Bug 97765 - Default php config should be either for development or for live
Summary: Default php config should be either for development or for live
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: php (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: All Linux
Target Milestone: ---
Assignee: Joe Orton
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2003-06-20 16:33 UTC by kop
Modified: 2007-03-27 04:07 UTC (History)
0 users

Fixed In Version: 4.3.4-5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-01-21 17:37:57 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description kop 2003-06-20 16:33:28 UTC
Description of problem:

Php comes shipped with configuration geared towards development, but not
entirely.  To be entirely geared towards development all errors
and warnings should be reported by php.  As shipped, php does not
report warnings of bad code. (Referencing unassinged variable values,
forgetting to quote constants, etc.  Like 'perl -w'.)

As shipped the php.ini is a bad compromise between development and live.
It's better to have the administrator configure the box to suit
the use to which it will be put.

Consider putting these php config directives in apache's config.  See below.

Development php.ini should be:

# Errors in html output stream
display_erorrs 1
# Don't log errors (syslog or apache)
log_errors 0
# Report all errors and warnings
error_reporting 2047

Live php.ini should be:

# Never show user errors
display_errors 0
# Log all errors (via apache)
log_errors 1
# error_log syslog
# Report all errors and warnings
# error_reporting <depends on how bad your code is>
error_reporting 2047

Additional info:

Changes should take place in a new redhat release.

It's worth commenting out the 'live' values to provide
recommendations for when a site goes live.

The best place to make these configuration changes is really  not
in php.ini, but in apache's httpd.conf using apache's php_flag
and php_value config directives.  When the changes are made through
apache they can be set on a per-directory basis.  (It's also possible
to set them from within a php script using php_ini(), although
this is not really feasible for much of the error handling as
errors occur during php parsing at which point the php_ini() call has
not been made.

Comment 1 Joe Orton 2004-01-21 17:37:57 UTC
php.ini is now based on php.ini-recommended as of php-4.3.4-5 in Raw
Hide.  Thanks for the report!

Note You need to log in before you can comment on or make changes to this bug.