Error messages always take a bit of thought to get right. You need to have the right amount of detail in them, and that level of detail’s different depending on where the message is going.
Depending on the verbosity level you’re wanting, error messages to logs should have timestamp info, call stack traces, etc., and of course information specific about the error condition itself such as actual vice expected states or data. You’ll need that level of detail when you’re trying to troubleshoot the condition.
Error message to users shouldn’t include any of that information because it will overwhelm the user and possibly expose too much info about your system, thereby creating a security risk. That said, you do need to tell the user some useful information — unlike the error message I’m staring at from GMail’s signup screen where I’m trying to enter my initial information. I’ve put in a couple different passwords and am rewarded with a red bit of text which merely says “The password you gave is incorrect.”
OK, so I’m not a rocket scientist, but this is not particularly helpful. The password doesn’t meet their minimum standards and they aren’t nice enough to tell me what those standards are. Is the password too short? Does it contain illegal characters? Does it not contain required characters? What are the required types of characters, and how many do I need?
Do yourself and your users a favor. Don’t leave them hanging with vague error messages. Put a little thought into the messages you’re creating when something’s gone south.
1 comment:
It still does the same thing. I'm 15 minutes into trying to find an acceptable combination of letters and numbers that is not "incorrect".
Post a Comment