• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hide exceptions in production envairoment

#1
I have started the migration of my current application at CI 3 to CI 4. Wow.. a lot of changes

I have seen that the bugs in CI4 are very detailed, and debuggers have been included, it looks good! 

But for a production environment they bring too much information, so I have modified the variable CI_ENVIRONMENT in my .env file by production and I have tried to generate an exception from the example Home controller. 
The result is practically the same as if I am in development. (I've checked that the variable is loaded correctly)

What am I doing wrong?
Reply

#2
Exceptions need to be handled. It's usually really bad practice not telling the user something failed. Exceptions cannot be ignored.

You need to give some thought as to why any given exception is happening. Ask yourself, "Is this problem something that could happen because of something the end-user does or is this happening because the developer has done something wrong?"

For instance, if when calling updateBatch() you don't supply the $index parameter you get an exception. That's a value that, most of the time, only the developer can provide to updateBatch().

You're going to find that a lot of exceptions are a wakeup call to the developer saying, "You have written bad code." I think the majority of exceptions are related to development issues.

For those few exceptions that are caused by coding mistakes, you must decide whether to write defensively - meaning code that leads the end-users where they need to be - or you need to implement try/catch blocks. Probably both.

In the catch block is where you either present the problem to the end-user or fix it for them.
Reply

#3
I agree, all exceptions have to be controlled (with try catch for example).
I'm just trying to show an error in my uncontrolled code and show the "whoops" page.

My main question is;
How can I hide my php code from the user in a production environment?
I tried to modify the reporting of app/Config/Boot/production.php without great results.

An example;

[Image: Exception-Example.png]
Reply

#4
While I'm waiting for the moderator to approve my previous message...

In an example I saw that by setting the environment as production, and making a wrong call like this;
Code:
return viewaaa('welcome_message');

The page shown is the Woops page, but i see the full error
What am I doing wrong?
Reply

#5
(05-20-2020, 10:41 PM)n3rvio Wrote: I agree, all exceptions have to be controlled (with try catch for example).
I'm just trying to show an error in my uncontrolled code and show the "whoops" page.

My main question is;
How can I hide my php code from the user in a production environment?
I tried to modify the reporting of app/Config/Boot/production.php without great results.

An example;

[Image: Exception-Example.png]

This is an example of a developer error. A line of code does not have the required semi-colon at the end. To be precise, it is the line

PHP Code:
echo "I'm an awkward programmer" 

Need the semi-colon at the end, e.g.

PHP Code:
echo "I'm an awkward programmer"

If the ParseError is seen then you have not succeeded in setting the environment to "production". If it is "production" you get the Whoops page.
Reply

#6
Set you environment to production that can be done in the .env file
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.