英文:
Does Coldfusion stop logging errors when cferror is used?
问题
最近,在CF Admin中,Coldfusion的应用程序日志对于显示尝试在站点上进行SQL注入的页面对我很有帮助。它会显示存在无效数据,展示页面、行数以及无效数据的值。但后来我在application.cfm中设置了一个全站错误处理程序,因为我不想让屏幕显示标准的CF错误消息:
<cferror
template = "myDBErrorHandler.cfm"
type = "exception"
exception = "database">
这一直运行得很好,但现在似乎当cfqueryparam捕获到来自SQL注入尝试的无效数据并出现无效数据错误时,它不再记录在application.log文件中。这是否是预期行为?这似乎有点不合理;即使我现在用cferror处理这些错误,它们仍然是错误,我仍然希望在日志中记录它们。我不确定为什么它们突然不再显示了。
我仍然可以在异常日志中找到这些事件,就像在使用cferror之前一样,但异常日志还包含完整的堆栈跟踪,所以它们非常庞大,需要很多鼠标点击(或者在Notepad++中查看日志文件时滚动)。应用程序日志中的条目更容易使用。
另外 - 如果这确实是预期行为,即应用程序日志不记录由cferror处理的错误,那么CF文档中有没有提到这一点?我之所以问是因为我还没有在任何地方看到过这种说法,而且发现这一点对我来说比向Stack Overflow上的其他人提问要好。作为一种解决方法,我考虑在处理程序模板上使用cflog;事实上,对于这些特定类型的错误,对我来说有一个专用的文件可能比将它们与其他应用程序日志条目混合在一起更好。你有什么想法?谢谢。
英文:
Recently, the application log for Coldfusion in CF Admin was helpful in showing me pages where sql injection has been attempted on a site. It would say that there was invalid data, show the page, the line, and the value of the invalid data. But then I set a site-wide error handler in application.cfm, because I'd rather not have the screen display a standard CF error message:
<cferror
template = "myDBErrorHandler.cfm"
type = "exception"
exception = "database">
which has been working well, but it seems now that when cfqueryparam catches invalid data from sql injection attempts and there's an invalid data error, it's no longer logged in the application.log file. Is that expected behavior? This seems counterintuitive; even if I'm handling these errors with cferror now, they're still errors, and I'd still like to see them recorded in the logs. I'm not sure why they'd just stop showing up.
I can still find these incidents in the exception log, as I was able to before I started using cferror, but the exception logs also contain the full stack trace, so they're very bloated and involve a lot of mouse clicking (or scrolling if viewing the log file in Notepad++). The entries in the application log were a lot simpler to use.
Also - if this is indeed expected behavior, for the application log not to log errors that are handled by cferror, does it say that anywhere in the CF documentation? I ask because I haven't seen it said anywhere, and it would be great to find this out for myself rather than have to ask someone else on Stack Overflow. As a workaround, I'm thinking of using cflog on the handler template; in fact, it might be better for my purposes to have a dedicated file for these specific kinds of errors than to have them mixed in with other application log entries. Thoughts? Thanks.
答案1
得分: 0
使用此标记提供应用程序页面的自定义错误消息。即使发生错误,也可以保持应用程序的一致外观和感觉。
理想情况下,代码应充满cftry
和cfcatch
语句,以逐个案例处理潜在错误。cferror
标记抑制了默认的调试输出。
通常,您会将此标记嵌入到Application CFC或Application.cfm文件中,以指定整个应用程序的错误处理责任。如果您指定type="validation",则必须将其放在这些文件中;ColdFusion会忽略任何其他页面上的此标记。
尝试在Application.cfc
文件中使用onError
函数而不是cferror
。
您可以在此函数内添加对cflog
的调用,以将错误写入特定的日志文件。您还可以将错误记录在数据库中,或者在发生错误时触发电子邮件通知您(尽管我不建议发送电子邮件)。
请参考链接以获取更多信息:
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-d-e/cferror.html
https://helpx.adobe.com/coldfusion/cfml-reference/application-cfc-reference/onerror.html
英文:
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-d-e/cferror.html
> Usage
>
> Use this tag to provide custom error messages for pages in an application. This lets you maintain a consistent look and feel within the application, even when errors occur.
Ideally, the code should be full of cftry
and cfcatch
statements, to deal with potential errors on a case by case basis. The cferror
tag suppresses the default debug output.
> You generally embed this tag in your Application CFC or Application.cfm file to specify error-handling responsibilities for an entire application. You must put it in one of these files if you specify type="validation"; ColdFusion ignores it on any other page.
Instead of cferror
, try using the onError
function in your Application.cfc
file.
https://helpx.adobe.com/coldfusion/cfml-reference/application-cfc-reference/onerror.html
You can add calls to cflog
inside this function and to write your errors to specific log files. You could also record the errors in a database or trigger emails to let you know as they occur (although I don't recommend sending emails).
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论