Kyplex Cloud Security Blog

Definitely a feature, not a bug. No Drupal install...

2010-04-28T16:57:50.384-07:00

Definitely a feature, not a bug. No Drupal installation is or could possibly be ready-to-go as soon as it is installed. Drupal is a framework; it requires configuration to make it do what you want it to. And if you're configuring things, you should be able to see where the problem is. Before you take your site live you can turn off the helpfulness.

Also: "This [files] directory is fully writa...

2010-04-28T14:34:19.306-07:00

Also:

"This [files] directory is fully writable as it is used as a temporary directory."

That is not accurate. The files directory must be writable by the webserver, and ideally is not world-writable. It also is not used as a temp directory. Drupal explicitly uses an alternativel location for temporary file storage (usually /tmp like anything in linux, but

Um... this is a feature. Drupal installs with er...

2010-04-28T14:23:22.207-07:00

Um... this is a feature.

Drupal installs with errors written to the screen to help people debug any install problems. Before going into production, everyone should be turning this off:

http://drupal.org/node/22239

Hello Jo You do not need to enable "display ...

2010-04-28T14:22:53.622-07:00

Hello Jo

You do not need to enable "display errors on screen" because it is enabled by default.

Drupal displays errors to screen by default.

Hope this is clear now.

For the records, the above disclosure was discusse...

2010-04-28T13:31:36.826-07:00

For the records, the above disclosure was discussed publicly in the Drupal bug tracker at http://drupal.org/node/783618

So if I summarize this: If you enable "displa...

2010-04-28T13:30:04.885-07:00

So if I summarize this: If you enable "display errors on screen", then Drupal shows errors on screen.
whaw, you made a great discovery !