Blog

Brad Wood

July 22, 2013

Spread the word


Share your thoughts

This week's tip is a simple reminder to check your ColdBox config and ensure that you've changed your reinit and debugMode password for all externally-available sites to be something other than the default.

Out-of-the-box, ColdBox can be reinitialized with the following:
site.com/index.cfm/fwreinit=1

While there's nothing inherently dangerous about that, reinitting can be a costly operation that flushes caches and re-loads configuration. That's probably a load you don't want to deal with unless necessary.

You can also easily turn on debugMode like so:
site.com/index.cfm?debugMode=1

Debug mode is more dangerous as it gives people access to cache settings, control over your modules, and tons of information about the request including the contents of the request collection. While this information is useful while developing, it needs to be carefully guarded on your production servers.

Make sure you don't use the default reinit and debugMode passwords as they can allow complete strangers to get sensitive information out of your site or possibly lead to a security breach. In your /config folder should be your programmatic configuration file, ColdBox.cfc. Open it and look for the following lines:

reinitPassword = "",
debugPassword = "",

If they look like above, that means you are using the default settings and reinitting your application or viewing debug info can be used with the URLs above. Change those lines to have a password set that can't be easily guessed.

reinitPassword = "myReinitPassword",
debugPassword = "myDebugPassword",

You can still reinit your application and turn on debug mode, but you'll now need to do it like this:

site.com/index.cfm/fwreinit=myReinitPassword
site.com/index.cfm?debugMode=1&debugPass=myDebugPassword

More info here: http://wiki.coldbox.org/wiki/ConfigurationCFC.cfm

P.S. Don't want to have to type in the password every time on your development environment? We don't blame you. Use a convenient environment override. Here's a sample configuration CFC that shows how to have production protected with a password and your development environment use no password:

/config/ColdBox.cfc

component{

    function configure(){

        coldbox = {
            appName = "My App",
    
            reinitPassword = "myReinitPassword",
            debugPassword = "myDebugPassword"
        };
    
        environments = {
            development = "^dev.*"
        };

    }

    function development(){
        coldbox.reinitpassword = "";
        coldbox.debugpassword = "";
    }

}

Add Your Comment

(2)

Mar 14, 2017 17:02:00 UTC

by joe smith

I'm running version 3.5, and in order to make the reinit and debug password strong, i want to include special characters...but doesnt seem to work with special characters. is that by design? Thanks

Mar 14, 2017 17:45:16 UTC

by Brad Wood

Joe, I'm not aware of any such restriction. Can you report to our mailing list the code you used to set the password? Please note, if you have a quote or hash in your password, you'll need to escape it using the standard CFML rules.

Recent Entries

Ortus Black Friday Deals are here!

Ortus Black Friday Deals are here!

Make 2023, the year you finally start modernizing your CFML projects with our Black Friday deals!

Don't waste any more time trying to find solutions, we got everything you need to rock your projects and learn new skills that will save you time and money while delivering a quality service. 

From Nov 25th to Dec 1st

Maria Jose Herrera
Maria Jose Herrera
November 25, 2022
Call For Speakers Open for Into The Box 2023

Call For Speakers Open for Into The Box 2023

We are very excited that the Into The Box conference is coming back to the Houston area and FINALLY on our normal schedule of May of 2023. Registration is now officially open and call for papers is now open as well. We are also extremely excited that this will be our 10 year anniversary for the Into The Box Conference. So we will defintely go all out!

  • Full 2-day conference with over 30 different technology topics
  • An additional full day of hands-on training available for a veritable 3 days of awesomeness
  • A warm and sunny city of The Woodlands, Texas
  • When: May 17-19 of 2023
  • Modernize Your Skillz
  • Party with our live Mariachi Band!

Luis Majano
Luis Majano
November 11, 2022
New Patreon Perk: Ortus Software Craftsmanship Book Club

New Patreon Perk: Ortus Software Craftsmanship Book Club

What is the Software Craftsmanship Book Club?

Its a place for CFML Community members can get together, discuss and debate the thoughts, ideas, best practices outlined by a series of books focusing on increasing Software Developers efficiency, productivity and pride. It will be relaxed but educational environment, where we can learn from each other, and grow as a community.

 

Ortus Software Craftsmanship Book Club

Maria Jose Herrera
Maria Jose Herrera
November 09, 2022