Last updated May 14, 2012. Created by greggles on May 14, 2012.
Log in to edit this page.
Drupal core provides a feature to show error messages to site visitors. By default this feature is enabled which is very helpful while building a site because the visitor can quickly see the error messages.
Once a site has entered "production" mode this feature should be disabled to avoid information disclosure such as the full filesystem path on the server or the structure of tables in a SQL error message.
Disabling display of error messages in Drupal 7
As an administrator, navigate to Home » Administration » Configuration » Development. Set the "Error messages to display" option to "None."
Disabling display of error messages in Drupal 6
As an administrator, navigate to Home » Administer » Site configuration. Set the "Error reporting" option to "Write errors to the log."
Disabling display of notices in PHP
PHP also has a configuration for which errors are shown. For production environments this value should be set to something that will not display notices such as E_ERROR.
To help identify this and other potential problems on a site, you should consider using the Security Review module.