If debugging is not enabled, then its not enabled. Even if there are no IP address listed. Point being, just because ur not displaying debugging info, doesnt mean CF isnt tracking debugging info.
Eh? That's not what he wrote though. He's suggesting by that sentence that if debugging *is* enabled and there are *no* IP addresses listed, then debugging would *not* be returned. That's simply not true.
Hey while were on the topic. What type of overhead does the Robust Exception Information have? Should this be disabled in production as well?
Well, regarding overhead, since exceptions are much fewer and far between in your code (hopefully!), I doubt that it makes much difference since this service would only be utilized if an exception is thrown. However, from a security standpoint, unless you can guarantee that the user will never ever never see a "raw" CF error screen (i.e., a completely unhandled exception/error), I'd either disable it or tighten the error handling in the application. The robust info displays stuff like file system paths, which I certainly wouldn't want to divulge.
Regards, Dave.
_________________________________________________________________
Get business advice and resources to improve your work life, from bCentral. http://special.msn.com/bcentral/loudclear.armx
----------------------------------------------------------
You are subscribed to cfcdev. To unsubscribe, send an email
to [EMAIL PROTECTED] with the words 'unsubscribe cfcdev' in the message of the email.
CFCDev is run by CFCZone (www.cfczone.org) and supported by Mindtool, Corporation (www.mindtool.com).
An archive of the CFCDev list is available at www.mail-archive.com/[EMAIL PROTECTED]
