ColdFusion Security Reminder - Read me now

I know I've blogged this before, and it's covered in my security checklist, but folks, stop what you are doing and make these changes right now on your production server:

  • In the ColdFusion Admin, Debug Settings, turn off Enable Robust Exception Info.
  • In the ColdFusion Admin, Settings, set a site-wide error handler. You only need to do this if you didn't bother to use onError or <cferror>. You don't need a pretty page. You can just say 'Error!' and be done. This is still 10x better than exposing an error page to your user.

The above changes will take you - approximately - 2 minutes. So please do this.... now.

Raymond Camden's Picture

About Raymond Camden

Raymond is a developer advocate. He focuses on JavaScript, serverless and enterprise cat demos. If you like this article, please consider visiting my Amazon Wishlist or donating via PayPal to show your support. You can even buy me a coffee!

Lafayette, LA