On Thu, Jun 13, 2019, 10:36 Lester Caine <les...@lsces.uk> wrote: > On 13/06/2019 08:55, Andreas Heigl wrote: > >> display_errors=Off in production. > > Which give a white screen ... fine for security but useless for people > using the site! >
Error logging is how this is to be approached. Personally I STILL use display_errors=on and just make sure that > sensitive information is not displayed in the stack. Most of the time it > IS just the warnings one gets and clients can report them and see they > are cleared ... so some sort of middle ground between off and on would > be helpful? > Logging, logging, logging. Displaying traces just gives malicious third parties a tasty data exfiltration endpoint.