Re: [ACFUG Discuss] error handling
Shawn, Totally agreed, couldn't have said it better myself. Dusty, please don't present the exception in a HTML comment, anyone who is looking for it will find it and may use it against you. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -- Theodore Roosevelt On May 29, 2008, at 6:22 AM, shawn gorrell wrote: Dusty, I have some code that I'll send you off-list of example cferror and onError implementations with notification. You have to be very careful with it, because you don't want it to become a potential denial of service vector. My samples include notification throttles that will shut off at a preset number of notifications and can be reset by a command. Something to keep in mind though is that cferror and the sitewide error template are NOT an exception handling strategy, they are just last lines of defense. If you do your exception handling in a correct and layered fashion, those last lines of defense will almost never get used. If a sitewide error template or cferror routinely get called, you have systemic problems in your application that should be remediated. But that said, you should still implement those and NEVER present an end user with a naked CF error. Not because they are ugly, but because they can expose information that is a security threat. - Original Message From: Dusty Hale [EMAIL PROTECTED] To: discussion@acfug.org Sent: Wednesday, May 28, 2008 9:18:00 PM Subject: [ACFUG Discuss] error handling I was wondering if anyone wanted to discuss best approaches to error handling for cf sites. I want to implement some very basic error handling for one of my sites. Basically I just don't want the ugly cf errors to display for users of the site. I would also like to be notified via email when an error happens and better yet get the error information. Is the best approach still the cferror tag? Is there a newer or better approach or best practice? Anyone got some code they could share? Dusty - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] error handling
Dusty, I have some code that I'll send you off-list of example cferror and onError implementations with notification. You have to be very careful with it, because you don't want it to become a potential denial of service vector. My samples include notification throttles that will shut off at a preset number of notifications and can be reset by a command. Something to keep in mind though is that cferror and the sitewide error template are NOT an exception handling strategy, they are just last lines of defense. If you do your exception handling in a correct and layered fashion, those last lines of defense will almost never get used. If a sitewide error template or cferror routinely get called, you have systemic problems in your application that should be remediated. But that said, you should still implement those and NEVER present an end user with a naked CF error. Not because they are ugly, but because they can expose information that is a security threat. - Original Message From: Dusty Hale [EMAIL PROTECTED] To: discussion@acfug.org Sent: Wednesday, May 28, 2008 9:18:00 PM Subject: [ACFUG Discuss] error handling I was wondering if anyone wanted to discuss best approaches to error handling for cf sites. I want to implement some very basic error handling for one of my sites. Basically I just don't want the ugly cf errors to display for users of the site. I would also like to be notified via email when an error happens and better yet get the error information. Is the best approach still the cferror tag? Is there a newer or better approach or best practice? Anyone got some code they could share? Dusty - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] error handling
Dusty, Something I neglected to mention is that a layered exception handling strategy will be greatly improved with giving the same level of consideration to logging. For example, I tend to log very verbosely for unattended things like scheduled tasks or gateways (things that run in a non-interactive manner). For each run I'll do opening and closing loglines with log statements for pretty much every successful and unsuccessful operation in the run. That way I have an entire trace of what happened in the event that something goes wrong, and they are easy to identify in the log files. And I always have one or more logs for every application. My preference is to not allow things to dump into the default application log, particularly in a multi-hosted setup. I don't want to dig through crap from other applications to find out what I need to know, I'd like to have it in one place. Sometimes I'll go so far as to have specific logs for different sets of functionality within the same application, but it depends on the size complexity of the app. I just use CFLOG and let CF manage the size limits and archiving. No sense reinventing the wheel. If you get inspired about logging and exception handling, let me know. I've got some very useful logging abstractions in Tardis that you can use for doing error notification to a logging and notification *mothership*. The idea is to implement a system that support developers can subscribe to an application and get notifications when an application throws an error of a pre-defined severity. Then they would take ownership of the error and be responsible for remediation. The mothership idea is still in my head at this point, but the abstractions are already there in Tardis to use and go down that road. S - Original Message From: Dean H. Saxe [EMAIL PROTECTED] To: discussion@acfug.org Sent: Thursday, May 29, 2008 6:36:06 AM Subject: Re: [ACFUG Discuss] error handling Shawn, Totally agreed, couldn't have said it better myself. Dusty, please don't present the exception in a HTML comment, anyone who is looking for it will find it and may use it against you. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. -- Theodore Roosevelt On May 29, 2008, at 6:22 AM, shawn gorrell wrote: Dusty, I have some code that I'll send you off-list of example cferror and onError implementations with notification. You have to be very careful with it, because you don't want it to become a potential denial of service vector. My samples include notification throttles that will shut off at a preset number of notifications and can be reset by a command. Something to keep in mind though is that cferror and the sitewide error template are NOT an exception handling strategy, they are just last lines of defense. If you do your exception handling in a correct and layered fashion, those last lines of defense will almost never get used. If a sitewide error template or cferror routinely get called, you have systemic problems in your application that should be remediated. But that said, you should still implement those and NEVER present an end user with a naked CF error. Not because they are ugly, but because they can expose information that is a security threat. - Original Message From: Dusty Hale [EMAIL PROTECTED] To: discussion@acfug.org Sent: Wednesday, May 28, 2008 9:18:00 PM Subject: [ACFUG Discuss] error handling I was wondering if anyone wanted to discuss best approaches to error handling for cf sites. I want to implement some very basic error handling for one of my sites. Basically I just don't want the ugly cf errors to display for users of the site. I would also like to be notified via email when an error happens and better yet get the error information. Is the best approach still the cferror tag? Is there a newer or better approach or best practice? Anyone got some code they could share? Dusty - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
