CGI variables must be something special - it is not possible to show all cgi variables when doing a cfdump. I just came across this bug when trying to use a custom #404 page where apache provides the original page URL in the CGI variable REDIRECT_URL.
I am just using CGI.REDIRECT_URL now and it works.
The interesting thing is that StructKeyExists(CGI, blabla) does not work at all - the check will always return true.
Sunday, 29 June 2008
Wednesday, 11 June 2008
VARing cffile and the result variable
I am using cffile to upload incoming files and of course in my component I "var" the cffile variable at the top of the function (like one should do with cfhttp etc):
The problem is that somehow the cffile scope will stay zero - until I added the property "result" to the cffile tag saying the result should be stored as "cffile" - so the whole call is:
Now it works again!
The problem is that somehow the cffile scope will stay zero - until I added the property "result" to the cffile tag saying the result should be stored as "cffile" - so the whole call is:
Now it works again!
Saturday, 3 May 2008
Web Developer's Handbook
This endless list is like a Web Developers's Handbook at it's best ... a lot a page with stuff you already know but some interesting news as well
Sunday, 20 April 2008
Apache: Disable HostNameLookups
After an upgrade to our infrastructure (see a picture here), the delivery of content through apache was incredible slowly - the reason was that we moved our DNS servers to an external location and had no internal server for this task any more.
After some research we found out that disabling the host name lookup (HostNameLookups = Off) helped to speed up the pages delivery. Now our analyzer will perform the lookup task and we're happy again ;-)
After some research we found out that disabling the host name lookup (HostNameLookups = Off) helped to speed up the pages delivery. Now our analyzer will perform the lookup task and we're happy again ;-)
Wednesday, 16 April 2008
JRUN crashes after changing the hostname of a machine
Yeasterday we updated our system and renamed a server from www-4 to www04 in our internal DNS system. After that, this server started to deliver pages very slowly (with a very low load, however) and after some reasearch we found out that chaning the hostname was responsible.
So make sure your internal hostname and the hostname set in /etc/hostname is the very same!
So make sure your internal hostname and the hostname set in /etc/hostname is the very same!
Thursday, 20 March 2008
MD5 Hash values: Be aware of uppercase/lowercase
These days I had to deal with a web service which needs a parameter as MD5 hash. I played around with for some time but authentification always failed, I did everything according to the documentation, however. Then I found out that the other service is checking the hash value case-sensitive, so I had to add a lcase to the string.
Some further research shows that almost every other service I know produces lowercase only hash values, ColdFusion produces uppercase values. Be aware of that! ;-)
Some further research shows that almost every other service I know produces lowercase only hash values, ColdFusion produces uppercase values. Be aware of that! ;-)
Monday, 25 February 2008
JVM heap errors: Check every cffile / cfhttp request
This weekend I ran into trouble because the JVM (too small heap size) was crashing several times and after some research and debugging I found out that reading a 80 megabyte file with cffile was the reason for all the pain.
So be aware of this and do the following:
So be aware of this and do the following:
- Check the size of uploaded files (by performing checks with the size given in cffile or using a routine like that).
- Before you request any unknown website using cfhttp, do a HEADER operation and check out for the size (cfhttp.responseHeader, Content-Length) or add Content-Range headers to the request in order to allow only a certain content size
Sunday, 24 February 2008
ColdFusion / MacOS 10.5 / WebConnector: Not again!!
Every update of apache is a real pain for me and maybe most of the ColdFusion community. Each time the server engine is updated, the WebConnector has to be updated as well. In the current case, I decided to update my Mac OS finally to Leopard (10.5) and - bingo - with the apache update from 1.3 to 2.2 the whole connector stuff isn't working any more.
One solution might have been again to download the whole connector sources (XCode) and compile the connector myself - some hours work plus about 1-2 GB downloads for an about 90kb file.
The other solution: Follow these instructions and download the file offered for download.
One solution might have been again to download the whole connector sources (XCode) and compile the connector myself - some hours work plus about 1-2 GB downloads for an about 90kb file.
The other solution: Follow these instructions and download the file offered for download.
Tuesday, 12 February 2008
Attention: INNER JOIN is now the default in transfer
With the update to the latest release of the CF - based ORM system Transfer 0.6.3. , the default JOIN behaviour has been changed to INNER JOIN - I was wondering why some of my queries started to return a much smaller number of records at once ;-)
The solution was to write the full LEFT OUTER JOIN statement instead.
The solution was to write the full LEFT OUTER JOIN statement instead.
