Here's a typical error message that can pop up, for authenticated and anonymous users alike, when Drupal chokes on something:
warning: array_map() [function.array-map]: Argument #2 should be an array in /home/your-directory/your-Drupal-installation/modules/system/system.module on line 1015.
The latter part of the path, modules/system/system.module, is generic to any Drupal setup. But the former part, /home/your-directory/your-Drupal-installation/, refers specifically to your own directory setup. That's obviously useful to the admin (should he for some reason not know the path), but is it wise to be revealing such directory info to strangers?
I can't say offhand what that extra info means to a malicious hacker. But following the general maxim of giving such malcreants no info they shouldn't have, is there a way to stop Drupal from revealing paths in its error messages?
Question answer:
I thought there was a simple setting to handle this, but couldn't recall it. Over on the Drupal.org forums, helpful soul ambientdrup set me straight: the solution is as quick as heading to the Error Reporting settings at admin/settings/error-reporting, and setting errors to write to the log only, not both screen and log. The screen messages are helpful while you're developing a site, but once you launch, it's a good idea to turn them off.
And that's it. My thanks to ambientdrup!
I have heard and read stories such as this one before, and their common denominator is Drupal...
excellent tip - can highly recommend the module - installed and working perfectly in drupal 7
This book seems very interesting as I am currently starting a project to build a community site...
Thank you very much !
Thank you very much !