From a5791e3b5c57a1de8d3f72f4cad7ed27c489c990 Mon Sep 17 00:00:00 2001
From: Chris Cornutt <enygma@phpdeveloper.org>
Date: Thu, 19 Jul 2012 21:29:42 -0500
Subject: [PATCH] adding sections for config files, register_globals and
 error_reporting

---
 _posts/07-05-01-Configuration-Files.md | 11 +++++++++++
 _posts/07-06-01-Register-Globals.md    | 11 +++++++++++
 _posts/07-07-01-Error-Reporting.md     | 25 +++++++++++++++++++++++++
 3 files changed, 47 insertions(+)
 create mode 100644 _posts/07-05-01-Configuration-Files.md
 create mode 100644 _posts/07-06-01-Register-Globals.md
 create mode 100644 _posts/07-07-01-Error-Reporting.md

diff --git a/_posts/07-05-01-Configuration-Files.md b/_posts/07-05-01-Configuration-Files.md
new file mode 100644
index 0000000..0122c88
--- /dev/null
+++ b/_posts/07-05-01-Configuration-Files.md
@@ -0,0 +1,11 @@
+---
+isChild: true
+---
+
+## Configuration Files
+
+When creating configuration files for your applications, best practices recommend that one of the following methods be followed:
+
+- It is recommended that you store your configuration information where it cannot be accessed directly and pulled in via the file system.
+- If you must store your configuration files in the document root, name the files with a `.php` extension. This ensures that, even if the script is accessed directly, it will not be outputed as plain text.
+- Information in configuration files should be protected accordingly, either through encryption or group/user file system permissions
\ No newline at end of file
diff --git a/_posts/07-06-01-Register-Globals.md b/_posts/07-06-01-Register-Globals.md
new file mode 100644
index 0000000..dcb8038
--- /dev/null
+++ b/_posts/07-06-01-Register-Globals.md
@@ -0,0 +1,11 @@
+---
+isChild: true
+---
+
+## Register Globals
+
+When enabled, the `register_globals` configuration setting that makes several types of variables (including ones from `$_POST`, `$_GET` and `$_REQUEST`) globals, available in the global scope of your application. This can easily lead to security issues as your application cannot effectively tell where the data is coming from.
+
+If you are using a version of PHP that's prior to 4.2.0, you may still be at risk of this setting causing problems. As of PHP 4.2.0, the `register_globals` setting has been defaulted to "off" and, even more effective, the setting has been completely removed in PHP 5.4.0. To ensure the security of your application, ensure that this setting is always set to "off".
+
+* [Register_globals in the PHP manual](http://www.php.net/manual/en/security.globals.php)
\ No newline at end of file
diff --git a/_posts/07-07-01-Error-Reporting.md b/_posts/07-07-01-Error-Reporting.md
new file mode 100644
index 0000000..151a1ae
--- /dev/null
+++ b/_posts/07-07-01-Error-Reporting.md
@@ -0,0 +1,25 @@
+---
+isChild: true
+---
+
+## Error Reporting
+
+Error logging can be useful in finding the problem spots in your application, but it can also expose infromation about the structure of your application to the outside world. To effectively protect your application from issues that could be caused by the output of these messages, you need to configure your server differently in development versus production (live).
+
+### Development
+
+To show errors in your <strong>development</strong> environment, configure the following settings in your `php.ini`:
+
+- display_errors: On
+- error_reporting: E_ALL
+- log_errors: On
+
+### Production
+
+To hide the errors on your <strong>production</strong> environment, configure your `php.ini` as:
+
+- display_errors: Off
+- error_reporting: E_ALL
+- log_errors: On
+
+With these settings in production, errors will still be logged to the error logs for the web server, but will not be shown to the user.
\ No newline at end of file