I was just listening to the latest .NET Rocks! Show featuring Brad Abrams and Joel Pobar. I have been a fan of Brad and his blog since just before PDC 2003. Go listen to the show if you are interested in the CLR.

Brad was talking about a dev on the CLR team putting in a YouMoronException for a rare pathological error case. This reminded me of a YouBastardException that I defined in one of my first .NET projects a couple of years ago. This type was thrown when somebody deliberately tried to hack the application by passing invalid parameters. The application (an Intranet application) is still up and running and I can still trigger this exception type by messing with the query string in the URL. However the name of the exceptiontype will only show up in the logfile and not in the error page shown to the user.

Recently somebody asked me if I had included a similar exception in my current project. The answer was, no I didn't. You better not do this in an Internet facing application. Showing track traces to the user should be turned off, but a configuration error is easy to make. I have settled for the more neutrally named InvalidParameterException this time 😉

One thought on “YouB***stardException

Leave a Reply

Your email address will not be published. Required fields are marked *