Trunkful.com <cf_gems>

Just a very quick note to the ColdFusion Community, CFWebtools is looking to hire a few more Senior Level ColdFusion developers. We also have the need for people with Flex and Air skills.

CFWebtools is location in Omaha, NE, but we have a large number of remote employees and contractors. If you are interested,read the job posting at the link above and contact us.

This entry was posted on November 17, 2011 at 5:03 PM and has received 1228 views. There are currently 0 comments. Print this entry.

The Adobe ColdFusion team have released: ColdFusion 9.0.1 : Cumulative Hot fix 2. The this link http://kb2.adobe.com/cps/918/cpsid_91836.html. One of the items that caught my attention is the bug forx for OS X Lion.

Bug # 86992 ColdFusion multiserver instance does not start properly on Mac OS X Lion (10.7.x).

I downloaded the Hot Fix and started the whole process from scratch. I had already blown away my ColdFusion 9 from my MacBook Pro which has OS X Lion to I could try another version of ColdFusion.

1. clean up my system
2. Install ColdFusion 9.0 in multi server mode
3. Test real quick - yes 9.0 is running (it always did)
4. Install ColdFusion 9.0.1 in Multi-server mode
5. Test real quick, no it won't even start (which is also normal)
6. Install ColdFusion 9.0.1 Cumulative Hot fix 2
7. Test real quick and yes it runs.

However, one bug still remains that I can see. The ColdFusion Admin Settings Summary and Info pages DO NOT LOAD.

I've done a reboot a couple of times now and still no luck. But at least ColdFusion 9.0.1 Multi Server is running on OSX Lion.

This entry was posted on September 16, 2011 at 3:49 PM and has received 1103 views. There are currently 12 comments. Print this entry.

The news hitting the "Twitterverse" as I type this short blog post is that GoDaddy has just sent out emails to their ColdFusion hosting customers informing them that GoDaddy is going to discontinue ColdFusion hosting in 3 months.

"After careful consideration, we have decided to discontinue support for ColdFusion®. The product will officially remain available to Go Daddy customers for three months, until November 29, 2011. After that date, ColdFusion websites hosted by Go Daddy will not work.

We will not be removing customer content from the system -- your files will remain safely in our hosting datacenter. Because your current hosting account offers additional languages (PHP on Linux and Windows plans, and .NET on Windows plans), we hope you will find an alternative to your current ColdFusion implementation. Additionally, Deluxe and Ultimate plans offer Ruby, Perl and Python as language options.

Should you decide to move your files, please review the following help articles: Moving Directories Using the FTP File Manager and Using the File Manager to Move Files Between Directories.

If you have further questions or concerns, contact our customer service department at 480-505-8877.

Thanks for being a Go Daddy customer.

Bob Parsons
CEO and Founder
GoDaddy.com

No matter what your or my opinion(s) are of GoDaddy and their ColdFusion hosting business, the facts are people need to move to a new host fast.

There are other ColdFusion Hosting companies. Adobe has a page listing their ColdFusion Hosting Partners. These are the ones I know of off hand.

• EdgeWeb Hosting
• Hostek
• Visi

While working with CF Webtools, I have the opportunity to work with Edgeweb hosting a lot. These guys are awesome. They support, and I mean SUPPORT, their clients. I do recommend Edgeweb based on my experience with them.

Also, if you are looking for high quality ColdFusion programming and hosting I will shamelessly plug Mark Kruger, a.k.a. ColdFusion Muse, and his team at CF Webtools, which includes me. ;-)

this was an unsolicited message

Update: I removed one company due to the number of complaints I've heard.

This entry was posted on September 1, 2011 at 2:09 PM and has received 1576 views. There are currently 20 comments. Print this entry.

I missed the official August 1st celebration, but then if you read the "About" section you'll get a glimpse of how I started with ColdFusion.

I've been a geek since I was a little kid. I had home electronics kits and built all sorts of things like crystal radios, buzzers, door bells, simple switching circuits etc. I also am cursed with "The Knack"

I got my hands on my first computer around 1982,it was a TI-99/4A.

[More]

This entry was posted on August 2, 2011 at 2:02 PM and has received 851 views. There are currently 1 comments. Print this entry.

