b2evolution b2evolution

  • Sign in
  • Sign up
  • About
  • Downloads
  • Hosting
  • Docs
  • Support
  • Sign in
  • Sign up
  • Manuals Home
  • Latest Updates
 
  1. b2evolution CMS User Manual
  2. Operations Reference
  3. Security
  4. Exposing PHP Errors to Visitors

Exposing PHP Errors to Visitors

Best practices recommend you do not show any technical error messages to users because if they are malicious, those error messages can help them gain knowledge about the technical details of the server and help them refine an attack strategy.

Thus we recommend you turn off the following variable in your conf files:


$display_errors_on_production = false;

in _advanced.php

If you are not confortable editing your /conf/_advanced.php file, then you could override any variable by adding them to _local.php.

You may ask why it’s not turned off by default? Because if it’s off the unsophisticated users will post errors to the forums without any technical details and it takes more time to get them to retrieve the tech info than to it takes to fix their problem once we have their tech info.

Debug mode

Turning on debug mode on production servers is a very bad idea because it exposes even more data that can be used by hackers. If you need debug info on a production server, set up a debug password and use &debug= in the URL. This way only you can see the debug info (and error messages).

For more information about debug mode, please read this: Debugging

Created by fplanque • Last edit by fplanque on 2020-06-09 00:24 • •

No feedback yet

On this page

  • Debug mode

Search the Manual

Content Hierarchy

  • b2evolution CMS User Manual
  • User's Guide
  • Installation / Upgrade
  • Front-office Reference
  • Back-office Reference
  • Developer Reference
  • Operations Reference
    • Security
      • File Permissions
      • Using SSL
      • Exposing PHP Errors to Visitors
      • Crumbs (nonces)
      • mod_security
      • .htaccess Files
      • Brute force password attacks
      • How to change the location of admin.php
    • Fighting Spam
    • Performance
    • Using Multiple Domains
    • Intranet setup
    • LDAP Integration
    • Troubleshooting
    • Bundled Plugins
  • Advanced Topics
  • Glossary
  • Archives
Social CMS

This online manual is powered by b2evolution CMS – A complete engine for your website.

About b2evolution

  • What is it?
  • Features
  • Getting Started
  • Screenshots
  • Online demo
  • Testimonials
  • Design philosophy
  • Free & open source
  • Terms of service

Downloads

  • Latest releases
  • Skins
  • Plugins
  • Language packs

About us

  • About us
  • Contact

Webhosting Guide

  • Web hosting blog
  • Best web hosting
  • Cheap web hosting
  • Green web hosting
  • Hosting with SSH
  • VPS hosting
  • Dedicated servers
  • Reseller hosting
  • Int'l: UK / France

Docs & Support

  • Online manual
  • Forums
  • Hire a pro !

Other

  • Adsense
  • Press room
  • Privacy policy

Stay in touch

  • GitHub
  • Twitter
  • Facebook
  • LinkedIn
  • News blog
  • RSS feed
  • Atom feed

Founded & Maintained by François Planque