Welcome!

You will be redirected in 30 seconds or close now.

ColdFusion Authors: Yakov Fain, Maureen O'Gara, Nancy Y. Nee, Tad Anderson, Daniel Kaar

Related Topics: ColdFusion

ColdFusion: Article

Toward Better Error Handling

Toward Better Error Handling

We've all seen it: the dreaded "Error Occurred While Processing Request," which is the headline above a normal CF error message. As developers, of course, we relish the detail it offers: the CF error message, the line number and actual line of code in error, the name and path of the template in which it occurred, and so on. But is this the best thing to show our end users?

Probably not. What should they do with that information? Do they care about these details? Could a hacker use them for unintended purposes? And perhaps most important, how do you even know the error has occurred?

Several features - some old, some new in 4.5, but in either case often missed and misunderstood - can dramatically improve error handling in ColdFusion. In this series of articles I'll cover the basic solutions, CFTRY/CFCATCH, CFERROR (three forms of it) and Site Wide Error Handling, which may be new to you.

In this issue, though, we'll focus on some administrator settings that you may not have considered and that may be quite important to any effective error-handling strategy, depending on the other error-handling choices you make. I'll show how you can reduce the level of detail offered in error messages, as well as improve the ease with which errors may be reported to you when they occur. Along the way I'm confident even the most experienced CF coder will learn a thing or two as some aspects of these features are poorly documented and not obvious.

I'll discuss those other error-handling choices (CFTRY/CFCATCH, CFERROR, and Site Wide Error Handling) in forthcoming issues of CFDJ, and at the end I'll offer a clear list of things you should be doing to better handle errors in your applications.

By applying even one of these solutions, with just a few minutes work (or seconds, in some cases) you could dramatically improve not only your end users' experience, but also the security of your site and your awareness of errors that occur in your applications.

That Lovable, If Pesky, Error Message
The standard CF error message is a delight to the CF developer, with all that great detail. And if it's a SQL error, we even see the database error message, the name of the datasource in error and the SQL statement that was attempted. This is just great for debugging. An example is shown in Figure 1.

Clearly, the creators of CF were developers at heart and realized we'd need to see that info to solve problems. Quick Tip: When you get an error, do you jump back into the code and try to find and fix it? Most developers seem to...and fail to take full advantage of the text of the message. In some cases, though (see Figure 1), what's wrong isn't always obvious.

Even then, if you hop back into the code to scroll around looking for the line of code in error, you're missing a useful shortcut. Notice the line number that's offered (line 79 in this example). In Studio, type CTRL-G (or Edit>GoTo Line) to jump to that line of code. It's not a perfect solution, however; if you have any CFINCLUDEs above the line in error, the numbers in the Studio won't be in sync with the one reported in the error.

This detail is great for developers, but when you move your code to a production environment or, more simply, when an end user visits the site, is that error message an appropriate thing to offer them?

Is It the Right Thing for End Users?
There are several problems with letting users see an error message. First, of course, there's the compromise such errors make to your otherwise elegant user interface. How does it look when they go from your site's consistently blue background to the plain white CF error message page? And what are they going to do with this information? And again, how do you know the error has occurred for your users? Do you simply wait for a call and report it? And have you considered the security risks of showing the physical path of your templates and the SQL datasource name and statements of failed queries in this error message to users?

If you're like many CF developers, these are things you probably haven't thought about, or simply didn't know how to solve. As of Release 4.5, there are a host of options you can consider to limit, modify or hide the error message users see. You can even arrange to log the errors in a database and/or send your developers an e-mail indicating that an error has occurred.

But these enhancements generally require programming changes. We want to start off with some quick changes that can be made to assist the user in informing you that an error has occurred, as well as limiting what information is displayed.

Administrator Configuration Changes
In this article we'll consider three changes that can be made in the CF Administrator. They'll have an important impact on the information presented (or hidden) in the traditional CF error message.

Subsequent issues will cover modifying or completely hiding the display of the message as well as logging/e-mailing it to you automatically, with new "error-handling templates."

But even with those in place if you have them (or until we cover them next month), the changes discussed below have benefits. They'll improve both the ease of users reporting an error as well as the security of your site - especially if you won't be implementing error-handling templates.

