On Wednesday 01 August 2001 09:21, Chris Fry wrote:
> Just set warnings to off in your php.ini - it's on by default
NO NO NO!
On your development machine, set your warning levels to E_ALL in php.ini, and
then fix your code! Every warning message you get represents an opportunity
for a malicious user to find a secutiry hole in your code.
As a general and safe rul, any code which reports warnings when error
reporting is set to E_ALL is just not good enough!
This may mean a lot of work, but it will probably be less than the work
involved in fixing up your system after it has been compromised.
Cheers
--
Phil Driscoll
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
