Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

Does “Robust Exception Information” need to be disabled for cferror to work?

Hello all,

I am working on some old Coldfusion sites using the cferror tag in an Application.cfm to redirect errors (exception and request types). The strange thing is, the sites are hosted on two different shared hosts, one of the shared hosts has "Robust Exception Information" enabled and the other disabled. The cferror tag redirects errors properly when the site is hosted on the host with robust info disabled, but not when its enabled....does having robust information enabled somehow cause cferror to be ignored, or is something stranger going on? Thanks!
0
andrewaiello
Asked:
andrewaiello
  • 7
  • 6
  • 3
  • +2
2 Solutions
 
cfEngineersCommented:
It sounds like something stranger is going on.
0
 
SidFishesCommented:
REH should only ever be used on a dev server; -never- on a production server.

The kind of info it displays can be highly sensitive

    Path and URL of the page that caused the error
    Line number and short snippet of the code where the error was identified
    Any SQL statement and data source
    Java stack trace

(from docs)

cfE is correct - there must be something else going on.


0
 
andrewaielloAuthor Commented:
Hi again Sid;

     Yes I am aware of this; but these are not my servers and I'm not in control of the settings.  This is one of the reasons I was at least trying to "cover" this with a cferror, but like I said it doesn't seem to work if REH is enabled.  I can sort of see the logic to this, as in if you are interested in seeing errors (the reason for enabling REH) cferror would get in the way of that...but yet I can't find any documentation of this relationship (REH enabled = cferror ignored); I would just like to know if this is in fact the reason.
0
Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

 
Gurpreet Singh RandhawaWeb DeveloperCommented:
do one thing just in your application.cfm file

Add the following

<cfsetting showDebugOutput = "No">  -  try it, not sure it will work or not

may be not but give it a try


0
 
_agx_Commented:
I agree w/SidFishes and cfEngineers. The problem is something else.  Robust error handling just controls how much info is displayed on the page.  Cferror works fine on my dev machine with or w/o robust error handling enabled.
0
 
cfEngineersCommented:
Try a simple error.cfm page with just <cfoutput>#Now()#</cfoutput>

Perhaps there is an error on your error handler page?
0
 
andrewaielloAuthor Commented:
@aqx
Okay so it is not some kind of rule then; thanks.

@cfEngineers
The problem is that the redirection does not even happen.  So if on a sample page I purposely do something to throw an error (leaving out  # or something), it shows me the error and stays on that page (rather than redirecting as it should with cferror).  
0
 
_agx_Commented:
Wait a sec .. what types of errors are we talking about here? Leaving out a # would create a compile error. IIRC cferror doesn't handle those. It's intended to catch unexpected runtime errors on prod.  Compile errors shouldn't ever make it to a prod site. They should be caught in dev/test.
0
 
andrewaielloAuthor Commented:
This doesn't make sense to me; because as I said I have the same test folder on two different services (application.cfm file with cferror check in it, page to be redirected two, and a page with an error in it); on one server it just shows the error, and on the other server it redirects to the cferror page.
0
 
andrewaielloAuthor Commented:
I meant to say two different servers, not services.  Also, when I fix my test error, the page works normally on both servers.  
0
 
_agx_Commented:
This doesn't make sense to me

cferror catching a compile error doesn't make sense at all.  With compile errors the cfm page doesn't even execute. You don't get that far. Try it and see for yourself.

Though you haven't confirmed if that's even what we're talking about here ;-)  Can you post your Application.cfm / cferror template and an example of the error you're referring to?
0
 
_agx_Commented:
Are you sure you're not talking about a site wide error handler?
0
 
SidFishesCommented:
"(exception and request types). "

hmmm a redirect shouldn't work at all in a request cferror


Exception
Dynamically invoked by the CFML language processor when it detects an unhandled exception condition.
Uses the full range of CFML tags. Error variables must be in cfoutput tags.
Can handle specific exception types or display general information for exceptions.

Request
Includes the error variables described in the Error variables section.
Cannot include CFML tags, but you can display values of the error variables by enclosing them in number signs (#), as in #error.MailTo#.

Maybe that's the problem?
0
 
_agx_Commented:
Hm.. not sure if he really meant a literal redirect or what type of error.  I'm wondering if maybe it's a site wide error handler ...?



http://www.coldfusionjedi.com/index.cfm/2008/2/18/Ask-a-Jedi-Why-isnt-my-cferror-working
What you have is a compiler error, or a syntax error. Consider the normal CF execution process. You request index.cfm. CF takes your ColdFusion and compiles it into Java. In your case, you have a syntax error. CF can't run your code at all - therefore - error handling can't handle it at all.
0
 
SidFishesCommented:
thought about that as well and you're right a compiler error won't be caught by cferror. It's not meant to handle bad code.

fwiw cf process errors in the following order, stopping with first handler that meets the criteria

The code with the error is inside a cftry tag and the exception type is specified in a cfcatch tag.
The ColdFusion application has an Application.cfc with an onError method
A cferror tag specifies an exception error handler for the exception type.
The Administrator Settings Site-wide Error Handler field specifies an error handler page.
A cferror tag specifies a Request error handler.
The default case.

and now that I look at that again, if there is a request error and site wide error handling is turned on, the site wide handler will take effect before the request cferror handler...
0
 
_agx_Commented:
> ... the site wide handler will take effect before the request cferror handler...

Yeah and that's the only case I can think of that would kick in for a compile error, since cferror definitely wouldn't.
0
 
andrewaielloAuthor Commented:
Wow, lots of comments here ;)  To avoid confusion as far as error types; can one of you post a short snippet of code here that definitely should produce an error cferror ought to catch, and then I'll implement that on both my servers to avoid all ambiguity in further discussion; thanks!
0
 
andrewaielloAuthor Commented:
Actually, you know what; you guys are right.  Cferror does work properly for handling errors that are not compiler errors, my bad...and thanks!
0
 
_agx_Commented:
an error cferror ought to catch

Just to complete the thread for the archives ... ;-)  

<!--- divide by 0 runtime error *will* be caught by cferror --->
<cfset a = 5 / 0 >

<!--- compile error that will *not* be caught by cferror: missing # sign --->
<cfset a = "5">
<cfset b = #a + 6>

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 6
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now