I understand not exposing a full stack trace, but I don't see any excuse to not even expose a googleable error code. If me having an error code makes your product insecure, then you have a much bigger problem.
I understand not exposing a full stack trace, but I don't see any excuse to not even expose a googleable error code. If me having an error code makes your product insecure, then you have a much bigger problem.
I show the stack trace on AGPL projects. Why hide what they can already see for themselves?
The reason I see is that it might expose the value of secret keys or other sensitive variables. But if you are certain it won't happen, then yes