Verbose error messages should be able to be disabled on production environments
A for , submitted by nickdunn on 19 July 2010
Announcement
Symphony's issue tracker has been moved to Github.
Issues are displayed here for reference only and cannot be created or edited.
Browse
Closed#360: Verbose error messages should be able to be disabled on production environments
http://github.com/symphony/symphony-2/commit/845c656b3746bbd00879e90aa182eb3dc8dc28e8
Production sites should also have php_value display_errors off
in the .htaccess
Bravo, thx.
What will be visible to the visitors when an error occurs?
Depends on the error. If it’s a warning, the site will continue to render. If it’s a fatal error, they will either see the plain PHP error or see a blank page if you disabled errors.
I tried to find a way to instead kick to a Symphony generated 500 or 404, however errors are a tricky thing and I couldn’t see an easy way to do this in 2.x
In the end, the main goal became to hide all that potentially sensitive information (backtraces of code and DB) from non-authenticated vistors.
The solution looks fine for me. Thanks, Alistair.
This issue is closed.
There should be a configuration setting to disable the verbose error handler page when deploying to production environments.
http://www.getsymphony.com/discuss/thread/47534/1/#position-11
I’m inclined to agree.