The Lion Shipped Last Night, or this morning. Today we'll see if it Roars! I am downloading and installing OS X Lion on my older Mac Book Pro. I have ColdFusion 9 Developer edition as well as the rest of my developer tools on there. I plan to use the MBP as the guinea pig and if that works fine then to my main system, a much newer iMac. I'll update this post with details as I have them.

The Install Process

FIRST RUN YOUR SOFTWARE UPDATES! New updates came out for Snow Leopard in the past few days including and update to the Migration Assistant. Next, go the the App store. Lion if featured on the home page. Purchase Lion for $29 and wait while it downloads and installs. This is what's happening right now on the MBP. I hope everyone has a fast internet connection. This is 3.49GB.

The Results

So far I am running into an issue getting CF 9 server started. I don't have time right now to debug.

ColdFusion Builder 2 is running. This was installed already when I did the updated to Lion.

Flash Builder 4.5 is hanged in the install process. I hadn't installed it yet and it seems to be not working. The first issues was it could not communicate with Adobe to verify my Adobe ID. I don't have time to debug this either right now.

*UPDATE*
JRun is running, but I can't control starting or stopping of ColdFusion from CFBuilder or the ColdFusion Launcher. If I kill JRun then use the ColdFusion Launcher, I get the message "Server 'cfusion' failed to start." I'm not seeing anything in the logs indicating why it failed. I'm wondering if the connector to Apache is an issue. I remember that I had to redo that for ColdFusion 8 when I upgraded to Snow Leopard. Otherwise I'll reinstall ColdFusion 9 and see what happens.

• Flash Builder 4.5 did install finally
• ColdFusion Builder 2 is running.

*UPDATE 2*
There had to be something else wrong with my previous install. maybe I had the wrong connector or installed previously. I am not sure. This is a 3+ year old MacBook Pro that had Leopard installed originally and has had two OS upgrades since. None of these upgrades have been fresh clean installs. Plus ColdFusion 8 prior and now ColdFusion 9. So, I decided to uninstall ColdFusion and reinstall. That only took 5 minutes and now ColdFusion 9 is up and running. The good news about doing this way is we now know the installer works on Lion. Maybe this weekend I'll upgrade my iMac which is much newer and has not had so many previous upgrades. I'm feeling better about OS X Lion now.

*UPDATE 3*
Well, I tried to install the ColdFusion 9.0.1 update. That failed. I'm having all the same issues I had when I originally upgraded to OS X Lion. I usually stay up-to-date on these updates and hot fixes so I'm guess this may have been the issue all along. I'm posting the items from log files that may point to a clue. I'm not sure what the problem is at the moment.

*UPDATE 4*
A huge thanks to Marcin Szczepanski - see his comment below.

I could confirm his findings on my installation also. The new jpedal.jar is different. There are class files in the old one that are not in the new one. By replacing the new jpedal.jar file with the old one, ColdFusion 9.0.1 is up and running. Considering this was part of the update for 9.0.1 I wonder what else will break because of using the old file?

This entry was posted on July 20, 2011 at 9:53 AM and has received 2861 views. There are currently 51 comments. Print this entry.

I woke up this morning to hundreds of alert emails from one of my websites. It seems while I was sleeping someone or "somebot" tried a SQL Injection attack on this site and they (or the bot) failed miserably. Why did they fail? I properly use CFQUERYPARAM.

The fundamental problem in SQL injection is concatenation of untrusted data (raw user input) to trusted data and the whole strings is being sent to the database for execution. The moment you merge the raw untrusted data to trusted data for execution, you got a problem. You should never allow raw data get to the database.

The nature of this attack was to append to a URL param like this.

My alerts told me that the value failed for the data type. Part of the reason for using the CFQUERYPARAM tag is to enforce data protection by using the CFSQLTYPE and MAXLENGTH attributes.

This SQL Injection attack was prevented because the datatype was not integer. If this was a string field then it would have failed due to the MAXLENGTH attribute except for maybe on some very long fields. Next, because CFQUERYPARAM creates a Prepared Statement instead of raw SQL, essentially encapsulating the raw data and preventing it from being executed.

In addition to stopping these types of attacks you need to know when these attack happen. I was sound asleep when these happened, and I really don't feel like reading miles of log files every morning to check to see if something happened. I've setup email notification for these types of errors so that I get alerted to a threat and can then check to make sure nothing else happened. I know a lot of people that never log these things and still many more that log these errors but never review the log files. Trust the logs! Believe the logs! The logs aren't lying. Reading the logs are time consuming (and can cure insomnia) which is why some sort of log scanning tool and notifications should be setup. You can't stop an attack if you don't know about it.

