[Tutor] Value of tracebacks to malicious attackers?

[Devin Jeanpierre]

Forgetting to hide tracebacks on a client-side app is not a huge deal
(other than being confusing and looking too serious), and definitely
doesn't matter for security. So I guess we're assuming that the Python
code is not on the user's machine.

On Sat, Jan 23, 2016 at 10:43 PM, Danny Yoo <dyoo at hashcollision.org> wrote:
> But if there is malicious intent, yes, a traceback can give a lot of
> information that we're rather not give freely.  Operating system,
> version of the Python runtime, locations of files, etc.  That's all
> valuable knowledge.

Verbose tracebacks (like from cgitb) will also included the values of
variables on the stack, which can include extremely sensitive data
like cryptographic keys.

For letting users report errors without compromising any data at all,
one can give them a hashed stack trace or error ID that a developer
can look up locally from an error DB. If there is no error DB, then an
encrypted stack trace works too.

>> Is it even
>> possible to prevent this from happening?  I am highly doubtful that it
>> is possible to handle all possible exceptions in any reasonably
>> complex application.

You can catch exceptions using a top-level try-except. If an exception
slips through (e.g. a bug in your setup/teardown code etc.), then your
app will crash, but the exception will not be given to the user (just
to stderr, which will get directed to logs), because the only
exceptions users see are exceptions you explicitly give to them.

(This isn't true in some environments. Avoid those.)

-- Devin