Avoid enabling debug mode in applications

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Metadata

ID: php-security/debug-mode-on

Language: PHP

Severity: Error

Category: Security

CWE: 489

Description

Debug mode, while useful during development and testing stages, can expose sensitive information such as server configuration, third-party modules, and other internal details of the application that can be exploited by attackers. In the worst-case scenario, it can lead to a serious security breach.

Make sure that debug mode is disabled in the production environment. This can be achieved by setting the debug configuration to false or 0 in the application’s configuration settings. For example, in CakePHP, use Config::write('debug', 0); or Configure::config('debug', false);, and in WordPress, use define('WP_DEBUG', false);.

Non-Compliant Code Examples

<?php
// CakePHP 1.x, 2.x
Configure::write('debug', 1);
// CakePHP 3.x
Configure::config('debug', true);
// WordPress
define('WP_DEBUG', true);

Compliant Code Examples

<?php
// CakePHP 1.x, 2.x
Configure::write('debug', 0);
// CakePHP 3.x
Configure::config('debug', false);
// WordPress
define('WP_DEBUG', false);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: rtrieu/product-analytics-ui-changes