> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > S.Isaac Dealey wrote:
>>>You should really only have robust exception >>>information on on a development server. >> >> I think you might be thinking about debugging. > Nope, I was thinking about robust exception information: > sure, it might > be security through obscurity, but there's no sense in > revealing the > internal workings of your program and its code (which REI > does) on a > production server. If you need to be informed on > exceptions on > production servers, that's what error handlers are for. > And of course you wouldn't have debugging on. Umm... no... Enabling robust exception information only reveals squat if you don't use a cferror or sitewide error handler to handle the error. When you have an error handler in place, having REI enabled provides the error handler with extra information which is often helpful in debugging the errors that are trapped. To say that REI is a security risk is misattributing the threat. The risk is in not trapping the errors in the first place -- whether or not the information available to the error handler is robust is moot. s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207385 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
