From a5791e3b5c57a1de8d3f72f4cad7ed27c489c990 Mon Sep 17 00:00:00 2001
From: Chris Cornutt <enygma@phpdeveloper.org>
Date: Thu, 19 Jul 2012 21:29:42 -0500
Subject: [PATCH 1/2] adding sections for config files, register_globals and
 error_reporting

---
 _posts/07-05-01-Configuration-Files.md | 11 +++++++++++
 _posts/07-06-01-Register-Globals.md    | 11 +++++++++++
 _posts/07-07-01-Error-Reporting.md     | 25 +++++++++++++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 _posts/07-05-01-Configuration-Files.md
 create mode 100644 _posts/07-06-01-Register-Globals.md
 create mode 100644 _posts/07-07-01-Error-Reporting.md

diff --git a/_posts/07-05-01-Configuration-Files.md b/_posts/07-05-01-Configuration-Files.md
new file mode 100644
index 0000000..0122c88
--- /dev/null
+++ b/_posts/07-05-01-Configuration-Files.md
@@ -0,0 +1,11 @@
+---
+isChild: true
+---
+
+## Configuration Files
+
+When creating configuration files for your applications, best practices recommend that one of the following methods be followed:
+
+- It is recommended that you store your configuration information where it cannot be accessed directly and pulled in via the file system.
+- If you must store your configuration files in the document root, name the files with a `.php` extension. This ensures that, even if the script is accessed directly, it will not be outputed as plain text.
+- Information in configuration files should be protected accordingly, either through encryption or group/user file system permissions
\ No newline at end of file
diff --git a/_posts/07-06-01-Register-Globals.md b/_posts/07-06-01-Register-Globals.md
new file mode 100644
index 0000000..dcb8038
--- /dev/null
+++ b/_posts/07-06-01-Register-Globals.md
@@ -0,0 +1,11 @@
+---
+isChild: true
+---
+
+## Register Globals
+
+When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from `$_POST`, `$_GET` and `$_REQUEST`) globals, available in the global scope of your application. This can easily lead to security issues as your application cannot effectively tell where the data is coming from.
+
+If you are using a version of PHP that's prior to 4.2.0, you may still be at risk of this setting causing problems. As of PHP 4.2.0, the `register_globals` setting has been defaulted to "off" and, even more effective, the setting has been completely removed in PHP 5.4.0. To ensure the security of your application, ensure that this setting is always set to "off".
+
+* [Register_globals in the PHP manual](http://www.php.net/manual/en/security.globals.php)
\ No newline at end of file
diff --git a/_posts/07-07-01-Error-Reporting.md b/_posts/07-07-01-Error-Reporting.md
new file mode 100644
index 0000000..151a1ae
--- /dev/null
+++ b/_posts/07-07-01-Error-Reporting.md
@@ -0,0 +1,25 @@
+---
+isChild: true
+---
+
+## Error Reporting
+
+Error logging can be useful in finding the problem spots in your application, but it can also expose infromation about the structure of your application to the outside world. To effectively protect your application from issues that could be caused by the output of these messages, you need to configure your server differently in development versus production (live).
+
+### Development
+
+To show errors in your <strong>development</strong> environment, configure the following settings in your `php.ini`:
+
+- display_errors: On
+- error_reporting: E_ALL
+- log_errors: On
+
+### Production
+
+To hide the errors on your <strong>production</strong> environment, configure your `php.ini` as:
+
+- display_errors: Off
+- error_reporting: E_ALL
+- log_errors: On
+
+With these settings in production, errors will still be logged to the error logs for the web server, but will not be shown to the user.
\ No newline at end of file

From a6d839480b7864de8f1ab89cdc689267f7d0ea37 Mon Sep 17 00:00:00 2001
From: Chris Cornutt <enygma@phpdeveloper.org>
Date: Fri, 20 Jul 2012 06:40:44 -0500
Subject: [PATCH 2/2] updating according to formatting requests

---
 _posts/07-05-01-Configuration-Files.md | 12 ++++++++----
 _posts/07-06-01-Register-Globals.md    | 11 +++++++++--
 _posts/07-07-01-Error-Reporting.md     | 12 ++++++++++--
 3 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/_posts/07-05-01-Configuration-Files.md b/_posts/07-05-01-Configuration-Files.md
index 0122c88..9215a3e 100644
--- a/_posts/07-05-01-Configuration-Files.md
+++ b/_posts/07-05-01-Configuration-Files.md
@@ -4,8 +4,12 @@ isChild: true
 
