Handling application and scripting errors for IU websites

On this page:


Best practice

Sites with dynamic content should fail gracefully by displaying an error message. Websites using dynamic languages such as PHP and connections to external resources such as databases should use error handling and provide messages that describe the problem and any actions the user needs to take to find the information they're looking for or complete the task they're trying to carry out. The message should not contain the system error text or information on the system's underlying implementation.

IU Web Framework note: IU Web Framework sites only require error handling if custom elements which use PHP have been added.

Policy

There is no current IU policy requiring error handling.

Explanation

Unhandled errors can impact website and system performance. If your website is on a shared system like Sitehost, then unhandled errors can affect other websites. If other websites use content on your web site, then unhandled errors can impact those websites. And unhandled errors for many languages and frameworks expose sensitive information about a website or application's underlying infrastructure that attackers can potentially exploit to compromise IU services and data.

Providing visitors with helpful information when they encounter a problem is necessary if you want your website to achieve its purpose. A helpful message may be the difference between a visitor continuing to user your web site or giving up.

More information

This is document auey in the Knowledge Base.
Last modified on 2023-07-17 14:53:24.