> What Isaac just said :-) Did I say something? :)
> I'd have to shut it off to find out for sure, but I'm > pretty sure the REI setting, if off, also restricts > the information that my error handler delivers. > Isaac mentioned the stack trace and I believe this > also includes error.tagcontext I think the stack trace is always returned, but it's not always as easy to read or as useful as the tagcontext (which is only returned with REI). Of course, even having the tagcontext is no guarantee it will tell you where the error actually occurred (and what else was going on at the time) since iirc java nullpointer exceptions don't include any tagcontext info and don't return anything useful in the stack trace either ... not to mention the likelyhood of the error not being raised as soon as a problem occurs (since the server doesn't know that you intended x to be a non-zero value) and then you get the error from another location (divide by zero). > (but maybe not... again I'd have to try it to be sure). > That struct nails down the error location precisely. Array of structs actually... :P Just to be nit-picky. :) > Otherwise you'll get an error on line 5 of foo.cfm when > in fact it was Line 5 of a custom tag, bar.cfm, which > was called by foo.cfm. > I always have a site-wide error handler backing up my > in-application error handling so nobody ever... ever > sees a raw CF error onscreen. Thats the real message > here: Always always use error handling. I wouldn't leave REI on a production server if I knew that the code unavoidably produced a lot of exceptions during normal operation, except perhaps for a brief period in order to stem the tide of user-complaints from a disastrous application with lots of production bugs. I'd accept the performance hit to turn it on for a day or so at a time in order to help debug and fix the application and then when the application was reasonably stable I'd turn it off again. If the code doesn't produce lots of exceptions during normal operation I don't see a real issue. That being said, I agree the cferror template or sitewide error handler is the most important part of the equation and should be implemented for security purposes irrespective of REI. s. isaac dealey 954.522.6080 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.fusiontap.com http://coldfusion.sys-con.com/author/4806Dealey.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207395 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
