Can I use any other CF tags to replace CFDUMP?

Question

In the application I designed, I named one of my web pages "error.cfm". I want it to display whenever there is an error from the application. So I put the following code inside "error.cfm":

        An uncaught exception just 'happened' :-(
        <br><br>
        <b><cfoutput>#exception.message#</cfoutput></b><br />
        <cfoutput>#exception.detail#</cfoutput><br /><br />
        <cfif isdefined('exception.cause')>
            <b><cfoutput>#exception.cause.message#</cfoutput></b><br />
            <cfoutput>#exception.cause.detail#</cfoutput>
        </cfif>
        <cfdump var="#exception#">

So after hosting the website, I discovered that this particular page refused to load and instead a '500 Internal Error' was displayed. I then complained to my hosting company and I was sent these details:

---

Dear Customer,

The actual error message is the following:

Security: The requested template has been denied access to createobject(java).
The following is the internal exception message: access denied (coldfusion.runtime.FunctionPermission createobject(java))

The error occurred in C:\inetpub\vhosts\plat4ad.com\httpdocs\cms\error.cfm: line 10

8 : 9 : 10 :

Unfortunately some tags and functions are disabled on our servers due to security purposes. You can check full list here:

https://support.dailyrazor.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=293&nav=0,29,76

Please let us know if you have any other questions.

Best wishes, Support-GG DailyRazor Support Team.

---

Now checking the lists of the tags they disabled on their servers, CFDUMP was among them:

On the shared ColdFusion servers you will have access to all tags and functions except for the following:

CF Tags:

• CFCOLLECTION
• CFCONTENT
• CFDUMP
• CFEXECUTE
• CFLOG
• CFOBJECT
• CFOBJECTCACHE
• CFREGISTRY

CF Functions:

• SetProfileString
• CreateObject(COM)
• CreateObject(CORBA)
• CreateObject(JAVA)

Please is there any alternative for CFDUMP? Or does anyone know any ColdFusion hosting company that doesn't have these restrictions? I appreciate any ideas from you.

Answer 1

I will add that if you choose to "dump" details, you can also wrap the dump code in an "if" block that looks at your cgi.REMOTE_ADDR and if it matches your IP address, does the dumpout, otherwise doesn't.

<cfif cgi.REMOTE_ADDR EQ "167.96.177.66">
<!--- execute dump code here --->
</cfif>

Caveats: YMMV, have to have a static IP, have to BE at that IP, etc.

Answer 2

CFDUMP began life as a custom tag before it was ever included in ColdFusion.

It still appears to be downloadable: http://www.adobe.com/cfusion/exchange/index.cfm?event=extensionDetail&extid=1002037

You may need to make changes to it to work (better) in more modern versions of CF, but it should probably do more than 90 per cent of what you need it for.

Answer 3

How about this: http://www.coldfusionjedi.com/index.cfm/2010/10/6/Cant-dump-Try-a-fake-dump

Answer 4

If you get yourself VPS (google:coldfusion VPS) you'll be able to do on that machine whatever you want.

The whole point of not having cdump is security measure. Usually all debugging and dumping raw data is done on development server and on hosted server you run applications, right? Error.cfm is used to hide caught exception details, like path to your files, data about used libraries etc.

There're ways to display data without cfdump. In your case I don't see why you couldn't use plain cfoutput and write exception details as 2 lines of output.

In your place, I'd take source codes of fw/1 or Mura CMS to see how they handle error messages, better to see how more experienced people are doing it then to "waste" time reinventing the wheel.