I would like to assign Error Codes to my Error Messages to help with debugging, since two different sources could cause the same/similar Error Type.
Is it insecure to display an Error Code to the User?
// Missing Salt.
echo '<h1>Password Change Failed</h1>';
echo '<p>A Fatal Error occurred. Please contact the System Administrator. <font color='"#FF0000"'>[B](5589)[/B]</font></p>';
And, yeah, I could take them out when I go live, but if they don't give away to much info to hackers, then I'd assume leave them in.
But what do you think?
The question you need to ask yourself here [and for everyone of these random security questions] is "how could this be used to compromise the system?"
In this case, you probably aren't doing anything with the error numbers at all so I doubt it would hurt. There are some cases where exposing error details can hurt -- such as that padding oracle attack that was in the wild over the summer -- but that probably won't get to this level.
Well, my Error-Messages are tailored to Users (and not Developers).
Adding a code would just make it easier to Debug and down the road if a User did have an issue, they could report...
"I am getting this 'A Fatal Error occurred. Please contact the System Administrator. (5589)' error message.