On 14/09/2007, at 11:57 AM, Rick Welykochy wrote:
Joe Atzberger wrote:
On 9/13/07, *Rick Welykochy* <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
But it will be hard to turn CGI:Carp on in development and off
in production. Actually, it seems pretty easy to me. use
CGI::Carp qw(fatalsToBrowser);
... # some code ...
fatalsToBrowser(0); # off
... # more code ...
fatalsToBrowser(1); # back on
So you can decide to turn it on or off at runtime conditionally,
based on whatever you want. You wouldn't have to move code around
at all.
Now we are getting somewhere. But we don't want a solution where the
library installer has to edit perl source code, do we?
Suppose my library's security policy is to disallow any errors or
dumps of same to the browser. In this production case, ALL fatals
to browser in all Koha scripts must be disabled.
Rather than forcing the Koha sys admin / installer to edit all the
scripts,
this is my proposal:
in a typical koha_whatever.pl script we have:
use CGI::Carp qw(fatalsToBrowser); # trap errors to error_log
and the browser
:
:
fatalsToBrowser(0) if !Koha::Config->fatalstobrowser; # trap
errors only to error_log if so configured
This enables any Koha implementation to (a) see all fatal errors in
error_log at all times and (b) disable the viewing of same in the
browser
if they see fit.
All that is then needed is a new entry in /etc/koha.conf
fatalstobrowser=1
and all the installer needs to do once testing is complete and the
system
is ready for production (if they want):
fatalstobrowser=0
Which actually takes me back to what I said :)
on the 12/9
"Mason has just suggested to me that we could do it with a syspref.
So you could turn it off if you wanted. (I know there is some school
of thought that exposing errors in the browser is a security risk)."
So not in the config file, but as a syspref then it can be toggled on
and off in the web interface, so if someone is reporting an error,
we can ask them to toggle it on, and cut and paste the error, then
toggle it off. Without having them edit the conf file
Chris
--
Chris Cormack [EMAIL PROTECTED]
VP Research and Development www.liblime.com
LibLime +64 21 542 131
_______________________________________________
Koha-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/koha-devel
