News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

PHP Security Blog:
How you should never configure your logging in PHP
December 07, 2005 @ 07:27:28

From the PHP Security Blog today, there's this look at a way to not configure your logging in PHP - some issues that he points out in the examples from the recent "Essential PHP Security" book.

Today I had the pleasure to look at code examples from a recently released book. I guess readers of my blog know exactly what book I am referring to.

I will only cover the first 2 code examples that explain how to configure and use PHP's logging capabilities for now because they [...] reveal some nice insights.

The first example he talks about some issues with using ini_set to put the errors logged in the Apache error_log. His issue with the method being the permissions on the log file (assuming a "sane configured webserver"). The second issue is in another example, one that tries the same logging method, but uses the set_error_handler method to do so...

0 comments voice your opinion now!
security logging set_error_hander security logging set_error_hander


blog comments powered by Disqus

Similar Posts

Evert Pot's Blog: Devshed article about SQL Injection

Chance Garcia's Blog: TEKX Tutorials - Best Practices & Being the Bad Guy

Sebastian Bergmann\'s Blog: Graphical Logging in PHPUnit 3

Chris Shiflett\'s Blog: PHP Insecurity

Zend Developer Zone: Zend Framework 1.7.5 Released (Security Fix)


Community Events





Don't see your event here?
Let us know!


introduction version language artisanfiles series library voicesoftheelephpant composer release security opinion tool conference interview laravel list podcast community symfony framework

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework