1
00:00:00,237 --> 00:00:02,520
Instructor: The last group of status codes

2
00:00:02,520 --> 00:00:06,630
we will discuss is a 500 server error.

3
00:00:06,630 --> 00:00:08,853
The most common status code in this group

4
00:00:08,853 --> 00:00:12,810
is a 500 internal server error.

5
00:00:12,810 --> 00:00:16,110
What this status means is that something bad happened

6
00:00:16,110 --> 00:00:18,100
while processing the request

7
00:00:18,100 --> 00:00:21,600
and therefore the request could not be complete.

8
00:00:21,600 --> 00:00:25,470
Now, note that this status does not explain specifically

9
00:00:25,470 --> 00:00:27,420
what exactly happened.

10
00:00:27,420 --> 00:00:30,510
It just said that something bad happened.

11
00:00:30,510 --> 00:00:35,130
So the client actually can do nothing about it.

12
00:00:35,130 --> 00:00:36,990
Now, this is actually a good thing

13
00:00:36,990 --> 00:00:40,740
because exposing to the client what was the exact problem

14
00:00:40,740 --> 00:00:42,814
poses a security risk.

15
00:00:42,814 --> 00:00:46,260
Because if, for example, you will notify the client

16
00:00:46,260 --> 00:00:49,470
that some SQL statement did not succeed,

17
00:00:49,470 --> 00:00:53,430
then now the client knows what SQL statements you are using

18
00:00:53,430 --> 00:00:56,160
to access the database and he can exploit it

19
00:00:56,160 --> 00:00:59,700
to gain access to some unauthorized resources.

20
00:00:59,700 --> 00:01:03,240
So the 500 is used to notify the client

21
00:01:03,240 --> 00:01:04,980
that something bad happened,

22
00:01:04,980 --> 00:01:07,496
and right now there is nothing the client can do

23
00:01:07,496 --> 00:01:09,330
to mitigate this problem.

24
00:01:09,330 --> 00:01:12,030
This is in contrast to the 400 group

25
00:01:12,030 --> 00:01:15,570
where the client should do something about the error.

26
00:01:15,570 --> 00:01:18,780
So if the error was that the user is not authorized,

27
00:01:18,780 --> 00:01:21,420
then the user should authorize himself.

28
00:01:21,420 --> 00:01:23,940
But again, with the 500 error,

29
00:01:23,940 --> 00:01:26,962
there is nothing required for the client to do.

30
00:01:26,962 --> 00:01:31,050
Now the 500 status is used with all verbs

31
00:01:31,050 --> 00:01:33,270
and all the four verbs we discussed,

32
00:01:33,270 --> 00:01:38,270
the get, put, post and delete can return 500.

33
00:01:38,340 --> 00:01:42,120
There are some more status codes in the 500 group,

34
00:01:42,120 --> 00:01:44,365
but actually they're usually not used

35
00:01:44,365 --> 00:01:47,880
or are very low level and you should not use them.

36
00:01:47,880 --> 00:01:51,306
So stick to the 500 status code and return it

37
00:01:51,306 --> 00:01:55,443
when something bad happened during processing the requests.