Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

unless enabled in the admin, per application settings to enable debugging etc should be ignored (i.e on production)

Description

As I also mentioned in https://luceeserver.atlassian.net/browse/LDEV-4947 ,

Unless these debugging / monitoring options are enabled at the server level, applications should not be able to enable debugging, if a developer accidently deploys debugging, etc enabled via an Application.cfc to production, that’s really really not good for security or performance

Environment

None

Activity

Show:

Michael Offner 26 August 2024 at 14:47

the new/current behaviour is also consistent with EVERY other setting in Lucee, every setting that exists on application context level overrules settings made in server/web config.

Michael Offner 26 August 2024 at 14:20

i strongly disagree on this ticket, before this setting debugging was not easely accessible for developers, i personally work in projects where for most developers the Lucee configuration is NOT accessible and with Lucee prior 6.0 they cannot use debugging at all without a big hassle.

Also when i follow this logic, the tag dump should NOT exist, because it is exactly the same as debugging output.

Fixed

Details

Assignee

Reporter

Priority

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Parent

Sprint

Created 31 July 2024 at 07:48
Updated 30 August 2024 at 06:51
Resolved 26 August 2024 at 14:20

Flag notifications