Status/Resolution/Reason: Closed/Withdrawn/NotABug
Reporter/Name(from Bugbase): Andrew Scott / Andrew Scott (Andrew Scott)
Created: 02/11/2013
Components: Administrator
Versions: 10.0
Failure Type: Enhancement Request
Found In Build/Fixed In Build: Final /
Priority/Frequency: Trivial / Unknown
Locale/System: English / Platforms All
Vote Count: 0
As it stands now the following is a security risk on production servers, and they are giving in to customers who don't understand the implications that this causes to other websites on the server.
What I am suggesting, is that this is disabled in the Administrator and can't be changed, however if anyone wishes to use it on their own application then they can switch it on in the Application.cfc via a setting there. As it stands many web sites become at risk of having all the below exposed because developers can't be bothered or be told how risky this is.
Enable Robust Exception Information
Allow visitors to see the following information in the exceptions page:
Physical path of template
URI of template
Line number and line snippet
SQL statement used (if any)
Data source name (if any)
Java stack trace
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 3498342
External Customer Info:
External Company:
External Customer Name: ascott67
External Customer Email:
External Test Config: My Hardware and Environment details:Attachments:
Comments: