(Miles Johnson) -> Blog -> Making sure debug is off in production

Making sure debug is off in production

This article is over a year old and may contain outdated information.

Over a year ago I wrote about turning debug off automatically in production. That post I wrote is completely wrong (to an extent). The theory is correct but the execution was incorrect. Even one of the comments pointed out the problem, but I haven't had time to blog about it till now.

About a month ago I realized my implementation was wrong when one of my live sites was outputting MySQL errors and database information (including passwords) to all my users. Since debug in core.php was set to 2, and then disabled to 0 in bootstrap.php, the errors were being triggered before bootstrap was loaded. This was a huge problem as it printed out vital DB information.

It is an easy fix however, simply switch around the values from my previous entry. Debug in core.php should be set to 0 and in bootstrap.php it should be set to 2! That fixes the startup errors that appear before the bootstrap process.

if (env('REMOTE_ADDR') == '127.0.0.1') {
	Configure::write('debug', 2);
}

5 Comments

@Chris

Create a __construct() function in your DATABASE_CONFIG class (in config/database.php) and do something like:
```
function __construct() 
{
	//I have defined IS_LOCAL in my core.php
	$this->default = IS_LOCAL ? $this->dev : $this->live;
}
```
whootland ⋅ Oct 5th 2010, 08:29
Any way to do this with the database configuration too?

Chris ⋅ Jun 14th 2010, 23:34
Neat tips, thanks!

Igor ⋅ Jun 10th 2010, 23:09
I tried your aproach before but it has a little problem: the model cache is not regenerated, even if you config a non zero debug value in the bootstrap (tested with 1.3.2). I think the better way to do this is to put the "if" statement into the core.php instead of bootstrap.php

Another issue we had is the comparison with 127.0.0.1. The problem is: is you access the app via intranet you wont be able to the the debug information, something you need if you are working in a team. The way we solve it was setting virtual hosts and comparing to that, for example
```
//in core.php
if (env('HTTP_HOST') == 'www.example.dev') {
   Configure::write('debug', 2);
} else {
   Configure::write('debug', 0);
}
```
Thanks for your post and opening this discussion!
Mauro Zadunaisky ⋅ Jun 9th 2010, 05:21
An alternative to the additional setting in bootstrap.php is to set debug all in core.php with the following:
```
Configure::write('debug', 0);
$debugAddresses = array(
   '127.0.0.1', //Localhost
   '::1', //Localhost IPv6
   '10.0.0.1', //Some LAN address
);
if (in_array(env('REMOTE_ADDR'), $debugAddresses)) {
   Configure::write('debug', 2);
}
unset($debugAddresses);
```
This is what I use for testing and deploying sites.
It also means I can use debugging for my public IP address for a live site, while the rest of the world is served with debug set at 0.

Enjoy.
Graham Weldon ⋅ Jun 8th 2010, 22:33
Nice to see that not everything I say gets ignored

Graham Weldon ⋅ Jun 8th 2010, 22:25