
438 Chapter 10 • Securing ColdFusion
Using Error Handling Programs
Besides the various data validation code discussed earlier, there is an
important piece of code that should be used on a production box.This
is a replacement for the standard ColdFusion error handler.The reason
you want to use this is for warning. An attack against your box will most
likely be logged as an error until the attacker either succeeds or gives up.
Most programmers and/or administrators do not read through the error
logs to see what has been happening. If the logs are not reviewed, a
potential attack may go totally unnoticed.
The ColdFusion log files for any server are stor