[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Jonathan Roberts wrote: > > Goto the shop and just add something to the cart and you'll see it in > the sidebar. The weird thing is everything works fine, it just looks > *ugly*, even if I could just hide the error that would be cool :D PHP should be deployed with settings; display_errors = Off log_errors = On I'm guessing you see the errors because display_errors in "On", which is a good way of leaking important data to random surfers, and in some cases Google. In Debian these days these setting go in /etc/php5/apache2/php.ini, best always to test they have taken effect, as the number of php.ini files seems to grow quickly with time. Not having these settings implies that the PHP configuration is not based of the "php.ini-recommended" file shipped with PHP, which mean it may also be missing other security settings. Simon, who recently had to compare php.ini-recommended with one of works servers, note all differences, and pull out the ones that actually matter for security, from those that aren't so crucial, since it has similar issues.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html