report/security/report security check displayerrors: Difference between revisions
Helen Foster (talk | contribs) (security overview report template) |
No edit summary |
||
Line 1: | Line 1: | ||
{{Security overview report}}If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on. | {{Security overview report}}If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on. | ||
If you go to '''Administration|Reports|Security overview''', displaying of PHP errors status is Warning. | If you go to '''Administration|Reports|Security overview''', displaying of PHP errors status is Warning. | ||
on your web server, locate php.ini, open it in wordpad and search for "'''display_errors'''". Ensure that it is set to "'''display_errors = Off'''" and then save. If this is on a hosted webserver (e.g. network solutions), insert "'''display_errors = Off'''" into the php.ini or call them for instructions (took 2 minutes) on how to do it. Very simple to modify. (by '''opconxps''' guam) | on your web server, locate php.ini, open it in wordpad and search for "'''display_errors'''". Ensure that it is set to "'''display_errors = Off'''" and then save. If this is on a hosted webserver (e.g. network solutions), insert "'''display_errors = Off'''" into the php.ini or call them for instructions (took 2 minutes) on how to do it. Very simple to modify. (by '''opconxps''' guam) | ||
Please note it is not enough to change debugging level in Moodle settings because we need to prevent errors in scripts that are not supposed to be accessed directly. | |||
==See also== | ==See also== |
Revision as of 12:17, 17 January 2012
If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.
If you go to Administration|Reports|Security overview, displaying of PHP errors status is Warning. on your web server, locate php.ini, open it in wordpad and search for "display_errors". Ensure that it is set to "display_errors = Off" and then save. If this is on a hosted webserver (e.g. network solutions), insert "display_errors = Off" into the php.ini or call them for instructions (took 2 minutes) on how to do it. Very simple to modify. (by opconxps guam)
Please note it is not enough to change debugging level in Moodle settings because we need to prevent errors in scripts that are not supposed to be accessed directly.
See also
- Using Moodle Security and Privacy forum
- Using upgrade to 1.9.2 has PHP setting display_errors message Moodle forum discussion