Developer mode on production environment

magento.stackexchange https://magento.stackexchange.com//questions/62527

Question

I was recently contacted by a client to evaluate their Magento store. I realized that the store (even though running in production) had developer mode enabled in their index.php file:

if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE'])) { //the variable is set.
    Mage::setIsDeveloperMode(true);
}

They've been running this store in production for over 2 years. I restored the earliest revision of the file which was from 2013-02-09 and it still had developer mode set to true.

After reading this article by Alan Storm: PHP Error Handling and Magento Developer Mode I can't really think of a reason to recommend that the client disabled developer mode.

Are there any detrimental aspects of having it enabled in production?

Alan Storm's wrap-up:

Developer Mode will help you write cleaner code without subjecting your users to awkward PHP errors when something goes wrong

Seems pretty positive for me. As a rule of thumb, I previously just didn't subject production environment to developer mode.

Was it helpful?

Solution

Most developers tend to immediately respond saying it is a bad thing to have developer mode turned on on a production server as if this is a true fact. I think this is different per situation/webshop.

What happens when you turn developer mode on?

  1. mageCoreErrorHandler() will throw all errors instead of logging them
  2. Magento will throw errors in certain situations where it would normally silently ignore this fault and continue
  3. Mage::log() will always write to log even if logging is turned off
  4. Exception printing will display the code trace on screen instead of showing an error report page
  5. Other minor things in ignore skipping module updates, enterprise page cache, ....

Is this bad on a production server?

  1. Your website visitors could end up will all sorts of gibberish which could confuse them and therefor could have a negative impact on your websites conversion
  2. See no. 1
  3. On a production server you would more likely have a lot more page views than on a testing server. This might mean that if you have logging turned on (or developer mode turned on) your logs could be flooded.
  4. This is the one that could be harmful. If your exception traces get printed, then they can contain specific information that can be valuable to people with bad intentions.
  5. ...

On these 5 points, I could say they depend highly on the situation of your live website. What is your audience? Do they get frightened and run away when seeing PHP exceptions and traces? How many page views does your site have? What information could be leaked with dumping backtraces?

When reading all of the above, one could generally say it is not advised to turn on developer mode on a production server "as a rule of thumb" ;).

But is it a 'bad thing' per se? ...

OTHER TIPS

It is too harmful to enable developer mode on a production server because anyone can see your site's errors and system folder path. Lot of system details are printed to the browser screen and that makes it very harmful for your site.

It will be good idea to enable for developer code for specific ips.Just putting condition at index.php

$clientIp = $_SERVER['REMOTE_ADDR'];

if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE']) && ($clientIp == '123.123.123.123')) {
    Mage::setIsDeveloperMode(true);
}

This would enable developer mode only for the IP of a developer.

Disadvantage of enable developer

Customer Traffic: customer become irritate because of site print Error and don't goto not any next page.That make site bounce rate high.

Business: for high bounce rate site Business goes to down.

Site Speed: site become slow for every time log printed on system.log and exception.log.

solution

Solution is stage server.I am suggesting to

1.create: create stage

2.Dev Mode: enable all developer mode on stage system.

  1. Fix Error: Check the errors and will fix the code

  2. Upload Production: then upload fix code to product server.

It is just wrong, all online literature on this topic is on how to edit the index.php file around "if (isset($_SERVER['MAGE_IS_DEVELOPER_MODE']). . ." line, while on the file info Magento recommends: "* Do not edit or add to this file if you wish to upgrade Magento to newer . . ."

The simple answer is that you must set or not the value of $_SERVER['MAGE_IS_DEVELOPER_MODE'] as apache or nginx directive.

For apache add this line on root .htaccess file if you want developer mode: SetEnv MAGE_IS_DEVELOPER_MODE true

For nginx edit this line on nginx.conf if you want developer mode: set $MAGE_MODE default; # or production or developer

(https://github.com/magento/magento2/blob/2.3-develop/nginx.conf.sample)

Root index.php file is a framework core file and must stay untouched.

Licensed under: CC-BY-SA with attribution
Not affiliated with magento.stackexchange
scroll top