How to Disable Robust Exception Information on Railo

May 13, 2010
coldfusion

As you know one of the first things you should do on a production ColdFusion server is disable robust exception information (this includes things like source code, and file path disclosures in error messages), in the ColdFusion Administrator. This information is great for developers debugging problems, but it's also great info for hackers.

If you are using Railo, it too outputs this information in error messages by default. You can disable server wide by going into the Railo Server Administrator /railo-context/admin/server.cfm. Click on the Error link under Setttings. Change General Error Template (500) from error.cfm to error-public.cfm, also change Missing Template Error (404) from error.cfm to error-public.cfm.

Your pages will now output a message in red:

We're sorry - An Error Occurred

Now that you know how to change the default, you might want to create a custom global 500 and 404 handler cfm file.


| Add Comment | Tags: , ,

You might also like:

This entry was:

Comments

It's harder to turn it ON in such a fashion that you get a good debug info a la CF8. I still cannot for the life of me get URL, FORM and Attributes variables in the debug info. What am I not seeing?
by Sebastiaan on 05/17/2010 at 8:12:18 AM UTC


foundeo





Archives:
2019 2018 2017 2016

2015 2014 2013 2012

2011 2010 2009 2008

2007 2006 2005 2004

2003 2002