Donnerstag, 23.01.2020 - 21:14
Information disclosure in error messages not a weakness
Drupal core provides a feature to show error messages to site visitors. By default this feature is enabled which is very helpful while building a site because the visitor can quickly see the error messages.
Once a site has entered "production" mode this feature should be disabled to avoid information disclosure such as the full filesystem path on the server or the structure of tables in a SQL error message.
Disabling display of error messages in Drupal 7
As an administrator, navigate to Home » Administration » Configuration » Development » Logging and errors. Set the "Error messages to display" option to "None."