling function, which currently just calls the error component: https://github.com/lovasoa/SQLpage/blob/main/src/render.rs#L61-L69

Ideally, I think that in production mode, any error should stop the execution completely and raise a general error, to prevent the execution of further sql commands that the author may not have expected to run without some precondition being met.