We are using ColdFusion 2018 on Windows Server 2016. I would like to know error handling can be done in ColdFusion. On the server we get a detailed error messages a lot of which is technical. I would like to capture parts of this message and display it to the end users who access the application through a URL in a user friendly manner. Any suggestions on how this can be done ?
Not to be alarmist, but this should _NOT_ be done. Hackers and script-kiddies use that information to get information on your setup that can be used in future attacks.
You want a generic "There's been an error.. administration has been notified" message on the screen, while sending all the technical details via email to the dev team.
The most common method is to use CFTRY/CFCATCH and have the catch send #cfcatch# in the email to the dev team.
^ _ ^
Thanks for your response, I agree with you but I would just like some friendly message to the end user also which indicates something like "Invalid USername/password" or if some application logic is not correct then a brief message customised user friendly message without exposing any information like Servername , session id etc.
I think this should be possible. My question is do I have to go line by line through the application and identify or is there a setting somewhere in the cold fusion administrator ? Modifying the whole application will be lengthy and time consuming, what do you suggest ? Thanks
Ah, well, something like incorrect username/pw is something completely different. That's not necessarily an error as much as mismatched information. For something like that, you'd use a simple conditional like an if/else or switch/case.
Assuming the login query is called "userLogin" and returns a count of users that matches the username/pw. Something like
SELECT count(username) as usercount FROM userTable WHERE username = #username# and password = #password#
<!--- success login code here --->
<!--- returns either 0 or more than 1 code here --->
^ _ ^
Thanks but for other application related errors do I use a try catch across all the pages.
In those situations, you don't want the user to see precisely what happened. That's the kind where the generic should be it.
However, based upon what information is in the cfcatch you can dump it to see the information of specific error messages and create a switch/case based upon what is contained in the message and show something generically specific (oxymoron?) to the user, I suppose.
^ _ ^
Expanding on Wolf's answer, it sounds like you're unaware that beyond his try/catch proposal (suited for surrounding code you fear could fail), there are also SEVERAL ways to put in place error handling to capture ANY error that MIGHT happen.
You can do it in a page with cferror (old school), and if an error happens, that page can do whatever you want (show a friendly page, send an email, log the error to a log or database, etc.), using details in the error scope.
And/or you can implement error handling at the application-level, either with that same old-school cferror (in an application.cfm), or in an onerror method of an application.cfc (and again that onerror method could do whatever you wanted)
Finally, you can also implement error handling at the server level, with a CF Admin "sitewide error handler", which again would be like code in the error.cfm.
And note that each level is overridden by the one below it (server, then app, then cferror, then cftry), and each serves to help when the other doesn't exist (in the other direction).
This is documented https://helpx.adobe.com/coldfusion/developing-applications/developing-cfml-applications/handling-err.... Sadly, there should be more pages to follow, but the new Adobe doc system doesn't show links forward and back in the docs. But most of the links offered will take you to whatever approach you want. Or google searching will get you there.
FWIW, I did a 4-part series of articles on error handling (those various levels) in 2000 in the CFDJ magazine. I still link to them online, starting at https://www.carehart.org/articles/#2000_10. The only change since then really is application.cfc and its onerror method. But much of what I say may benefit you to get started with the concept of error handling, yes, even 19 years later. 🙂
Let us know how it goes and if there are more questions.
Thanks All , for your replies everyone, I have added a Site-wide Error Handler in the CF Administator on the server side , I noticed that this was missing, will do some testing with the end user to see if this works as per their expectations if not I will have to go down to the other levels as Charlie suggests "And note that each level is overridden by the one below it (server, then app, then cferror, then cftry), and each serves to help when the other doesn't exist (in the other direction)."
I am trying as much as possible to avoid a lot of modifications in a lot of application files since that could mean a lot of work. But if a user suggests something more specific on a page, I will the cferror or cftry exception handlers.