Wednesday, 23 January 2008
Very uncool - no implicit structure creation within function calls
I am using more and more features provided by CF8 as we migrate our servers to this new system. One feature I love is the implicit creation of structures without the need of calling StructNew() all the time.
So - a major downside is that you cannot create structures using this way within functions calls ... very bad. An example:
So - a major downside is that you cannot create structures using this way within functions calls ... very bad. An example:
Very uncool, same thing noticed by Ben
a_component.StoreInformation( key = arguments.key, data = { firstname= a_str_firstname } )
Tuesday, 27 November 2007
Reset ColdFusion Administrator password
Today I wanted to edit a datasource name in the ColdFusion Administrator but I did not remember the password on this development server (hell, where are the nice little yellow post-its ;-)).
Here you can find a nice solution how to achive a password - reset.
Here you can find a nice solution how to achive a password - reset.
Wednesday, 14 November 2007
XML vs JSON: Incredible performance differences
I admit - I am a real fan of XML and try to use this format whenever it is possible. The reason is simple: It's a clear format and very easy to exchange data with other applications (also with applications not running in a browser).
During the finalization of a project we came across several performance problems with a huge dataset and I tried to move the data interaction to JSON.
The result: The time of parsing a XML with jQuery (loop over the element using each) was up to 100 times higher than doing a simple JSON request (According to the results of the firebug console.timer output). No special treatment, just looping over the records and building an array in javaScript using the default jQuery way.
So, I hope in future times XML parsing will speed up with faster computers (although I think there will be not much gain in the near future because browser XML parsers just use MSXML or Xerces right now).
If you do not have ColdFusion 8 (which offers built-in JSON support), you might take a look at this library.
During the finalization of a project we came across several performance problems with a huge dataset and I tried to move the data interaction to JSON.
The result: The time of parsing a XML with jQuery (loop over the element using each) was up to 100 times higher than doing a simple JSON request (According to the results of the firebug console.timer output). No special treatment, just looping over the records and building an array in javaScript using the default jQuery way.
So, I hope in future times XML parsing will speed up with faster computers (although I think there will be not much gain in the near future because browser XML parsers just use MSXML or Xerces right now).
If you do not have ColdFusion 8 (which offers built-in JSON support), you might take a look at this library.
Thursday, 8 November 2007
20 ways to secure your apache server
I can only recommend to go through the points of this posting if you want to secure your apache webserver.
Easy way to run several ColdFusion instances using one apache server
As you might know, in the server configuration JRun is the J2EE server in the background of CF and so in the apache configuration you will notice that the whole connector stuff is done using JRunConfig* directives.
As long as only one version of CF is running using apache as webserver everything is fine, it starts getting complicated when you decide to run e.g. 7 and 8 on one machine using one apache instance. Here you can find a solution how to set it up with different JRun ports which I did once as well (took me hours to find out all these stuff ;-)).
A very nice, quick and dirty solution I came accross some time ago is to use the power of mod_proxy - in this case you tell apache to forward all requests to a different port / URL whatever.
So I did the following:
As long as only one version of CF is running using apache as webserver everything is fine, it starts getting complicated when you decide to run e.g. 7 and 8 on one machine using one apache instance. Here you can find a solution how to set it up with different JRun ports which I did once as well (took me hours to find out all these stuff ;-)).
A very nice, quick and dirty solution I came accross some time ago is to use the power of mod_proxy - in this case you tell apache to forward all requests to a different port / URL whatever.
So I did the following:
- Set up CF 7
- Connect CF 7 to apache using the default way
- Set up CF 8 using the internal web server
- Enabled mod_proxy in apache (AddModule / LoadModule)
- Added the following lines in my virtual host configuration for a CF8 host:
ProxyRequests on
ProxyPass / http://127.0.0.1:8500/ - Worked!
Wednesday, 7 November 2007
No ugly JRUN error message on ColdFusion startup any more
Wouldn't it be nice to get rid of the ugly JRUN startup error message? Here (bloginblack) I have found a way to accomplish this - you just need to add a new line in the connector configuration in the apache configuration. I will give it a try in the next few days.
