summaryrefslogtreecommitdiffstats
path: root/user_guide/general/security.html
diff options
context:
space:
mode:
authorkatzgrau <devnull@localhost>2011-03-10 16:24:29 +0100
committerkatzgrau <devnull@localhost>2011-03-10 16:24:29 +0100
commite8f5890e4b7eb52ed4d905a225c3bf985f397439 (patch)
tree9da4e4218b4e18f2b13840605fe7b251cc35ba63 /user_guide/general/security.html
parentd1c21a47efdb9083d232f1f11bf3eeff8d308dd8 (diff)
Added full docs for new ENVIRONMENT constant.
Diffstat (limited to 'user_guide/general/security.html')
-rw-r--r--user_guide/general/security.html17
1 files changed, 17 insertions, 0 deletions
diff --git a/user_guide/general/security.html b/user_guide/general/security.html
index 8a41dff9d..5ecfcf18a 100644
--- a/user_guide/general/security.html
+++ b/user_guide/general/security.html
@@ -87,6 +87,23 @@ array is <strong>unset</strong> by the Input class during system initialization.
<p>During system initialization all global variables are unset, except those found in the $_POST and $_COOKIE arrays. The unsetting
routine is effectively the same as register_globals = off.</p>
+<a name="error_reporting"></a>
+<h2>error_reporting</h2>
+
+<p>
+ In production environments, it is typically desirable to disable PHP's
+ error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP
+ errors from being rendered as output, which may potentially contain
+ sensitive information.
+</p>
+
+<p>
+ Setting CodeIgniter's <kbd>ENVIRONMENT</kbd> constant in index.php to a
+ value of '<kbd>production</kbd>' will turn off these errors. In development
+ mode, it is recommended that a value of '<kbd>development</kbd>' is used.
+ More information about differentiating between environments can be found
+ on the <a href="environments.html">Handling Environments</a> page.
+</p>
<h2>magic_quotes_runtime</h2>