hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : howto: prevent php/mysql errors from being displayed in your site
Reply

Forum Jump

howto: prevent php/mysql errors from being displayed in your site

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 07-23-2004, 06:38 AM
OscarG OscarG is offline
New Member
 
Join Date: Jul 2004
Location: Madrid, Spain
Posts: 0

howto: prevent php/mysql errors from being displayed in your site


i noticed many sites show ugly messages to their visitors when there is some php/mysql error... sometimes this error messages contains information which may be useful for atackers: physical paths, sql sentences, etc...

in order to avoid errors from being displayed on your site you can do the following changes on php.ini file:

1) as the comment in default php.ini says, turn off "display_errors".

Code:
; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = Off
2) turn "log_errors" on, again following php.ini recomendation.

Code:
; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
log_errors = On
3) make sure "html_errors" is off, because we dont need HTML formated errores in our log file.

Code:
; Disable the inclusion of HTML tags in error messages.
html_errors = Off
4) and finally specify a file to log errors on.

Code:
; Log errors to specified file.
error_log = /var/log/php.err
i hope this helps someone



Sponsored Links
  #2  
Old 08-24-2004, 04:42 PM
one1coolone1 one1coolone1 is offline
Junior Guru Wannabe
 
Join Date: Apr 2004
Posts: 42
I am going to try it. Thanks.

__________________
<b> ? </b>

  #3  
Old 09-11-2004, 12:44 PM
rois rois is offline
Web Hosting Master
 
Join Date: Apr 2004
Posts: 961
So what happens when an error occurs? it will just show a blank page?

Sponsored Links
  #4  
Old 09-11-2004, 11:47 PM
Codename49 Codename49 is offline
Newbie
 
Join Date: Mar 2002
Posts: 16
Yes. If you don't want that, there is also one other workaround.. write your own error handling function which shows a fancy error message and set it up as a prepend file.

  #5  
Old 09-12-2004, 02:01 AM
kuato kuato is offline
Junior Guru Wannabe
 
Join Date: Sep 2004
Posts: 34
Nice post, OscarG.

I only have one problem. No matter what file I specify for error_log like in your example

; Log errors to specified file.
error_log = /var/log/php.err

it ignores /var/log/php.err and the errors always get sent to my apache error_log file.

One thing that works is to set it on startup in a php script like

Code:
<?php

ini_set('error_log', '/tmp/php.err');

?>
But that of course is on a per script basis. I'd rather have the error_log work for me inside my /etc/php.ini file but I'm not sure why it just sends them all to my apache error_log.

  #6  
Old 09-16-2004, 05:32 AM
Robcau Robcau is offline
Newbie
 
Join Date: Sep 2004
Location: Brugge - Belgium
Posts: 27
I think the meaning of an errormessage is to let you know there is something wrong, by me i always try it local and after i put it public so where is the problem for attackers?

__________________
Greetings,
Robin Cauwenbergh
http://www.netdistri.eu
http://blog.cauwenbergh.be

Reply

Related posts from TheWhir.com
Title Type Date Posted
Washington Mulls Visa Restrictions to Prevent Chinese Nationals from Attending Popular US Hacking Conferences Web Hosting News 2014-05-27 11:15:49
Google Releases Hosted Database Service Cloud SQL to General Availability Web Hosting News 2014-02-12 13:46:02
Google Cloud Provides Support For Native MySQL Connections Web Hosting News 2013-11-01 14:36:06
Web Hosting Sales and Promos Roundup - September 20, 2013 Web Hosting News 2014-05-23 15:42:47
PHP And MySQL Scaling: Preparing A Startup For Growth Blog 2014-04-24 13:27:35


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?