ColdFusion 8 / Apache 2.2.3
I recently set up a new testing server using the latest debian etch release. During the setup, apache 2.2.3 has been installed as default webserver and to make ColdFusion 8 (and maybe 7) running with this release, the following steps are necessary:
- Install CF8 using the built-in webserver
- Open /etc/init.d/apache2 with vi
- Note the paths set by APACHE2 / APACHE2CTL
- Now execute the following command:
- /opt/coldfusion8/runtime/bin/wsconfig -server coldfusion -ws Apache -bin /usr/sbin/apache2 -script /usr/sbin/apache2ctl -dir /etc/apache2/ -v
- bin = APACHE2 variable
- script = APACHE2CTL variable
- Open the httpd.conf and add AddHandler jrun-handler .cfm .cfc .cfswf.jsp .jws to the last line (.cfm / .cfc might be missing). Found this solution here.
Thursday, 1 November 2007
Access other application scopes
In one of our projects, it was necessary to access application scope variables stored in a different application than the current one for security reasons. After some research I came accross this posting, which covers the technique to do exactly this: http://www.lynchconsulting.com.au/blog/index.cfm/2006/10/23/Hacking-the-application-scope-in-CFMX
var oApp = createObject("java","coldfusion.runtime.ApplicationScopeTracker");
var applications = oApp.getApplicationKeys();
Of course, this is an undocumented feature and who knows if it will still work in the next CF version, but it's good to know that it is possible ;-)
var oApp = createObject("java","coldfusion.runtime.ApplicationScopeTracker");
var applications = oApp.getApplicationKeys();
Of course, this is an undocumented feature and who knows if it will still work in the next CF version, but it's good to know that it is possible ;-)
Wednesday, 24 October 2007
ORM - or why did I spend so much time with writing SQL by hand?
Some months ago I started playing around with ORM tools for ColdFusion - the two well known solutions in this area are Reactor and Transfer.
Until now most SQL code in our CFMX applications is written by hand or by a small component called "autoSQL", which is more or less a very stripped down version of an ORM tool. But as time goes by, it become more and more necessary to bring some standards in here and I am glad that I have found now a very good solution with Transfer.
If you need some arguments for using ORM, try these:
How does the whole thing work?
First of all, you have to create some XML files which document your database and table structures. Transfer follows an package/object approach so that all the tables can be managed in an even more readable way.
The second step already happens in CFML - you play around with your data! Depending on the task you want to fullfill, several methods are available (Update, Save, Delete).
An example:
The best way is to start with the included Blog demo application - there the whole concept is shown in a very good way. Take a look at the available presentations as well to gain a better understanding of the basic concepts.
Until now most SQL code in our CFMX applications is written by hand or by a small component called "autoSQL", which is more or less a very stripped down version of an ORM tool. But as time goes by, it become more and more necessary to bring some standards in here and I am glad that I have found now a very good solution with Transfer.
If you need some arguments for using ORM, try these:
- Reduce time to write SQL
- Ability to switch to a new RDMS without touching the code
- More readable DB code
- Focus on the real important issues in your application (workflow, security)
How does the whole thing work?
First of all, you have to create some XML files which document your database and table structures. Transfer follows an package/object approach so that all the tables can be managed in an even more readable way.
The second step already happens in CFML - you play around with your data! Depending on the task you want to fullfill, several methods are available (Update, Save, Delete).
An example:
cfset var a_transfer = application.beanFactory.getBean( 'ContentTransfer' ).getTransfer()
cfset a_new_item = a_transfer.new( 'contacts.contact' )
cfset a_new_item.setentrykey( CreateUUID() )
cfset a_new_item.setname( arguments.name)
cfset a_new_item.setdescription( arguments.description )
cfset a_new_item.setdt_created( Now() )
cfset a_transfer.save(a_new_item)
The best way is to start with the included Blog demo application - there the whole concept is shown in a very good way. Take a look at the available presentations as well to gain a better understanding of the basic concepts.
Monday, 22 October 2007
Protect XML configuration files using .htaccess
In most of my projects, I create a mapping called /configurationxy to point to the configuration files (e.g. transfer XML files, mach-ii configuration and so on). This directory is not located under the webroot so no direct access is possible at all.
If this is not possible (e.g. due to shared hosting), never forget to protect your .XML files from being viewed and downloaded using e.g. the .htaccess feature of apache. In this case the file will be readable by the system itself but no user will be able to download the file. See an example configuration here.
If this is not possible (e.g. due to shared hosting), never forget to protect your .XML files from being viewed and downloaded using e.g. the .htaccess feature of apache. In this case the file will be readable by the system itself but no user will be able to download the file. See an example configuration here.
Mach-II Framework 1.5 has been released
A new version (1.5) of the great open source MVC framework Mach-II has been released for production use. The most important change for me in this release is the introduction of XML includes, so that the main configuration - XML will stay clean.