 ## Configuration Files
 
-When creating configuration files for your applications, best practices recommend that one of the following methods be followed:
+When creating configuration files for your applications, best practices recommend that one of the following methods 
+be followed:
 
-- It is recommended that you store your configuration information where it cannot be accessed directly and pulled in via the file system.
-- If you must store your configuration files in the document root, name the files with a `.php` extension. This ensures that, even if the script is accessed directly, it will not be outputed as plain text.
-- Information in configuration files should be protected accordingly, either through encryption or group/user file system permissions
\ No newline at end of file
+- It is recommended that you store your configuration information where it cannot be accessed directly and pulled in 
+via the file system.
+- If you must store your configuration files in the document root, name the files with a `.php` extension. This 
+ensures that, even if the script is accessed directly, it will not be outputed as plain text.
+- Information in configuration files should be protected accordingly, either through encryption or group/user file 
+system permissions
\ No newline at end of file
diff --git a/_posts/07-06-01-Register-Globals.md b/_posts/07-06-01-Register-Globals.md
index dcb8038..55b6727 100644
--- a/_posts/07-06-01-Register-Globals.md
+++ b/_posts/07-06-01-Register-Globals.md
@@ -4,8 +4,15 @@ isChild: true
 
 ## Register Globals
 
-When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from `$_POST`, `$_GET` and `$_REQUEST`) globals, available in the global scope of your application. This can easily lead to security issues as your application cannot effectively tell where the data is coming from.
+<strong>NOTE:</strong> As of the introduction of PHP 5.4, the `register_globals` setting has been removed and can no 
+longer be used.
 
-If you are using a version of PHP that's prior to 4.2.0, you may still be at risk of this setting causing problems. As of PHP 4.2.0, the `register_globals` setting has been defaulted to "off" and, even more effective, the setting has been completely removed in PHP 5.4.0. To ensure the security of your application, ensure that this setting is always set to "off".
+When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from 
+`$_POST`, `$_GET` and `$_REQUEST`) globals, available in the global scope of your application. This can easily lead to 
+security issues as your application cannot effectively tell where the data is coming from.
+
+If you are using a version of PHP that's prior to 4.2.0, please be aware that you may still be at risk of this setting 
+causing problems. As of PHP 4.2.0, the `register_globals` setting has been defaulted to "off". To ensure the security 
+of your application, ensure that this setting is <strong>always</strong> set to "off" if available.
 
 * [Register_globals in the PHP manual](http://www.php.net/manual/en/security.globals.php)
\ No newline at end of file
diff --git a/_posts/07-07-01-Error-Reporting.md b/_posts/07-07-01-Error-Reporting.md
index 151a1ae..d79405e 100644
--- a/_posts/07-07-01-Error-Reporting.md
+++ b/_posts/07-07-01-Error-Reporting.md
@@ -4,7 +4,10 @@ isChild: true
 
 ## Error Reporting
 
-Error logging can be useful in finding the problem spots in your application, but it can also expose infromation about the structure of your application to the outside world. To effectively protect your application from issues that could be caused by the output of these messages, you need to configure your server differently in development versus production (live).
+Error logging can be useful in finding the problem spots in your application, but it can also expose infromation about 
+the structure of your application to the outside world. To effectively protect your application from issues that could 
+be caused by the output of these messages, you need to configure your server differently in development versus 
+production (live).
 
 ### Development
 
@@ -22,4 +25,9 @@ To hide the errors on your <strong>production</strong> environment, configure yo
 - error_reporting: E_ALL
 - log_errors: On
 
-With these settings in production, errors will still be logged to the error logs for the web server, but will not be shown to the user.
\ No newline at end of file
+With these settings in production, errors will still be logged to the error logs for the web server, but will not be 
+shown to the user. For more information on these settings, see the PHP manual:
+
+* [Error_reporting](http://www.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting)
+* [Display_errors](http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)
+* [Log_errors](http://www.php.net/manual/en/errorfunc.configuration.php#ini.log-errors)
\ No newline at end of file