CakePHP's debug mode is useful during development and debugging, but could expose sensitive information to attackers such as request parameters, passwords, tokens or headers and should not be included in production code. Only the value "0" or "false" for CakePHP 3.x is suitable (production mode) to not leak sensitive data on the logs.
CakePHP 1.x, 2.x:
Configure::write('debug', 1); // Noncompliant; development mode
or
Configure::write('debug', 2); // Noncompliant; development mode
or
Configure::write('debug', 3); // Noncompliant; development mode
CakePHP 3.0:
use Cake\Core\Configure;
Configure::config('debug', true);
CakePHP 1.2:
Configure::write('debug', 0); // Compliant; this is the production mode
CakePHP 3.0:
use Cake\Core\Configure;
Configure::config('debug', false);