WebDevelopment, ColdFusion, Railo, JS, Database and Tech-related by the Co-Founder and CEO of tunesBag.com

Tuesday, 27 November 2007

Reset ColdFusion Administrator password

Today I wanted to edit a datasource name in the ColdFusion Administrator but I did not remember the password on this development server (hell, where are the nice little yellow post-its ;-)).
Here you can find a nice solution how to achive a password - reset.

Wednesday, 14 November 2007

XML vs JSON: Incredible performance differences

I admit - I am a real fan of XML and try to use this format whenever it is possible. The reason is simple: It's a clear format and very easy to exchange data with other applications (also with applications not running in a browser).
During the finalization of a project we came across several performance problems with a huge dataset and I tried to move the data interaction to JSON.
The result: The time of parsing a XML with jQuery (loop over the element using each) was up to 100 times higher than doing a simple JSON request (According to the results of the firebug console.timer output). No special treatment, just looping over the records and building an array in javaScript using the default jQuery way.

So, I hope in future times XML parsing will speed up with faster computers (although I think there will be not much gain in the near future because browser XML parsers just use MSXML or Xerces right now).
If you do not have ColdFusion 8 (which offers built-in JSON support), you might take a look at this library.

Thursday, 8 November 2007

20 ways to secure your apache server

I can only recommend to go through the points of this posting if you want to secure your apache webserver.

Easy way to run several ColdFusion instances using one apache server

As you might know, in the server configuration JRun is the J2EE server in the background of CF and so in the apache configuration you will notice that the whole connector stuff is done using JRunConfig* directives.
As long as only one version of CF is running using apache as webserver everything is fine, it starts getting complicated when you decide to run e.g. 7 and 8 on one machine using one apache instance. Here you can find a solution how to set it up with different JRun ports which I did once as well (took me hours to find out all these stuff ;-)).
A very nice, quick and dirty solution I came accross some time ago is to use the power of mod_proxy - in this case you tell apache to forward all requests to a different port / URL whatever.
So I did the following:
  • Set up CF 7
  • Connect CF 7 to apache using the default way
  • Set up CF 8 using the internal web server
  • Enabled mod_proxy in apache (AddModule / LoadModule)
  • Added the following lines in my virtual host configuration for a CF8 host:
    ProxyRequests on
    ProxyPass / http://127.0.0.1:8500/
  • Worked!
Of course this is not a proper solution for deployment but for development purporses it's great. Using this way all apache modules and configuration possibilites (e.g. mod_rewrite, mod_deflate, access control) can be used and the internal webserver of CF is just the dummy backend.

Wednesday, 7 November 2007

No ugly JRUN error message on ColdFusion startup any more

Wouldn't it be nice to get rid of the ugly JRUN startup error message? Here (bloginblack) I have found a way to accomplish this - you just need to add a new line in the connector configuration in the apache configuration. I will give it a try in the next few days.

ColdFusion 8 / Apache 2.2.3

I recently set up a new testing server using the latest debian etch release. During the setup, apache 2.2.3 has been installed as default webserver and to make ColdFusion 8 (and maybe 7) running with this release, the following steps are necessary:
  • Install CF8 using the built-in webserver
  • Open /etc/init.d/apache2 with vi
  • Note the paths set by APACHE2 / APACHE2CTL
  • Now execute the following command:
  • /opt/coldfusion8/runtime/bin/wsconfig -server coldfusion -ws Apache -bin /usr/sbin/apache2 -script /usr/sbin/apache2ctl -dir /etc/apache2/ -v
  • bin = APACHE2 variable
  • script = APACHE2CTL variable
  • Open the httpd.conf and add AddHandler jrun-handler .cfm .cfc .cfswf.jsp .jws to the last line (.cfm / .cfc might be missing). Found this solution here.
Done!

Thursday, 1 November 2007

Access other application scopes

In one of our projects, it was necessary to access application scope variables stored in a different application than the current one for security reasons. After some research I came accross this posting, which covers the technique to do exactly this: http://www.lynchconsulting.com.au/blog/index.cfm/2006/10/23/Hacking-the-application-scope-in-CFMX
var oApp = createObject("java","coldfusion.runtime.ApplicationScopeTracker");
var applications = oApp.getApplicationKeys();
Of course, this is an undocumented feature and who knows if it will still work in the next CF version, but it's good to know that it is possible ;-)

Wednesday, 24 October 2007

ORM - or why did I spend so much time with writing SQL by hand?

Some months ago I started playing around with ORM tools for ColdFusion - the two well known solutions in this area are Reactor and Transfer.
Until now most SQL code in our CFMX applications is written by hand or by a small component called "autoSQL", which is more or less a very stripped down version of an ORM tool. But as time goes by, it become more and more necessary to bring some standards in here and I am glad that I have found now a very good solution with Transfer.

If you need some arguments for using ORM, try these:
  • Reduce time to write SQL
  • Ability to switch to a new RDMS without touching the code
  • More readable DB code
  • Focus on the real important issues in your application (workflow, security)

How does the whole thing work?
First of all, you have to create some XML files which document your database and table structures. Transfer follows an package/object approach so that all the tables can be managed in an even more readable way.

