Hi,
We have a huge web application with a few 100s of source code files (some huge), lots of modules, templating, etc. So we need to profile it to see how things can be sped up. Going with xdebug, I've got it running on Windows and Linux (XAMPP) for debugging and profiling and it works well.
Now I want to know:
1.
Is it a huge security risk to have xdebug installed for a day or two on the production server for debugging and profiling?
2.
Is it necessary to do an EasyApache rebuild to enable / disable the xdebug extension?
That is, can it not be simply installed once and then enabled disabled using only php.ini edit+restart ?
3.
I've used the Easy Xdebug Firefox extension. It initiates profiling from the browser add-on.
So, can any user who has the Firefox Xdebug extension installed, connect to an xdebug-enabled production web app and grab any data from it?
Thanks in advance.
Regards,
Dave.
We have a huge web application with a few 100s of source code files (some huge), lots of modules, templating, etc. So we need to profile it to see how things can be sped up. Going with xdebug, I've got it running on Windows and Linux (XAMPP) for debugging and profiling and it works well.
Now I want to know:
1.
Is it a huge security risk to have xdebug installed for a day or two on the production server for debugging and profiling?
2.
Is it necessary to do an EasyApache rebuild to enable / disable the xdebug extension?
That is, can it not be simply installed once and then enabled disabled using only php.ini edit+restart ?
3.
I've used the Easy Xdebug Firefox extension. It initiates profiling from the browser add-on.
So, can any user who has the Firefox Xdebug extension installed, connect to an xdebug-enabled production web app and grab any data from it?
Thanks in advance.
Regards,
Dave.