To be honest, the learing curve of this framework was quite high for me in the beginning but now I don't want to miss the system any more.
One important note: Never put the business logic in the model components. I made this mistake in the beginning because it looked so damn easy but now I have created a sub directory named "cfc" and in this directory all the business logic is done.
So the perfect combination for me at the moment for a new project is:
To be honest, the learing curve of this framework was quite high for me in the beginning but now I don't want to miss the system any more.
One important note: Never put the business logic in the model components. I made this mistake in the beginning because it looked so damn easy but now I have created a sub directory named "cfc" and in this directory all the business logic is done.
So the perfect combination for me at the moment for a new project is:
- Mach-II framework
- ColdSpring for wiring CFC together
- TransferORM for DB access
- jQuery for interface operations
Thursday, 4 October 2007
escape vs encodeURIComponent
As long as you pass on only A-Z, 0-9 and so on to javaScript functions, encoding with escape is the proper method. As an Austrian company we have to deal with umlaute (special characters) a lot, however. Therefore in this situation encodeURIComponent is the best choice. Here you can find a good explanation and some examples concerning the differences.
Monday, 24 September 2007
Upload files to Webserver using WebDAV
WebDAV is a cool alternative to FTP and due to it's HTTP-basis, the typical port / passive problems of FTP can be ignored. Since version 7, ColdFusion support a huge range of the WebDAV commands, including TRACE, OPTIONS and so on.
To put a file to an enabled server, you simply have to use the following code:
cfhttp method="PUT" url="http://Server/Directory/Filename" username="username" password="password" throwonerror="true" cfhttpparam type="header" name="Content-Type" value="content/type"Don't forget to check the cfhttp response for possible errors!
cfhttpparam type="file" name="file" file="#a_str_full_path_of_filename#"
/cfhttp
Thursday, 13 September 2007
Avoid locking of session variables
In most of our applications, session variables are just used for holding a structure with security information (aka securitycontext). As locking is essential (and not locking can lead to some terrible headache) all readings and writes must be protected (especially if race conditions could occur).
So our approach is to copy the securitycontext on each request into the request scope using the following code:
Application.cfc / onRequest
(Of course a check is needed if the securitycontext exists at all ;-)).
Explanation:
Using this way the structure can be accessed without any locking - very important to mention is the Duplicate function because we want a deep copy and not just a reference to the original structure. Be aware of this fact, because the request structure will not change until the next request is executed!
So our approach is to copy the securitycontext on each request into the request scope using the following code:
Application.cfc / onRequest
cflock scope="session" timeout="30" type="readonly"
cfset a_struct_securitycontext=" Duplicate(session.a_struct_securitycontext)"
/cflock
(Of course a check is needed if the securitycontext exists at all ;-)).
Explanation:
Using this way the structure can be accessed without any locking - very important to mention is the Duplicate function because we want a deep copy and not just a reference to the original structure. Be aware of this fact, because the request structure will not change until the next request is executed!
jQuery 1.2 released
Yeasterday a new version of jQuery has been released (1.2). If you ever have to deal with JavaScript in your application in a professional way, give this library a try. It's sooo smooth and I prefer this one very very much over prototype.
So, what's the big deal of this tiny (22kb) little .js file?
The design of the library is just gorgeous. The basic principle is very simple:
$('#this_is_the_id').hide();
In this case an object with the ID this_is_the_id is selected and hidden.
So, what's the big deal of this tiny (22kb) little .js file?
The design of the library is just gorgeous. The basic principle is very simple:
- Select the desired objects
- Perform some action on them
$('#this_is_the_id').hide();
In this case an object with the ID this_is_the_id is selected and hidden.
$("#orderedlist > li").addClass("blue");
I this example, the CSS class "blue" is added to all child elements of an ordered list.
$(document).ready(function() {
...
}
Here some code can be placed which is executed as soon as the DOM structure of the document has finished loading - so no more onLoad events which can have a huge delay because of e.g. external images or advertising stuff.
Here you can find some more tutorials on this.
Wednesday, 12 September 2007
Welcome to my new ColdFusion Blog
My nams is Hansjoerg Posch and I am developing Web Applications in ColdFusion for more than four years now. In this blog I will post about interesting stuff, new technologies and give you some tipps and insights on my current work at InBox.cc.
Feel free to comment any articles!
View my XING profile
Feel free to comment any articles!
View my XING profile
Subscribe to:
Posts (Atom)
