Making sure debug is off in production

Over a year ago I wrote about turning debug off automatically in production. That post I wrote is completely wrong (to an extent). The theory is correct but the execution was incorrect. Even one of the comments pointed out the problem, but I haven't had time to blog about it till now.

About a month ago I realized my implementation was wrong when one of my live sites was outputting MySQL errors and database information (including passwords) to all my users. Since debug in core.php was set to 2, and then disabled to 0 in bootstrap.php, the errors were being triggered before bootstrap was loaded. This was a huge problem as it printed out vital DB information.

It is an easy fix however, simply switch around the values from my previous entry. Debug in core.php should be set to 0 and in bootstrap.php it should be set to 2! That fixes the startup errors that appear before the bootstrap process.

if (env('REMOTE_ADDR') == '127.0.0.1') {
	Configure::write('debug', 2);
}

Turning debug off automatically in production

This entry is incorrect, please refer to this new entry.

So I recently got tired of having to manually set debug to 0 every time I updated an old site or published a new one. So I thought, why not have it automatically turn off when the site is live? For this to work, I'm assuming that you are working on a localhost with an IP of 127.0.0.1. If you are not, you might get this to work by changing the IP in the code below, or using HTTP_HOST instead of REMOTE_ADDR. Simply add this code at the top of your app/config/bootstrap.php file.

// Production
if (env('REMOTE_ADDR') != '127.0.0.1') {
	Configure::write('debug', 0);
}
// Or alternate technique
if (env('HTTP_HOST') != 'localhost') {
	Configure::write('debug', 0);
}

This also means you can leave debug set to 2 in your core config file at all times.