Hire Me! I'm currently looking for my next role in developer relations and advocacy. If you've got
an open role and think I'd be a fit, please reach out. You can also find me
on LinkedIn.
I know I've blogged this before, and it's covered in my security checklist, but folks, stop what you are doing and make these changes right now on your production server:
- In the ColdFusion Admin, Debug Settings, turn off Enable Robust Exception Info.
- In the ColdFusion Admin, Settings, set a site-wide error handler. You only need to do this if you didn't bother to use onError or <cferror>. You don't need a pretty page. You can just say 'Error!' and be done. This is still 10x better than exposing an error page to your user.
The above changes will take you - approximately - 2 minutes. So please do this.... now.