Magento Commerce: Fixing “Exception printing is disabled by default for security reasons”

Whenever Magento 1.4.0.1 encounters an error condition you’re likely to see the message

Unlike previous versions of Magento where it used to dump out the error report for the world to see, 1.4.0.1 now keeps the data private and accessible only for the administrators and instead we get “Exception printing is disabled by default for security reasons”.  This is because there’s information in the error reports which hackers may find useful, so it’s great to see Magento improving security.  This change in behaviour came in with 1.4.0.1 as is documented in the Release Notes:

Release Notes – Magento 1.4.0.1 stable (February 19, 2010)

Changes

• The error report exception printing is disabled by default for security reasons. To print the error report, copy the errors/local.xml.sample to errors/local.xml

Varien appear to have gone a bit too far down the security road and disabled notifications when an error occurs.  It would have been better to have notifications enabled and used the admin email address configured in the admin area.  Better yet, add these options to the System -> Configuration -> Admin area of the backoffice.  Perhaps this will come in future releases.

It is very important for store owners and administrators to be made aware of any issues within the store.  If you check for error report directory on a regular basis you’ll probably pick these up, if not, you have no idea customers are unable to use certain areas of your site.  This leads to lost customers, lost repeat visitors, and lost money.  The ideal scenario is to have the error report emailed to the administrator but not display the error contents to a customer.  To do that we need to follow the instruction in the Release Notes and edit the configuration file.

Step 1

Rename or copy the sample configuration file errors/local/xml/sample to errors/local.xml within your Magento installation directory