Hide original error (lines of code) when throwing an exception

Question

Hide original error (lines of code) when throwing an exception

How can I hide the source line throwing an exception on the yellow screen of death? For example, consider the following screen of a potentially dangerous query:

enter image description here

In the above example, source strings are not displayed. Whereas if any custom written code throws an exception, the error lines are always displayed like this:

enter image description here

How can I hide lines of code (similar to the first image) when throwing an error?

+3

c # asp.net

helloworld 21 Mar 12 at 7:44

source to share

7 replies

Uwe keim · Answer 1 · 2012-03-21T07:51:09+0000

Set the mode

section attribute customErrors

to RemoteOnly

in the "web.config" file:

<?xml version="1.0" encoding="utf-8"?>

<configuration>
    <system.web>
        <customErrors mode="RemoteOnly" />
    </system.web>
</configuration>

This allows you to see detailed errors when browsing the website locally on your server, but does not expose detailed errors to remote visitors.

Alternatively, set On

instead RemoteOnly

to hide verbose errors entirely, whether you are viewing remotely or locally.

Özgür Kara · Answer 2 · 2012-03-21T07:48:30+0000

you can configure this in your web config definition.

http://msdn.microsoft.com/en-us/library/h0hfz6fc(v=vs.71).aspx

Ali Issa · Answer 3 · 2012-03-21T07:49:21+0000

This is very easy to do, just edit your web.config file to:

<customErrors mode="RemoteOnly" />

Ravi Gadag · Answer 4 · 2012-03-21T07:48:18+0000

since it clearly states a potentially dangerous request, the user could submit un-sanitized data, for example

<script type="text/javascript"> alert('sdas');</script>

...

and you will even check this link Prevent Script Exploits

you can use HtmlEncode, HTML Encode method
you can disable custome Errors in web config

web config

<system.web>
    <customErrors mode="RemoteOnly"/>
</system.web>

Royi namir · Answer 5 · 2012-03-21T07:49:01+0000

add these lines to Web.config

<configuration>
    ...

    <system.web>
        <customErrors mode="On"
                      defaultRedirect="~/ErrorPages/Oops.aspx" />

        ...
    </system.web>
</configuration>

Adrian iftode · Answer 6 · 2012-03-21T07:55:49+0000

If it's live, not on a development machine, it shouldn't appear at all.

You can check <customErrors>

on web.config

so you can show a nice html page (simple static, not aspx not handled by ASP.Net) that says an error has occurred, etc.

Then ELMAH is good for logging these errors (including the original lines, it will be necessary to see errors that you can fix, etc.).

Also, live websites should not be deployed in DEBUG mode, but in Release mode. For Web Site Projects

this you can only switch to config

, but for Web Application Projects

you need to compile the desired settings.

user3521369 · Answer 7 · 2016-01-14T18:40:02+0000

create fake class - create dll

public static class yummy
{
    public static FAKER()
    {
       throw new exception();
    }
}

go to the current working project. add a link that dll go where you want to throw the error. write this.

// lines of codes
yummy.Faker();

i put it in some static class constructor i.e. helper12. Then the exception seemed to come from the helper12 class

Hide original error (lines of code) when throwing an exception

More articles: