display_errors = off

This is your annual warning to make sure that the new version of PHP you installed on your public server doesn’t have display_errors set to “on” in the config file. If you want to show errors while developing, add the following to a config file that you require in the top of each PHP script:

<?php
	ini_set(\'display_errors\', \'on\');
	error_reporting(E_ALL);
?>

That turns on every warning, notice, error, etc. that you could possibly want to know about. On your private development server (or your Mac) this is useful stuff to have blowing up in your face – it will make you a better coder. But before you deploy in public, removing this include file (or commenting out its contents) will turn reporting back off*. Errors are the life-blood of the black-hat hacker – they help fingerprint the server, identify known points of weakness, and are the un-latched back window they may need to get in.

Walter

*In some cases, you may not be able to turn off this setting. If that’s true, first, change the line to ini_set(\'display_errors\', \'off\'); and second, go shopping for a new host that cares about security!


dynamo mailing list
email@hidden
Update your subscriptions at:
http://freewaytalk.net/person/options