“Verbose error messages should be able to be disabled on production environments” – Issues – Discuss

Verbose error messages should be able to be disabled on production environments

A for , submitted by nickdunn on 19 July 2010

Announcement

Symphony's issue tracker has been moved to Github.

Issues are displayed here for reference only and cannot be created or edited.

Browse

Closed#360: Verbose error messages should be able to be disabled on production environments

- nickdunn
- Comment #1
- 19 Jul 10, 9:08 pm

There should be a configuration setting to disable the verbose error handler page when deploying to production environments.

http://www.getsymphony.com/discuss/thread/47534/1/#position-11

I think this a very good idea! I even think that being unable to switch off those verbose errors resp. warnings should be treated as a bug.

I’m inclined to agree.

- Alistair
- Comment #2
- 20 Jul 10, 7:50 pm

http://github.com/symphony/symphony-2/commit/845c656b3746bbd00879e90aa182eb3dc8dc28e8

Production sites should also have php_value display_errors off in the .htaccess

- nickdunn
- Comment #3
- 21 Jul 10, 5:37 pm

Bravo, thx.

- Nils
- Comment #4
- 21 Jul 10, 11:23 pm

What will be visible to the visitors when an error occurs?

- Alistair
- Comment #5
- 22 Jul 10, 12:20 pm

Depends on the error. If it’s a warning, the site will continue to render. If it’s a fatal error, they will either see the plain PHP error or see a blank page if you disabled errors.

I tried to find a way to instead kick to a Symphony generated 500 or 404, however errors are a tricky thing and I couldn’t see an easy way to do this in 2.x

In the end, the main goal became to hide all that potentially sensitive information (backtraces of code and DB) from non-authenticated vistors.

- michael-e
- Comment #6
- 23 Jul 10, 2:13 am

The solution looks fine for me. Thanks, Alistair.

This issue is closed.

Symphony.