php-general Digest 26 Dec 2011 12:04:32 -0000 Issue 7623
Topics (messages 316094 through 316096):
Re: Error Reporting
316094 by: Jim Lucas
Re: Question regarding passwords/security
316095 by: Curtis Maurand
Alternative session control system
316096 by: Francisco M. Marzoa Alonso
Administrivia:
To subscribe to the digest, e-mail:
[email protected]
To unsubscribe from the digest, e-mail:
[email protected]
To post to the list, e-mail:
[email protected]
----------------------------------------------------------------------
--- Begin Message ---
On 12/23/2011 8:13 AM, Floyd Resler wrote:
> I know this is a very basic question and I'm almost embarrassed to ask it,
> but it's something I really struggle with. That is, getting the right
> combination of error reporting options together to report the errors I want.
> Right now, I get the errors I want except for parse errors. Basically, I
> want all errors but not warnings. What would be a good combination of error
> report options for my php.ini file?
>
> Thanks!
> Floyd
>
>
I run this on my server:
error_reporting = E_ALL
display_errors = On
log_errors = On
It shows me everything, including warnings.
If you want to hide the Warning, then you would use this
error_reporting = E_ALL & ~E_NOTICE
display_errors = On
log_errors = On
E_NOTICE includes warnings.
Reference here: http://us.php.net/manual/en/errorfunc.constants.php
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
http://www.bendsource.com/
--- End Message ---
--- Begin Message ---
Store everything in the database in an encrypted form.
Stuart Dallas wrote:
> On 22 Dec 2011, at 19:34, Paul M Foster
wrote:
>
>> I have concerns that the items in a
session buffer can be copied and
>> used to spoof legitimate
logins. This is harder to do when the info is
>> held in a
database.
>
> Storing stuff in a database is no more
secure, it simply requires one
> single extra step... finding the
DB credentials in the source code. Given
> that the only way a
user could read session data (assuming you're using
> the default
session handler, i.e. file-based) is if they have access to
>
those files.
>
> If they do have access to those files
they almost certainly also have
> access to your source code
(since the web user must be able to read both),
> especially if
you're using a shared host. If you're using a dedicated
> server
then you should address the reason you're worried about people
>
having access to session files first.
>
> -Stuart
>
> --
> Stuart Dallas
> 3ft9 Ltd
>
http://3ft9.com/
> --
> PHP General Mailing List
(http://www.php.net/)
> To unsubscribe, visit:
http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Hello,
I need an alternative session control system different from the PHP
standard one, that does not need to use the headers, because it's for a
series of scripts that will be accessed through AJAX javascript code
inserted in different places of a web page which headers I do not
control, so I cannot do an start_session before headers sent or
setcookies neither.
I have an idea on how to solve this, based on client IP, but if there is
something done yet, I do not want to reinvent the wheel from scratch.
Thanks a lot in advance,
--- End Message ---
