[nycphp-talk] Basic security question
Chris Shiflett
shiflett at php.net
Sat Jul 17 02:47:30 EDT 2004
--- Hans Zaunere <hans not junk at nyphp.com> wrote:
> I proudly run .php extensions, default error messages, and the
> X-Powered-By: PHP HTTP header.
I agree with everything Hans said (of course), but I'm not sure one should
be so proud about displaying error messages. :-)
Kidding aside, I think it's pretty easy to set display_errors to Off and
log_errors to On. I'm as guilty as anyone else about not adhering to my
own suggestions sometimes, but if you're concerned about giving away too
much information, I think error messages are the first place to be
looking.
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
More information about the talk
mailing list