Yes, you should be trapping errors that occur in Web sites and applications – and report back to the parties concerned with the error condition.
It is good for your users, whose expectations should be managed and whose patience may be slim, even if you have a great site architecture/navigation/search/etc (older research suggests a 95% site abandon rate on an HTTP error, which feels right for an e-commerce site but is probably high for a B2B site or business application; of course, keeping all users on track is never a bad thing, even if the abandon rate is half that).
It is equally good for you to track these errors on the Web server side as well and feed this info back into your development process to continually improve user experience and increase application efficiency.
But it ain’t good if your displayed error messages tell hackers what you are doing from a security perspective. Don’t be too nice or too descriptive in error handling messages on the public side, or you may be exposing a larger attack surface to hackers…
This excellent article by SPI Dynamics explores the topic in detail:
http://www.securitypark.co.uk/article.asp?articleid=25746&CategoryID=1
- Port80