From: Zeev Suraski <zeev@php.net>
Date: Sat, 26 Aug 2000 14:25:47 +0000 (+0000)
Subject: Advise people to use error logging instead of error displaying on production web... 
X-Git-Tag: php-4.0.2~55
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6a8440fb7097713d3af9013481ebe4d967bf3fd1;p=php

Advise people to use error logging instead of error displaying on production web sites
---

diff --git a/php.ini-dist b/php.ini-dist
index c7585c2ff0..e6c6190478 100644
--- a/php.ini-dist
+++ b/php.ini-dist
@@ -161,8 +161,15 @@ memory_limit = 8388608		; Maximum amount of memory a script may consume (8MB)
 ; error_reporting = E_ALL & ~E_NOTICE						; show all errors, except for notices
 ; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR	; show only errors
 error_reporting	=	E_ALL & ~E_NOTICE		; Show all errors except for notices
-display_errors	=	On	; Print out errors (as a part of the HTML script)
+display_errors	=	On	; Print out errors (as a part of the output)
+						; For production web sites, you're strongly encouraged
+						; to turn this feature off, and use error logging instead (see below).
+						; Keeping display_errors enabled on a production web site may reveal
+						; security information to end users, such as file paths on your Web server,
+						; your database schema or other information.
 log_errors		=	Off	; Log errors into a log file (server-specific log, stderr, or error_log (below))
+						; As stated above, you're strongly advised to use error logging in place of
+						; error displaying on production web sites.
 track_errors	=	Off	; Store the last error/warning message in $php_errormsg (boolean)
 ;error_prepend_string = "<font color=ff0000>"   ; string to output before an error message
 ;error_append_string = "</font>"                ; string to output after an error message
diff --git a/php.ini-optimized b/php.ini-optimized
index 339cb411a1..917f81664f 100644
--- a/php.ini-optimized
+++ b/php.ini-optimized
@@ -148,8 +148,15 @@ memory_limit = 8388608		; Maximum amount of memory a script may consume (8MB)
 ; error_reporting = E_ALL & ~E_NOTICE						; show all errors, except for notices
 ; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR	; show only errors
 error_reporting	=	E_ALL & ~E_NOTICE		; Show all errors except for notices
-display_errors	=	On	; Print out errors (as a part of the HTML script)
+display_errors	=	On	; Print out errors (as a part of the output)
+						; For production web sites, you're strongly encouraged
+						; to turn this feature off, and use error logging instead (see below).
+						; Keeping display_errors enabled on a production web site may reveal
+						; security information to end users, such as file paths on your Web server,
+						; your database schema or other information.
 log_errors		=	Off	; Log errors into a log file (server-specific log, stderr, or error_log (below))
+						; As stated above, you're strongly advised to use error logging in place of
+						; error displaying on production web sites.
 track_errors	=	Off	; Store the last error/warning message in $php_errormsg (boolean)
 ;error_prepend_string = "<font color=ff0000>"   ; string to output before an error message
 ;error_append_string = "</font>"                ; string to output after an error message
diff --git a/php.ini-recommended b/php.ini-recommended
index 339cb411a1..917f81664f 100644
--- a/php.ini-recommended
+++ b/php.ini-recommended
@@ -148,8 +148,15 @@ memory_limit = 8388608		; Maximum amount of memory a script may consume (8MB)
 ; error_reporting = E_ALL & ~E_NOTICE						; show all errors, except for notices
 ; error_reporting = E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR	; show only errors
 error_reporting	=	E_ALL & ~E_NOTICE		; Show all errors except for notices
-display_errors	=	On	; Print out errors (as a part of the HTML script)
+display_errors	=	On	; Print out errors (as a part of the output)
+						; For production web sites, you're strongly encouraged
+						; to turn this feature off, and use error logging instead (see below).
+						; Keeping display_errors enabled on a production web site may reveal
+						; security information to end users, such as file paths on your Web server,
+						; your database schema or other information.
 log_errors		=	Off	; Log errors into a log file (server-specific log, stderr, or error_log (below))
+						; As stated above, you're strongly advised to use error logging in place of
+						; error displaying on production web sites.
 track_errors	=	Off	; Store the last error/warning message in $php_errormsg (boolean)
 ;error_prepend_string = "<font color=ff0000>"   ; string to output before an error message
 ;error_append_string = "</font>"                ; string to output after an error message