On Mon, May 15, 2006 9:41 am, Brian Moon wrote: >> Why would anyone have E_ALL >> switched on anywhere but a dev box? > > Working with Phorum, I get to peer into lots of different hosting > companies setups when helping my users. I have seen many hosts that > do > have E_ALL enabled and do not log errors because they have no way to > provide that log back to their users. Nor would the users have a > comprehension of the error log. > > For the enterprise, I would believe that nearly all production servers > shield error output from web pages in one way or another. However, I > believe that PHP has its roots in the small web site. If you start > making it hard on them to upgrade, you will see hosts that never > upgrade > their PHP versions.
A quick Google for common PHP error messages will almost for sure find you a zillion sites with E_ALL in production servers. I'm not saying it's the Right Way to do things -- I'm saying it's the way a LOT of hosts are set up by default, and their users don't know how to change it, or don't consider the security implications serious enough. -- Like Music? http://l-i-e.com/artists.htm -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
