Thread: Security in PHP
View Single Post
  #149 (permalink)  
Old 04-23-2008, 11:57 PM
Jeyaseelansarc Jeyaseelansarc is offline
D-Web Genius
  
Join Date: Mar 2007
Location: Chennai
Posts: 1,162
Jeyaseelansarc is on a distinguished road
Send a message via AIM to Jeyaseelansarc
Default Re: Security in PHP
Errors are very helpful when debugging but could also reveal too much information. So display_errors should be turned off when deploying an application. Errors are needed if a bug in the production version pops up. It is possible to log errors to a file or syslog with the log_errors and error_log settings. The developer should get the bug, not the user.

It's also good practice to log all failed and successfuly authentication attempts.
__________________
With,
J. Jeyaseelan
Everything Possible
Reply With Quote