report/security/report security check displayerrors: Difference between revisions
From MoodleDocs
Frank Ralf (talk | contribs) No edit summary |
Frank Ralf (talk | contribs) No edit summary |
||
| Line 3: | Line 3: | ||
(Can someone add instructions on where to turn this off please). | (Can someone add instructions on where to turn this off please). | ||
: If you go to ''Administration > Server > Debugging'' and set "Debug messages" to NONE and "Display debug messages" to NO you should be on the save side. If this instruction is correct it should be included in the Security Overview report. --[[User:Frank Ralf|Frank Ralf]] 11:28, 7 November 2009 (UTC) | : If you go to ''Administration > Server > Debugging'' and set "Debug messages" to NONE and "Display debug messages" to NO you should be on the save side. (If this instruction is correct it should be included in the Security Overview report.) --[[User:Frank Ralf|Frank Ralf]] 11:28, 7 November 2009 (UTC) | ||
Revision as of 11:29, 7 November 2009
If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.
(Can someone add instructions on where to turn this off please).
- If you go to Administration > Server > Debugging and set "Debug messages" to NONE and "Display debug messages" to NO you should be on the save side. (If this instruction is correct it should be included in the Security Overview report.) --Frank Ralf 11:28, 7 November 2009 (UTC)
See also
- Using Moodle Security and Privacy forum
- Using upgrade to 1.9.2 has PHP setting display_errors message Moodle forum discussion