The issues we'll cover are setting the administrator e-mail, hiding the SQL and datasource name for query errors, and hiding the template path to the template in error. Even if you think you understand these options, there's more to them than is documented. Let's look at them in detail.

Defining the Administrator E-Mail Error-Handling Address
Some experienced developers may be surprised by my pointing this out, but it's one of the simplest improvements you can make, in the right circumstances, and it's easily implemented.

In the CF Administrator there's a place where you can define the administrator e-mail address for the server:

  • Take the "settings" link under the Logging area on the left nav bar.
  • Enter an e-mail address that should receive e-mails sent by users choosing an option that will be presented to them to send such messages.
Entering this address will from then on cause an additional line of display to be shown on the standard CF error page (the traditional unformatted one), at the bottom of the screen:

Please inform the site administrator that this error has occurred (be sure to include the contents of this page in your message to the administrator).

The "site administrator" link will now hold a hyperlink that when clicked will indicate to the browser that a mail message should be created to be sent to the e-mail address specified in that Administrator setting. (If the user's browser and e-mail client are properly configured to respond to such e-mail hyperlinks, the client's e-mail program will launch an e-mail message to the specified address - and the user can choose to fill in the subject and body of the message.)

Of course, we still have to hope they pay attention to the error message that states they should "include the contents of this page" in the message they send. And it's important to note that this doesn't mean that the "administrator e-mail" address will receive notification of every error that occurs - only when end users click the link offered in that message above. That's something we'll enable in the next issue.

Not Enough, But a Good First Step
This still doesn't solve the other problems of the less-than-attractive interface of the error message or getting an automatic notification. But it's a step in the right direction and, unless you're in a shared server environment where no one person is a suitable recipient of all notifications about error messages, it's probably the first thing you ought to do. (Just be sure to change that administrator setting should that person ever change or leave, lest messages be sent to someone who'll never get them.)

It's also useful when you do use site-wide error handling, as it becomes a variable you can refer to in the site-wide error template, covered next month.

Hiding the SQL and Datasource Name, and Template Path
I've already mentioned the potential security risk of showing the end user such details as the path to the template in error and the SQL code and datasource name in failed queries. In the next article I'll show how you can hide the entire error message from the user, so this point about hiding certain details of the message may become moot if you apply the other techniques. But it's important to understand, especially if you're not currently aware of the issue and may not soon implement those other techniques.

The Risk
Let's look closely at the information shown in the normal CF error message, focusing just on the SQL and Datasource name of a failed query, and the path to the template in error (see Figure 1).

Could someone take advantage of knowing your Datasource name (SomeDSN, in the example) and the SQL code of the failed queries? Or the template path (C:\INETPUB\WWWROOT\SOMEDIR\) to the page in error?

Well, perhaps not if they're just a user of your Web site. Of course, if such a user could break in, they could certainly take advantage of the information. But such break-ins are unlikely, or at least well beyond the scope of this article.

But what if you're on a shared Web server with others who aren't related to your application but can also put CF code on the server in other directories? This is certainly an issue in a commercially hosted Web site on a server shared by many users. It's also a possible concern for users on a corporate Web site having multiple unrelated applications. (One solution to this problem is to use CF's Advanced Security, but this isn't a trivial exercise and is beyond the scope of this article.)

As for the SQL and Datasource Name, if someone can place CF code on the same server as you, have you considered the risk to your data if he or she knew the datasource name for your database? What's to stop someone from running a query against your database? If you're not password protecting your database, any CF template that's running on that same CF server can write a query against your datasource. Password protecting the file may be trivial or challenging in your environment, but explaining it is a subject for another article.

There is yet another risk, as described in Allaire Security Bulletins ASB99-04 and ASB99-09. It's possible in some situations (if not otherwise protected using the suggestions in the bulletins) for a Web visitor to append to the end of a URL (in certain rather unusual situations) extra SQL commands to be executed against your database. This isn't really a CF bug but rather a database driver issue.

In both these cases, if someone can see the SQL statements (including table and column names) shown in an error message, that makes it all the easier to take advantage of any security hole or weaknesses in your environment. So let's hide that information.

