How to enable the robust debug info on your ColdFusion web application

WWW is made by several moving parts: server infrastructure, operating systems, connection type, programming languages and so on.

With regards of the programming languages, it is inevitable talking about the HTML, which in any case is the "definitive" language that allows a web page to be laid out.

When it comes to HTML, this can be either pre-saved as a static file, or built on the fly thanks to server-side languages, that given a set of instructions interprets and return the final HTML to the client. Coldfusion is one of these languages, which when used can be prone to errors. The problem is that sometimes errors are not easy to spot, and even when online the issue can be well hidden. And the only way to discover these bugs is testing and of course having a decent response from the server, which may help the developer to discover the cause of the malfunctioning.

My friend Merlinox found an undocumented way to allow ColdFusion returning all the exceptions information.

A powerful language with the broken legs

With this regard, Coldfusion is a very powerful web language, as among the other thing it allows programmers to have a very detailed number of debugging information (server variables statuses, client variable statuses, stack trace etc.).

As these details are too many, it is likely on a shared enviroment hosting providers to lock what is known as the "robust debug".

So the point is, how we can do to obtain essential debug info we need to fix the bug in the ColdFusion application in this scenario?

Enable a robust exception information on ColdFusion

To enable robust exception information in the scenario above, we can go back in time and use  an old trick to be sent via email.

A couple of lines is all you need.

Let's start with the Application.cfm file, by adding the following:

<cferror template="error.cfm" type="EXCEPTION"></cferror>

The next step is to add whatever information you need in the "error.cfm" file. It would probably be more important to send the full "error" variable structure that contains all the information you need.

To achieve this, the following lines are required:

<cfdump var="#error#"></cfdump> <cfdump var="#form#"></cfdump> <cfdump var="#url#"></cfdump> <cfdump var="#session#"></cfdump> <cfdump var="#cgi#"></cfdump>

A bit of security is required indeed

It's not good practice publishing the full error stack to everyone. Therefore, it is recommended to include the cferror tag between a decisional pattern.

For example, if you work on a computer with a dedicated connection and a static IP address, you can limit the send only if you are the developer and you are working on a specific computer. That's the preferable method, and if you like it, what you need to do is surrounding the code aforementioned with the following lines:

<cfif cgi.remoteaddr="" is=""></cfif> <cferror template="errorEmail.cfm" type="EXCEPTION"></cferror>

 Leave a Comment