On Mon, February 27, 2012 1:33 pm, Kris Craig wrote: > I think it's a good idea, though I'm not sure it should be done in the > production one as well. I'm not sure, but I think these errors are > generally suppressed in production because of potential security > concerns > involved in making those errors public.
I would contend that if you have any errors at any level of E_* going out over HTTP, you have done it "wrong". It is true that in the days of register_globals, the E_NOTICE going to the HTML was a gold-mine for abusers of potential security threats. But all of E_* messages are also goldmines of the same ilk. That said, > I would suggest amending the RFC so that it only applies to > php.ini-development. Other than that, I like it. If most cheap webhosts chose php.ini-development, I'd be okay with this, as it probably is not suitable for PRODUCTION environments for the experts. Unfortunately, most cheap webhosts go with php.ini-production, as they are production environments, and the unwashed masses of users of said cheap webhosts are the target audience of the proposal. As stated in the RFC, the experts can and will change their php.ini to their taste in each environment: It's the masses of users who don't even know there is a choice that are being hurt by the current default setting, writing bad code, asking questions of obvious typos that E_NOTICE would catch, and remaining un-educated for too long that they develop bad habits. Not that I think this will eliminate newbie postings. There will always be those who don't even read or comprehend the most clear error messages. But I think it will reduce the number of postings by newbies who are tripped up by the typical mistakes E_NOTICE exposes. PS I want to thank you for your reasoned response, especially given the other thread we are involved in! -- brain cancer update: http://richardlynch.blogspot.com/search/label/brain%20tumor Donate: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=FS9NLTNEEKWBE -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