Hiding the SQL and Datasource Name in Query Errors
The good news is that it's easy to stop that information from showing in the standard error message (or the one available for display as a variable in one of the error-handling template approaches, discussed in the next issue). It's just a simple tick of a checkbox in the CF Administrator.

It may not be so easy to find, however. It's presented along with server-side debugging control options:

  • Take the "debugging" link under the Miscellaneous area on the left nav bar.
  • Make sure "Show SQL and data source name" is unchecked.
Doing this will reduce the amount of detail in the message above by removing the lines:

SQL = "select * from jobs where jobs.companyid = 499 and jobs.composite_ad_yn <> 1 and jobs.jobtitleid = jobtitles.jobtitleid and jobs.cityid = val_cities.cityid order by stateid,city, jobtitle, date_posted desc" Data Source = "SomeDSN"

That's another step in the right direction.
Now you might be worried about the loss of this useful information as a developer, but there's good news.

Interesting Behavior That May Confuse You
The text explaining this option in the Administrator screen suggests that it controls display, not only of the Datasource name but the SQL statement in error as well. You may find, however, that after doing this you'll still see the SQL statement in error. Is the feature broken? Will end users still see the SQL statement in error? That depends.

Although it's not documented anywhere, this option behaves in an interesting way, and it explains why this option is on the debugging options page. A user who can see the server-side debugging information will always see the SQL statement in error, regardless of whether the "show SQL and datasource name" is turned off.

This is a nice feature for developers as it gives them the detail they need. It's likely that you don't show end users the debugging information, so this makes it really safe to turn off the display of the SQL statement. Those who shouldn't see it won't, while those who should, will.

Hiding the Template Path
The security concerns don't stop there. Remember that display in the error message of the physical path to the template in error? That can also be used by hackers, or simply by others not associated with your project but located on the same server. A few tags available in CF, such as CFFILE and CFCONTENT, allow access to any file in the CF server.

The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (26:5) to (26:59).

If someone running code on your server (again, someone who has access to the server or, less likely, someone who's broken in) knows where your code resides, that person can use those tags to grab your source code...or possibly your database.

There are two broader solutions to that problem: one is to restrict access to those tags in the Administrator, which is an option under "Basic Security." Or you can configure Advanced Security, mentioned previously, to protect directories from access by other developers on the same server.

Beyond those security approaches, you can also lessen the risk caused by error messages showing the template path by simply preventing its display in the standard CF error message. Like the "SQL and Datasource Name" option, it too is embedded, curiously, among the server-side debugging control options:

  • Take the "debugging" link under the Miscellaneous area on the left nav bar.
  • Make sure "Display the template path in error messages" is unchecked.
Doing this, along with the SQL and Datasource Name option, will reduce the message detail by changing the last line in the message to:

The specific sequence of files included or processed is:
C:\inetpub\wwwroot\somedir\sometemplate.cfm

Additional Observations
Sadly, this option doesn't respond the way the SQL and Datasource Name option does: even if you're authorized to see server-side debugging information, once this option is turned on, the template name and path will no longer be displayed in error messages. This will make it a little harder for a developer to determine a template in error.

If you have development and production environments, it's certainly worth considering whether you really want to use this option to hide the template path in the development environment.

Some errors (unless otherwise handled by error-handling strategies to be discussed in the next issue) will still show the template path anyway. Compilation errors are an example. Consider this example: turn off the display of the template path and run a template with the code:

Cfif></cfif>

This compilation error will display the complete path in the error message, after the details about the compilation error itself, as in:

This doesn't happen in all classes of errors, but it's something to keep in mind.

Conclusion
We've covered a lot of ground, and hopefully you've learned some things about configuring the Administrator to improve error handling.

Next month I'll explain further the opportunity to have even greater control over the display of errors, or hide them entirely and simply e-mail them automatically to a support person with no interaction by the user, or perhaps even log them to a database. I'll provide two of the three alternatives: Site Wide Error Handling (new to 4.5) and application-level error handling (which has changed significantly in 4.5). In the final part I'll cover CFTRY and CFCATCH, which offer even finer levels of control over error handling within your code.

