On Wed, Mar 09, 2005 at 11:55:01PM +0100, Stefan Fritsch wrote: > > ! On a production system error logs on the browser output have to > > be disabled ! > > It is lije keeping development backdoors on a production release > > ... > > > > If debian php does it by default , please reassign the bug to it > > but i don't remenber it doing it , can you check ? > > No, unfortunately I don't have a php-installation where I can check > it. I just went through the new CANs. > > Anyway, I don't know what I was thinking when I filed the report. > Disclosure of the installation path is of course not an issue in > Debian. For the record:
; Print out errors (as a part of the output). For production web sites, ; you're strongly encouraged to turn this feature off, and use error logging ; instead (see below). Keeping display_errors enabled on a production web site ; may reveal security information to end users, such as file paths on your Web ; server, your database schema or other information. display_errors = On -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]