PhpSecInfo Test Information
This test checks to see if display_errors is enabled.
The display_errors directive determines whether error messages should be sent to the browser. These messages frequently contain sensitive information about your web application environment, and should never be presented to untrusted sources.
display_errors is on by default.
Unless you are in a closed development state, display_errors should be disabled, and all error messages should be passed to system log files using the log_errors directive.
You can disable display_errors in the php.ini file:
; Disable display_errors for security reasons display_errors = 'off' log_errors = 'on'
The setting can also be disabled in apache's httpd.conf file, or an .htaccess file:
# Disable display_errors for security reasons php_flag display_errors off php_flag log_errors on