Ah, the Department of State

| No Comments

You spend numerous minutes filling out a multi-page "wizard" for your passport renewal application. You notice that when you click a checkbox somewhere, the whole page pointlessly reloads with the data in the same state. It's annoying, but you carry on.

You notice that when your textfield input exceeds the maximum number of characters allowed, instead of just refusing to accept more characters, this form has some Javascript that erases all your input in that field, so you have to start over. Very annoying, but you carry on.

You notice an error in your input, but when you put your mouse cursor in the field to edit it, all the input disappears, so you have to start over.

By now you'd like to have a talk with the people who coded this application -- even more so, with the people who tested it and declared it production-ready. But you sigh and carry on until the final page, and then...

Server Error in '/' Application. Index was outside the bounds of the array. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.IndexOutOfRangeException: Index was outside the bounds of the array.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[IndexOutOfRangeException: Index was outside the bounds of the array.] WizardManagerForNewForms.processControls(Control control, String FormType) +31109 WizardManagerForNewForms.processControls(Control control, String FormType) +31063 WizardManagerForNewForms.processControls(Control control, String FormType) +31063 WizardManagerForNewForms.UpdateApplicantData(StateBag activeViewState, ControlCollection activeControls, String ApplicantSSN, String ApplicantFirstName, String FormType) +313
[etc]

Version Information: Microsoft .NET Framework Version:2.0.50727.832; ASP.NET Version:2.0.50727.832

Lovely, isn't it? For you non-geeks out there, this type of verbose technical information is often useful to the developers of a program in the course of debugging -- although usually only a couple lines of the strack trace are actually relevant to your problem (the function that dumps the stack trace doesn't know that, so it gives you the whole thing). But you the end user do not know or understand any of this, nor should you. What you should see, if the application pukes, is a polite and vague error message apologizing for the inconvenience, while behind the scenes the technical stuff is saved in a log file or other storage. The geek-speak is just annoying and confusing mumbo-jumbo.

Displaying all the error output is not just bad form. It also leaks internal information that might be useful to a potential attacker. It should be none of our business that State is running Microsoft .NET Framework Version:2.0.50727.832 and ASP.NET Version:2.0.50727.832 and that it bombs when it tries access an array element that does not exist.

Whether it's a .NET issue, or an application-level bug, I gotta go. I have a paper passport renewal application to fill out.

Leave a comment

About this Entry

This page contains a single entry by Professor B published on February 9, 2008 12:21 PM.

Previous: Two true stories.

Next: On being burgled.

Find recent content on the main index or look in the archives to find all content.

Pages

Powered by Movable Type 5.12