Hi,
I'm looking a way to monitor all php errors on production servers (especially for timeout or out-of-memory issues).
In default config.php, enable error_reporting(E_ALL | E_STRICT) is not recommended for production servers.
I'm not sure if this recommendation is only for error_reporting or for both settings : error_reporting(E_ALL | E_STRICT) and ini_set('display_errors', '1').
Is there any security risks to use these settings in config.php for a production server ?
$CFG->debug = -1; // Report all PHP errors¹.
$CFG->debugdisplay = 0; // Hide PHP errors.
error_reporting($CFG->debug);
ini_set('display_errors', $CFG->debugdisplay);
ini_set('error_log', 'syslog'); // Send PHP errors to syslog.
Regards,
¹ : https://www.php.net/manual/en/function.error-reporting.php#example-503