CodeIgniter development mode enabled
Description
The CodeIgniter application is configured to run in development mode, which causes detailed error messages, stack traces, and debugging information to be displayed when errors occur. Development mode is intended for use during application development to aid debugging, but should be disabled in production environments. When enabled in production, this configuration exposes internal application details that could assist attackers in identifying vulnerabilities or understanding the application's architecture.
Remediation
Disable development mode by setting the CI_ENVIRONMENT environment variable to production in your application's .env configuration file. This will suppress detailed error messages and display generic error pages instead.
Step 1: Locate the .env file in your CodeIgniter application root directory.
Step 2: Set the environment variable as follows:
# .env CI_ENVIRONMENT=production
Step 3: Ensure custom error logging is configured to capture errors for debugging purposes without exposing them to end users.
Step 4: Restart your web server or PHP-FPM service to apply the configuration changes.
Verify the change by triggering a test error and confirming that only a generic error page is displayed to users.