CF Live For Real Time CFML Testing

Russ Michaels has created CF Live, an online tool that lets you enter CFML code for execution on ColdFusion or Railo. If you want to tinker with CFML (albeit with some language restrictions for security’s sake), then give it a try.

Oh, CF Live tests against ColdFusion 9 Enterprise on Windows 2008, as you can see by using it to run the following:

4 responses to “CF Live For Real Time CFML Testing”

  1. Kevin Benore Avatar
    Kevin Benore

    Personally, I hope he turns off the massive amounts of data he gives out for exceptions. That seems like a bigger security issue.

  2. lawless Avatar

    How would you debug without the debug output?
    what risk is there to see the exception for your own code?

  3. Kevin Benore Avatar
    Kevin Benore

    Yeah, I am less concerned about someone’s code. I would be more concerned with server security. While some items are sandboxed, you can still see template path information. This is a bit different use case, but you typically want to keep debugging off outside an internal network.

  4. Russ Michaels Avatar
    Russ Michaels

    The debug output and info is only for the code you enter and run in the textarea not for the site itself, the site itself runs on a completely different instance and does not show debugging info. The service is not intended for you to host live production code, it is for development and testing, thus why the debug is enabled, so users can debug code and see errors.
    As you are unable to read/write/save files to the server or use Java (see the about page), I would be interested to know exactly what threat/risk you believe seeing the path info provides, especially seeing as that info is freely available using several functions anyway, please can you provide details ?

Leave a Reply