As for the recommendations to take from this article, consider the following as a summary of the Administrator changes available to you:

  • Set the Administrator e-mail address (if you're on a server where all the applications are related and one person is appropriately ready to handle all such messages).
  • Turn off the display of the Datasource Name and SQL for queries in error, and the template path to the template in error, in anything other than a pure testing/development environment.
As for some of the security best practices we alluded to:
  • Password protect your databases (even in Access) so users running code on a shared server with you need more than just the datasource name and knowledge of your tables and column names to access your data.
  • Read the two Allaire security bulletins about further protecting your data from end users who might be able to take advantage of certain security issues in some database drivers and with some templates.
  • Consider the "Tag Restriction" options in the Administrator to further prevent the likelihood of abuse among unrelated developers on a shared server.
  • Set the Administrator debugging options to prevent server-side debug information from showing to your users, which allows the hide "SQL and Datasource Name" option described above to indeed hide the SQL in error.
For all these options, see the Allaire documentation for more information. All the administrator configuration options presented in this article are discussed in the manual Administering ColdFusion Server.

More Stories By Charlie Arehart

A veteran ColdFusion developer since 1997, Charlie Arehart is a long-time contributor to the community and a recognized Adobe Community Expert. He's a certified Advanced CF Developer and Instructor for CF 4/5/6/7 and served as tech editor of CFDJ until 2003. Now an independent contractor (carehart.org) living in Alpharetta, GA, Charlie provides high-level troubleshooting/tuning assistance and training/mentoring for CF teams. He helps run the Online ColdFusion Meetup (coldfusionmeetup.com, an online CF user group), is a contributor to the CF8 WACK books by Ben Forta, and is frequently invited to speak at developer conferences and user groups worldwide.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, demonstrated how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, and physical persons. In the IoT vision, every new "thing" - sensor, actuator, data source, data con...
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo – to be held June 9-11, 2015, at the Javits Center in New York City, NY – is now accepting Hackathon proposals. Hackathon sponsorship benefits include general brand exposure and increasing engagement with the developer ecosystem. At Cloud Expo 2014 Silicon Valley, IBM held the Bluemix Developer Playground on November 5 and ElasticBox held the DevOps Hackathon on November 6. Both events took place on the expo floor. The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of...
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will want to use their existing identities, but these will have credentials already that are (hopefully) i...
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big Data and deployments are processing massive data volumes from wearables, utilities and other machines...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
The Internet of Things will put IT to its ultimate test by creating infinite new opportunities to digitize products and services, generate and analyze new data to improve customer satisfaction, and discover new ways to gain a competitive advantage across nearly every industry. In order to help corporate business units to capitalize on the rapidly evolving IoT opportunities, IT must stand up to a new set of challenges. In his session at @ThingsExpo, Jeff Kaplan, Managing Director of THINKstrategies, will examine why IT must finally fulfill its role in support of its SBUs or face a new round of...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
"There is a natural synchronization between the business models, the IoT is there to support ,” explained Brendan O'Brien, Co-founder and Chief Architect of Aria Systems, in this SYS-CON.tv interview at the 15th International Cloud Expo®, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from hardware to software, or as we like to say, it’s an Internet of many different things. The difference ...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics is e...
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it's a mix of architectural styles ...
SYS-CON Events announced today that Gridstore™, the leader in hyper-converged infrastructure purpose-built to optimize Microsoft workloads, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Gridstore™ is the leader in hyper-converged infrastructure purpose-built for Microsoft workloads and designed to accelerate applications in virtualized environments. Gridstore’s hyper-converged infrastructure is the industry’s first all flash version of HyperConverged Appliances that include both compute and storag...
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of t...
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
P2P RTC will impact the landscape of communications, shifting from traditional telephony style communications models to OTT (Over-The-Top) cloud assisted & PaaS (Platform as a Service) communication services. The P2P shift will impact many areas of our lives, from mobile communication, human interactive web services, RTC and telephony infrastructure, user federation, security and privacy implications, business costs, and scalability. In his session at @ThingsExpo, Robin Raymond, Chief Architect at Hookflash, will walk through the shifting landscape of traditional telephone and voice services ...