I agree about testing everything before, but I do know people who have been "hacked" by files being uploaded and executed on their website. That is one way that bad code can get there. I wouldn't be surprised if people didn't do it on purpose just to get at the information that can be provided by debugging output.
That's why at first I was confused about this. I didn't even think that the original poster wouldn't use the site-wide error handler. I was thinking that his problem was bypassing it. Sorry I misunderstood. -----Original Message----- From: Dave Watts [mailto:[email protected]] Sent: Thursday, December 06, 2012 1:19 PM To: cf-talk Subject: Re: CFERROR Handler > Seems to me if it generates an error which looks like a ColdFusion error then > we should be able to display something > other than that error. That is just a common security practice to NOT have > debug information go out to the public. You can! This is why every application should include multiple levels of error handling. <!--- snip ---> Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353386 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
