Php Security Preventing Information Disclosure

Disclosing information, such as errors, to attackers can leave your system in a vulnerable position. Before and during an attack, the attacker will need to acquire a wealth of general information about your system. This information includes your directory structure, database names, usernames, and more. Preventing PHP from printing errors to the web application’s user interface is one way to inhibit an attacker’s ability to gain information he could use to compromise your system.

When display_errors is disabled, your developers are still able to retrieve debugging information from the appropriate PHP logs.

Trackback URI | Comments RSS

Leave a Reply

You must be logged in to post a comment.