diff options
Diffstat (limited to 'user_guide/general/security.html')
| -rw-r--r-- | user_guide/general/security.html | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/user_guide/general/security.html b/user_guide/general/security.html index 8a41dff9d..5ecfcf18a 100644 --- a/user_guide/general/security.html +++ b/user_guide/general/security.html @@ -87,6 +87,23 @@ array is <strong>unset</strong> by the Input class during system initialization. <p>During system initialization all global variables are unset, except those found in the $_POST and $_COOKIE arrays. The unsetting routine is effectively the same as register_globals = off.</p> +<a name="error_reporting"></a> +<h2>error_reporting</h2> + +<p> + In production environments, it is typically desirable to disable PHP's + error reporting by setting the internal error_reporting flag to a value of 0. This disables native PHP + errors from being rendered as output, which may potentially contain + sensitive information. +</p> + +<p> + Setting CodeIgniter's <kbd>ENVIRONMENT</kbd> constant in index.php to a + value of '<kbd>production</kbd>' will turn off these errors. In development + mode, it is recommended that a value of '<kbd>development</kbd>' is used. + More information about differentiating between environments can be found + on the <a href="environments.html">Handling Environments</a> page. +</p> <h2>magic_quotes_runtime</h2> |