Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Warning about ColdFusion 10 and ORM Logging

DZone's Guide to

Warning about ColdFusion 10 and ORM Logging

· Java Zone ·
Free Resource

Discover how you can help protect your mobile, web-based and cloud applications with IBM Application Security on Cloud.

First off, credit for this post belongs to multiple people. This post stems from a discussion on a private listserv of ColdFusion developers. I'll make a list of folks at the end, but in this case, I'm mainly serving as the 'errand boy' to report the issue and help spread the word. I'll do my best to describe the issue accurately but any screw up is entirely my fault.

In ColdFusion 9 (and in the docs for ColdFusion 10 but not actually implemented), the log settings for ORM (as set in cfhome\lib\log4j.properties) is:

log4j.appender.HIBERNATECONSOLE=org.apache.log4j.ConsoleAppender

This means ORM-related messages are logged to the console. But in ColdFusion 10, this switched to:

log4j.appender.HIBERNATECONSOLE= org.apache.log4j.FileAppender

Another issue is that in ColdFusion 9:

log4j.appender.HIBERNATECONSOLE.MaxFileSize=500KB
log4j.appender.HIBERNATECONSOLE.MaxBackupIndex=3

These two settings are commented out. You can probably guess what the result is - a (potentially!) huge ass log file. Most likely you want to change to a rolling file appender as described here: ColdFusion ORM : How to log SQL.

If you use ORM, I'd recommend checking your logs now and updating your settings as well.

Credit: Sam Farmer, Phill Nacelli, and anyone else I forgot.

Rapidly detect security vulnerabilities in your web, mobile and desktop applications with IBM Application Security on Cloud. Register for your complimentary 30-day trial now.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}