Post by meoit » Thu Mar 01, 2018 7:59 pm

Security issues !!!

Sorry for my bad English.

I try to turn off MySQL (simulator for the server's SQL hosting death / temporary interruptions) and just let each Apache run, then I see Opencart show all the connection information (result as same when I visit the store page and the admin page).
- SQL server
- Username
- Password
- Database Name
- SQL Port

Image

Does someone have an opinion ?. @straightlight

O0 O0 O0


User avatar
New member

Posts

Joined
Sun Nov 25, 2012 10:08 am

Post by ADD Creative » Thu Mar 01, 2018 9:09 pm

You need to switch off displaying of PHP errors. There are 3 steps to do this for OpenCart 3.0.

1. In the admin goto System -> Settings -> Edit -> Server (tab) and and change Display Errors to No. Then save.

2. To switch off the framework errors. Change $_['error_display'] to false in system\config\default.php. Or add

Code: Select all

$_['error_display']        = false;
to system\config\catalog.php and system\config\admin.php

3. Next you need to set the PHP ini setting display_errors to Off. Who you do this will depend on your host. It could be adding

Code: Select all

display_errors = Off
to your php.ini file in the OpenCart and admin folders. Or you may need to add

Code: Select all

php_flag display_errors Off
to your .htaccess file in the OpenCart folder. Or you may need to do something else depending on your hosting.

You will also want to check the location of the PHP error log and make sure it is set to log to somewhere that is publicly accessible. The error_log and/or log_errors PHP ini setting are what you need to change for this.

ADD Creative - Web development and e-commerce development, Milton Keynes or Christchurch, UK
ADD Filtration - HVAC Panel Filters, Bag Filters and HEPA Filters


Active Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Who is online

Users browsing this forum: No registered users and 4 guests