---
title: Return Generic Error Messages
impact: HIGH
impactDescription: prevents information disclosure
tags: error-messages, information-disclosure, security, csharp
---

## Return Generic Error Messages

Don't leak stack traces or internal details to users.

**Incorrect (Dev Exception Page in Prod):**

```csharp
// Startup.cs
app.UseDeveloperExceptionPage(); // Dangerous in Prod
```

**Correct (Generic Error Handler):**

```csharp
if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}
else
{
    app.UseExceptionHandler("/Error");
}
```

**Tools:** ASP.NET Core Middleware