Error messages can leak everything from full path names to password. A user should never be exposed to them, unless you expect them to fix the problem for you.
I regularly get consulted on various web application security issues and defensive strategies. One of the recent "frequently asked questions" is around database encryption of web application. My answers to these kind of questions usually lead to awkward looking faces. I always start off asking more questions about the requirements, "Who are you trying to … Continue reading Argument for Database encryption in web apps