Why you should set display_errors to off

set display_errors=off, please

Avatar-Foto

Von Björn Schotte

Björn Schotte ist geschäftsführender Gesellschafter der Mayflower GmbH und Senior Consultant im Umfeld von Software- und Agilen Organisations-Themen. Er twittert unter @BjoernSchotte und ist auf Xing sowie LinkedIn erreichbar. Seine Vorträge finden sich bei Slideshare.

4 Kommentare

  1. Hi Bjoern, sorry, but this sounds a little bit like public denouncement of _one_ of thousands pages with PHP errors that are indexed by Google.

    And the direct Chorizo link smells a little bit like advertising. I don’t know if Planet PHP (which is very popular) is the right place?!

    Just my personal opinion :)

    1. Hi Soenke,

      well, it was the result of doing a search yesterday in the evening. I didn’t comment anything more because I thought the result on the image is self-speaking.

      Björn.

    2. Well, while I don’t exactly disagree. I feel that the need to know security and best security practices gives the right to advertise as much as possible.

      Would you rather have a hacker come and have to search for the link, or have it accessible from your nearest PHP planet? If you didn’t know the scanner existed how would know to search for it? Unless a forum mentioned it and you asked at a forum. Such things to ponder.

      The service is a good one and so I guess is the self explanatory advice.

      1. Hi Santos,

        1. I don’t disagree with you that there’s a need to show best practices, but I don’t like the way of doing it with a public denouncement of ONE special site on a highly spreaded and popular feed. This is somehow like disclosing a security hole directly to the public without contacting the vendor before.
        2. I don’t like the direct link to Chorizo because it’s pure advertisement of the own commercial product. The link should IMHO intuitionally point to the Google search result or the PHP manual.
        3. Chorizo was announced several times before on Planet PHP:

        http://blog.thinkphp.de/archives/142-Understanding-successful-tracing-of-security-vulnerabilities.html
        http://blog.thinkphp.de/archives/141-SQL-injections-for-dummies-and-how-to-fix-them-Update.html
        http://blog.thinkphp.de/archives/140-Detect-and-fix-security-vulnerabilities-on-server-side-within-seconds..html
        http://blog.thinkphp.de/archives/135-The-proxy-mode-of-Chorizo-and-a-sneak-peak-to-Morcilla,-Chorizos-little-sister..html
        http://blog.thinkphp.de/archives/130-Stacking-up-the-free-accounts-recursive-scans.html
        http://blog.thinkphp.de/archives/128-3,500-users-in-2-days.-Awaiting-the-birth-of-the-bloody-alien-sausage..html
        http://blog.thinkphp.de/archives/126-Commoditizing-PHP-security.html

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert