« Compressing Web Output with gzip
Using HTTP Basic Authentication »

Hiding Error Messages from Users

Set the following values in your php.ini or web server configuration file:
display_errors =off
log_errors =on
These settings tell PHP not to display errors as HTML to the browser but to put
them in the server’s error log.
When log_errors is set to on,error messages are written to the server’s error log. If
you want PHP errors to be written to a separate file,set the error_log configuration
directive with the name of that file:
error_log = /var/log/php.error.log


If error_log is set to syslog,PHP error messages are sent to the system logger using
syslog(3) on Unix and to the Event Log on Windows NT.
There are lots of error messages you want to show your users,such as telling them
they’ve filled in a form incorrectly,but you should shield your users from internal
errors that may reflect a problem with your code. There are two reasons for this.
First,these errors appear unprofessional (to expert users) and confusing (to novice
users). If something goes wrong when saving form input to a database,check the
return code from the database query and display a message to your users apologizing
and asking them to come back later. Showing them a cryptic error message
straight from PHP doesn’t inspire confidence in your web site.
Second,displaying these errors to users is a security risk. Depending on your database
and the type of error,the error message may contain information about how to
log in to your database or server and how it is structured. Malicious users can use
this information to mount an attack on your web site.
For example,if your database server is down,and you attempt to connect to it with
mysql_connect(), PHP generates the following warning:
<br>
<b>Warning</b>: Can't connect to MySQL server on 'db.example.com' (111) in
<b>/www/docroot/example.php</b> on line <b>3</b><br>
This is the Title of the Book, eMatter Edition
If this warning message is sent to a user’s browser,he learns that your database
server is called db.example.com and can mount an attack on it.

Tags: , , ,

This entry was posted on Friday, March 7th, 2008 at 12:07 pm and is filed under PHP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply