By default, all exceptions thrown in your attached classes or functions will be caught and returned as AMF ErrorMessages. However, the content of these ErrorMessage objects will vary based on whether or not the server is in "production" mode (the default state).
When in production mode, only the exception code will be returned. If you disable production mode -- something that should be done for testing only -- most exception details will be returned: the exception message, line, and backtrace will all be attached.
To disable production mode, do the following:
To re-enable it, pass a
TRUE boolean value instead:
Disable production mode sparingly!
We recommend disabling production mode only when in development. Exception messages and backtraces can contain sensitive system information that you may not wish for outside parties to access. Even though AMF is a binary format, the specification is now open, meaning anybody can potentially deserialize the payload.
One area to be especially careful with is PHP errors themselves. When the display_errors INI directive is enabled, any PHP errors for the current error reporting level are rendered directly in the output -- potentially disrupting the AMF response payload. We suggest turning off the display_errors directive in production to prevent such problems