RE: [ACFUG Discuss] Multiple Application.CFC files
Thanks Dusty and Doug for your thoughts last week. Also, I wanted to report back on what I ended up with as I think it's working really well now. What I ended up with is: /webroot/ Application.cfc accessibleStuff.cfm /secure/ Application.cfc stuffThatRequiresLogin.cfm I think I needed to stop and restart the server when I wrote the previous message, because this is working and making sense now. I added one thing to the onSessionStart method of the webroot/Application.cfc: SESSION.isLoggedIn = False This, of course initializes the isLoggedIn value when the session first starts. I have other stuff that runs in webroot/Application.cfc methods/events, and I didn't want to mess that up or complicate it. So, I added another Application.cfc in webroot/secure/Application.cfc. The second Application.cfc was setup to extend the one in the webroot. Just add extends=Application (where Application includes the full path to the CFC) as a parameter in the cfcomponent tag. Then add an onRequestStart method the the second Application.cfc which overrides the method in webroot/Application.cfc. And in that method, all I do is: cfif SESSION.isLoggedIn EQ False cflocation url=../login.cfm /cfif So any request for a page in my /secure/ directory gets automatically checked to see if the user is logged in, and if not, they get redirected. The login.cfm page is up a level from the /secure/ directory, so it doesn't get checked for login or redirected. A lot of you may know how to do all this, but I have been very pleased with how clean and straightforward it is. So, just in case, I wanted to tell everyone. Thanks again for the help! Clarke _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas Knudsen Sent: Saturday, May 24, 2008 1:07 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Multiple Application.CFC files Clarke, yup, should be able to just extend the root Application.cfc with the one(s) below to get all that 'inheritance' goodness. One thing though is a little issue with CF in this regard. You can't extend the root Applicaiton.cfc do to some pathing thing. To get around this though you can create a proxy. You can read all about it on that CF super hero's blog http://corfield.org/blog/index.cfm/do/blog.entry/entry/Extending_Your_Root_A pplicationcfc Also, Ray Camden has a great write up using this Application.cfc animal http://www.coldfusionjedi.com/index.cfm/2007/11/9/Applicationcfc-Methods-and -Example-Uses DK On Fri, May 23, 2008 at 6:53 PM, Clarke Bishop [EMAIL PROTECTED] wrote: In my webroot, I am trying to setup a secure directory where a login is required. I got some good ideas the other day from Doug, but I'm still having trouble. Here's what I'm trying to do /webroot/ accessibleStuff.cfm /secure/ stuffThatRequiresLogin.cfm So, anything in the secure directory requires a login. Now, I've got an Application.cfc in my webroot. All, I have to do, is put another Application.cfc in the secure directory and check for login. Problem 1. CF only processes one Application.cfc. So, when I add the second Application.cfc, all my session initialization, error handling, etc. in webroot.Application doesn't run. I think the answer to this is to make the second Application.cfc extend webroot.Application, but maybe there's a better way. Problem 2. When I did have the second Application.cfc extend webroot.Application, cfm pages in the secure directory don't fire the OnSessionStart event located in webroot.Application. My plan was to test the value of SESSION.IsLoggedIn, but it's failing because IsLoggedIn did not get initialized by OnSessionStart. What am I missing? Is there a better way to do this? Thanks, Clarke - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -- Douglas Knudsen http://www.cubicleman.com this is my signature, like it? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com
[ACFUG Discuss] CFLayout with Tabs and Forms
So, now that I've figured out how to secure the page, I'm working on a multi-part form. I came across the new CFLayout tag in CF8 and it lets you setup a number of Tabs that can each contain different content. I already had my multi-part form broken into separate include files, so I just specified the include for each tab and it looks great! The only thing is I want to submit the included form whenever the tab changes. I found a way to add a listener and capture the TabChange event, but it seems to be adding multiple form objects to the DOM, and I haven't been able to find a way to submit the correct form yet. When I started playing with CFLayout, I wasn't planning to get sucked into Ajax/Spry. But, the tabs just look so cool! So, has anyone done anything like this? Also, any pointers on how to troubleshoot this kind of problem. I've started trying to use FireBug, but I still need to learn to use it better. Thanks for any ideas! Clarke - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CFLayout with Tabs and Forms
I haven't played with CFLayout but what you want to do is to call the submit method on the form in Javascript. So if the HTML has two forms, foo and bar, and you wanted to submit the foo form, you'd call document.foo.submit(). If the forms aren't named, you'll have to call them in the forms array like document.forms[1].submit(). Howard On Thu, May 29, 2008 at 9:51 PM, Clarke Bishop [EMAIL PROTECTED] wrote: So, now that I've figured out how to secure the page, I'm working on a multi-part form. I came across the new CFLayout tag in CF8 and it lets you setup a number of Tabs that can each contain different content. I already had my multi-part form broken into separate include files, so I just specified the include for each tab and it looks great! The only thing is I want to submit the included form whenever the tab changes. I found a way to add a listener and capture the TabChange event, but it seems to be adding multiple form objects to the DOM, and I haven't been able to find a way to submit the correct form yet. When I started playing with CFLayout, I wasn't planning to get sucked into Ajax/Spry. But, the tabs just look so cool! So, has anyone done anything like this? Also, any pointers on how to troubleshoot this kind of problem. I've started trying to use FireBug, but I still need to learn to use it better. Thanks for any ideas! Clarke - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - -- Howard Fore, [EMAIL PROTECTED] The universe tends toward maximum irony. Don't push it. - Jeff Atwood - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -