How to protect yourself Simply be aware of this type of attack, take every security violation seriously, always get to the bottom of the cause event log errors rather, and don't However, if they are required, ensure that only filtered data is used to construct the string to be executed and make sure to escape the output. Johannes Ullrich. "Top 25 Series - Rank 16 - Information Exposure Through an Error Message". CVE-2008-1579Existence of user names can be determined by requesting a nonexistent blog and reading the error message. http://mediacount.net/error-message/error-message-on-vf-page.html
Modification of any data characteristics, including access control permissions or labels, location in database or file system, or data ownership. Always use customized database users with the bare minimum required privileges required to perform the assigned task. The fourth group is very large and should be run only when comprehensive testing is the priority and the amount of time consumed by the job run is not. Disable or limit detailed error handling.