On Mon, May 15, 2006 9:41 am, Brian Moon wrote:
>> Why would anyone have E_ALL
>> switched on anywhere but a dev box?
>
> Working with Phorum, I get to peer into lots of different hosting
> companies setups when helping my users. I have seen many hosts that
> do
> have E_ALL enabled and do not log errors because they have no way to
> provide that log back to their users. Nor would the users have a
> comprehension of the error log.
>
> For the enterprise, I would believe that nearly all production servers
> shield error output from web pages in one way or another. However, I
> believe that PHP has its roots in the small web site. If you start
> making it hard on them to upgrade, you will see hosts that never
> upgrade
> their PHP versions.
A quick Google for common PHP error messages will almost for sure find
you a zillion sites with E_ALL in production servers.
I'm not saying it's the Right Way to do things -- I'm saying it's the
way a LOT of hosts are set up by default, and their users don't know
how to change it, or don't consider the security implications serious
enough.
--
Like Music?
http://l-i-e.com/artists.htm