report/security/report security check displayerrors: Skillnad mellan sidversioner

Från MoodleDocs
Hoppa till:navigering, sök
Main pageManaging a Moodle siteSecuritySecurity overview reportreport/security/report security check displayerrors
Security
mIngen redigeringssammanfattning
(→‎See also: copied from 2.4 docs)
 
(6 mellanliggande sidversioner av 4 användare visas inte)
Rad 1: Rad 1:
If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.  
{{Security overview report}}If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.  


(Can someone add instructions on where to turn this off please).
If you go to ''Settings > Site administration > Reports > Security overview'', displaying of PHP errors status is Warning. 
on your web server, locate php.ini, open it in wordpad and search for "'''display_errors'''".  Ensure that it is set to "'''display_errors = Off'''" and then save.  If this is on a hosted webserver (e.g. network solutions), insert "'''display_errors = Off'''" into the php.ini or call them for instructions (took 2 minutes) on how to do it.  Very simple to modify.


: If you go to ''Administration > Server > Debugging'' and set "Debug messages" to NONE and  "Display debug messages" to NO you should be on the safe side. (If this instruction is correct it should be included in the Security Overview report.) --[[User:Frank Ralf|Frank Ralf]] 11:28, 7 November 2009 (UTC)
Please note it is not enough to change debugging level in Moodle settings because we need to prevent errors in scripts that are not supposed to be accessed directly.
 
 
edit by opconxps
on your web server, locate php.ini, open it in wordpad and search for "'''display_errors'''".  Ensure that it is set to "'''display_errors = Off'''" and then save.  If this is on a hosted webserver (e.g. network solutions), insert "display_errors = Off" into the php.ini or call them for instructions.  Very simple to modify.


==See also==
==See also==
Rad 14: Rad 11:
* Using [http://moodle.org/mod/forum/discuss.php?d=101761 upgrade to 1.9.2 has PHP setting display_errors message] Moodle forum discussion
* Using [http://moodle.org/mod/forum/discuss.php?d=101761 upgrade to 1.9.2 has PHP setting display_errors message] Moodle forum discussion


[[Category:Security]]
[[es:report/security/report_security_check_displayerrors]]
 
[[eu:report/security/report_security_check_displayerrors]]
[[eu:report/security/report_security_check_displayerrors]]
[[fr:report/security/report security check displayerrors]]

Nuvarande version från 19 april 2013 kl. 11.17

If PHP is set to display errors, then anyone can enter a faulty URL causing PHP to give up valuable information about directory structures and so on.

If you go to Settings > Site administration > Reports > Security overview, displaying of PHP errors status is Warning. on your web server, locate php.ini, open it in wordpad and search for "display_errors". Ensure that it is set to "display_errors = Off" and then save. If this is on a hosted webserver (e.g. network solutions), insert "display_errors = Off" into the php.ini or call them for instructions (took 2 minutes) on how to do it. Very simple to modify.

Please note it is not enough to change debugging level in Moodle settings because we need to prevent errors in scripts that are not supposed to be accessed directly.

See also

Hämtad från ”https://docs.moodle.org/4x/sv/index.php?title=report/security/report_security_check_displayerrors&oldid=104267
Powered by MediaWiki