In this case the code blocked the attack, my alerts told me about it and I went on with my morning consuming caffeine.

This entry was posted on July 11, 2011 at 11:21 AM and has received 1416 views. There are currently 4 comments. Print this entry.

Ok, so it's been a while since I posted something useful or anything at all. I've been busy alright? CF Webtools has me bust'n butt for clients and internal projects so I am not complaining about being busy. Just pointing out a fact, but it's a good fact.

So what has been keeping so busy?

Most of the work I do is for one client Classic Industries. We are working with them on a massive overhaul that is basically being done in place a little at a time. The biggest changes that may be visible to users are the SES URL's in the product catalog. We've been working on massive amounts of rewrite rules and ColdFusion code to translate the SES URL's back to variables that the existing controller and model layers understand. While the existing site and code is not "pure" MVC it does have a clear model and a quasi controller. The fact that they already had this site built this way when they came to CF Webtools has helped with the in place re-write/re-factoring. It's not "pure", but it's good enough.

[More]

This entry was posted on June 27, 2011 at 7:09 PM and has received 952 views. There are currently 0 comments. Print this entry.

CF Webtools is still hiring ColdFusion developers. Whether remote or local to the Omaha, NE area, we want to hear from you!

Upwards of 80% of our work is ColdFusion based. We are looking for reliable, honest and experienced ColdFusion programmers who can make an immediate contribution to our highly skilled team. We prefer local talent, but for the right fit, telecommute may be a possibility.

We provide a full suite of services from complex tool development, sophisticated charting applications, DB engineering, to site design, blogs, e-commerce and hosting. For someone who likes to have their hands in everything, this is a great opportunity.

We offer a competitive salary, health/dental/disability insurance, a flex plan, life insurance, a bonus structure, referral incentives and a great team atmosphere. We're amenable to flexible work hours – if you can budget your time and get projects done with a good personality and ease of communication, then you'll fit right in.

We are also hiring a project manager that has at least 1 year of IT project management experience.

Se details at http://www.cfwebtools.com/default/index.cfm/about-us/job-openings/

This entry was posted on April 20, 2011 at 5:34 PM and has received 1407 views. There are currently 0 comments. Print this entry.

Recently I have been working on a few ColdFusion 8.0.1 servers for CF Webtools and I've had the pleasure of sifting through the myriad of Security Updates, Hot Fixes and other updates. I've posted a couple blog posts about this and reference Charlie Arehart's wonderful summary of the patches.

A while back David Epler posted an article called What does a fully patched ColdFusion 8.0.1 Server look like? which is a useful reference.

Well today David published the Unofficial ColdFusion 8.0.1 Updater 2. This update is supposed to contain everything needed to fully patch ColdFusion 8.0.1. I have not tested it YET, but I plan to. He also published a well documented ColdFusion 8.0.1 HotFix Matrix PDF that details every security update, hot fix and patch. I really could have used this last week as I was doing this exact thing by downloading every patch and figuring out which files were used or were superseded by a newer patch. This is a lot of detective work requiring a large about of file comparing and documenting.

Thank you David for compiling this information.

This entry was posted on April 18, 2011 at 11:09 AM and has received 1668 views. There are currently 1 comments. Print this entry.

I've had to help a couple companies just recently deal with the issue that the most recent Security Hotfix | ColdFusion 8, 8.0.1, 9, 9.0.1 for ColdFusion breaks ColdFusion.

This is something I confirmed myself and also figured out why and what to do when the patch fails. Hopefully most will see this blog post and my other one about this and get patched in the proper order to prevent this issue.

The reason it fails is that the latest Security Update requires Hot Fix 4. This is not documented in the tech notes for the Security Update. You'll know it failed when you see this error coldfusion/runtime/QueryTableWrapper. To quickly fix this replace cfmx_bootstrap.jar with the one found in Hot Fix 4. A better idea is to fully and properly patch your ColdFusion server.

Please read here for more details.

UPDATE Let me clarify, I am only referring to ColdFusion version 8.0.1. I have not seen this issue with nor tested for this issue in other ColdFusion versions.

This entry was posted on March 31, 2011 at 4:02 PM and has received 1477 views. There are currently 0 comments. Print this entry.