One of those things might allow attacker to get access to data they should not have access to or to run arbitrary code on your server. The other does not.
For many use cases, blowing up loudly is strongly preferable to silently doing the wrong thing. Especially in the presence of hostile actors, who are trying to use your out -of-bounds error for their own gain.
One of those things might allow attacker to get access to data they should not have access to or to run arbitrary code on your server. The other does not.
For many use cases, blowing up loudly is strongly preferable to silently doing the wrong thing. Especially in the presence of hostile actors, who are trying to use your out -of-bounds error for their own gain.
For many other use cases it is not. Imagine a smartphone randomly turning itself off. Nobody can possibly debug this.