Hi, I too am in favor of a mechanism to strip out sensitive data from error messages. But Lester, man, you have it all backwards ...
On Thu, Jun 13, 2019 at 11:37 AM Lester Caine <les...@lsces.uk> wrote: > > On 13/06/2019 08:55, Andreas Heigl wrote: > >> display_errors=Off in production. > > Which give a white screen ... fine for security but useless for people > using the site! > People using the site are not there to debug it. Whether they see a white screen or an unhandled error that was never meant for them to see, it's still bad user experience and of no use to anybody. > Personally I STILL use display_errors=on and just make sure that > sensitive information is not displayed in the stack. Most of the time it > IS just the warnings one gets and clients can report them and see they > are cleared ... so some sort of middle ground between off and on would > be helpful? > You have logs to see the errors; relying on your users to report the actual error messages to you is the worst way to do it. Cheers, Andrey. -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
