Automated merge with http://hg.ellislab.com/CodeIgniter-Reactor

1 files changed, 17 insertions, 0 deletions

diff --git a/user_guide/general/security.html b/user_guide/general/security.html
index 8cb6b8041..c47b5b25e 100644
--- a/user_guide/general/security.html
+++ b/user_guide/general/security.html
@@ -87,6 +87,23 @@ array is <strong>unset</strong> by the Input class during system initialization.
 <p>During system initialization all global variables are unset, except those found in the $_POST and $_COOKIE arrays. The unsetting
 routine is effectively the same as register_globals = off.</p>
 
+<a name="error_reporting"></a>
+<h2>error_reporting</h2>
+
+<p>
+    In production environments, it is typically desirable to disable PHP's 
+    error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP
+    errors from being rendered as output, which may potentially contain
+    sensitive information.
+</p>
+
+<p>
+    Setting CodeIgniter's <kbd>ENVIRONMENT</kbd> constant in index.php to a
+    value of '<kbd>production</kbd>' will turn off these errors. In development
+    mode, it is recommended that a value of '<kbd>development</kbd>' is used.
+    More information about differentiating between environments can be found
+    on the <a href="environments.html">Handling Environments</a> page.
+</p>
 
 <h2>magic_quotes_runtime</h2>