The second step already happens in CFML - you play around with your data! Depending on the task you want to fullfill, several methods are available (Update, Save, Delete).

An example:
cfset var a_transfer = application.beanFactory.getBean( 'ContentTransfer' ).getTransfer()
cfset a_new_item = a_transfer.new( 'contacts.contact' )
cfset a_new_item.setentrykey( CreateUUID() )
cfset a_new_item.setname( arguments.name)
cfset a_new_item.setdescription( arguments.description )
cfset a_new_item.setdt_created( Now() )
cfset a_transfer.save(a_new_item)

The best way is to start with the included Blog demo application - there the whole concept is shown in a very good way. Take a look at the available presentations as well to gain a better understanding of the basic concepts.

Monday, 22 October 2007

Protect XML configuration files using .htaccess

In most of my projects, I create a mapping called /configurationxy to point to the configuration files (e.g. transfer XML files, mach-ii configuration and so on). This directory is not located under the webroot so no direct access is possible at all.
If this is not possible (e.g. due to shared hosting), never forget to protect your .XML files from being viewed and downloaded using e.g. the .htaccess feature of apache. In this case the file will be readable by the system itself but no user will be able to download the file. See an example configuration here.

Mach-II Framework 1.5 has been released

A new version (1.5) of the great open source MVC framework Mach-II has been released for production use. The most important change for me in this release is the introduction of XML includes, so that the main configuration - XML will stay clean.
To be honest, the learing curve of this framework was quite high for me in the beginning but now I don't want to miss the system any more.
One important note: Never put the business logic in the model components. I made this mistake in the beginning because it looked so damn easy but now I have created a sub directory named "cfc" and in this directory all the business logic is done.
So the perfect combination for me at the moment for a new project is:
The perfect team for the next cool Web 2.0 application ;-)

Thursday, 4 October 2007

escape vs encodeURIComponent

As long as you pass on only A-Z, 0-9 and so on to javaScript functions, encoding with escape is the proper method. As an Austrian company we have to deal with umlaute (special characters) a lot, however. Therefore in this situation encodeURIComponent is the best choice. Here you can find a good explanation and some examples concerning the differences.

Monday, 24 September 2007

Upload files to Webserver using WebDAV

WebDAV is a cool alternative to FTP and due to it's HTTP-basis, the typical port / passive problems of FTP can be ignored. Since version 7, ColdFusion support a huge range of the WebDAV commands, including TRACE, OPTIONS and so on.
To put a file to an enabled server, you simply have to use the following code:

cfhttp method="PUT" url="http://Server/Directory/Filename" username="username" password="password" throwonerror="true" cfhttpparam type="header" name="Content-Type" value="content/type"
cfhttpparam type="file" name="file" file="#a_str_full_path_of_filename#"
/cfhttp
Don't forget to check the cfhttp response for possible errors!

Thursday, 13 September 2007

Avoid locking of session variables

In most of our applications, session variables are just used for holding a structure with security information (aka securitycontext). As locking is essential (and not locking can lead to some terrible headache) all readings and writes must be protected (especially if race conditions could occur).
So our approach is to copy the securitycontext on each request into the request scope using the following code:
Application.cfc / onRequest
cflock scope="session" timeout="30" type="readonly"
cfset a_struct_securitycontext=" Duplicate(session.a_struct_securitycontext)"
/cflock


(Of course a check is needed if the securitycontext exists at all ;-)).
Explanation:
Using this way the structure can be accessed without any locking - very important to mention is the Duplicate function because we want a deep copy and not just a reference to the original structure. Be aware of this fact, because the request structure will not change until the next request is executed!

jQuery 1.2 released

Yeasterday a new version of jQuery has been released (1.2). If you ever have to deal with JavaScript in your application in a professional way, give this library a try. It's sooo smooth and I prefer this one very very much over prototype.

So, what's the big deal of this tiny (22kb) little .js file?
The design of the library is just gorgeous. The basic principle is very simple:
  1. Select the desired objects
  2. Perform some action on them
Sounds simple, hmm? The power of the system can be shown in some short example:
$('#this_is_the_id').hide();
In this case an object with the ID this_is_the_id is selected and hidden.

$("#orderedlist > li").addClass("blue");
I this example, the CSS class "blue" is added to all child elements of an ordered list.

$(document).ready(function() {
...
}


Here some code can be placed which is executed as soon as the DOM structure of the document has finished loading - so no more onLoad events which can have a huge delay because of e.g. external images or advertising stuff.

Here you can find some more tutorials on this.

Thanks to Ben for his posting about the new release. He also mentions his fear about getting lazy in writing real hardcore JS stuff, but my opinion is goes ahead with the the jQuery credo in this case: Write less, do more!

Wednesday, 12 September 2007

Welcome to my new ColdFusion Blog

My nams is Hansjoerg Posch and I am developing Web Applications in ColdFusion for more than four years now. In this blog I will post about interesting stuff, new technologies and give you some tipps and insights on my current work at InBox.cc.
Feel free to comment any articles!

View my XING profile