Note: You are currently viewing documentation for Moodle 2.6. Up-to-date documentation for the latest stable version of Moodle may be available here: report/security/report security check displayerrors.

report/security/report security check displayerrors: Difference between revisions

From MoodleDocs
m (French link)
(security overview report template)
Line 1: Line 1:
If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.  
{{Security overview report}}If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.  


(Can someone add instructions on where to turn this off please).
(Can someone add instructions on where to turn this off please).
Line 13: Line 13:
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
* Using Moodle [http://moodle.org/mod/forum/view.php?id=7301 Security and Privacy forum]
* Using [http://moodle.org/mod/forum/discuss.php?d=101761 upgrade to 1.9.2 has PHP setting display_errors message] Moodle forum discussion
* Using [http://moodle.org/mod/forum/discuss.php?d=101761 upgrade to 1.9.2 has PHP setting display_errors message] Moodle forum discussion
[[Category:Security]]


[[eu:report/security/report_security_check_displayerrors]]
[[eu:report/security/report_security_check_displayerrors]]
[[fr:report/security/report security check displayerrors]]
[[fr:report/security/report security check displayerrors]]

Revision as of 11:24, 17 January 2012

If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.

(Can someone add instructions on where to turn this off please).

If you go to Administration > Server > Debugging and set "Debug messages" to NONE and "Display debug messages" to NO you should be on the safe side. (If this instruction is correct it should be included in the Security Overview report.) --Frank Ralf 11:28, 7 November 2009 (UTC)


If you go to Administration|Reports|Security overview, displaying of PHP errors status is Warning. on your web server, locate php.ini, open it in wordpad and search for "display_errors". Ensure that it is set to "display_errors = Off" and then save. If this is on a hosted webserver (e.g. network solutions), insert "display_errors = Off" into the php.ini or call them for instructions (took 2 minutes) on how to do it. Very simple to modify. (by opconxps guam)

See also