• lurch (he/him)@sh.itjust.works
    link
    fedilink
    arrow-up
    5
    ·
    12 days ago

    this is not always true. many tutorials encourage people to do a setup that does not output a PHP error to the web, as it can leak info that may help an attacker, such as the file path the error occurred in. in setups like these PHP will log the error to a file an attacker can’t access (often /var/log/php/error.log ) and exit with a failure status code, which many common web server setups will turn into an HTTP 500 error. Some server setups will just send an empty file though, which will be a blank white page shown in a browser.