Just a quick note to report that both my PostgreSQL 8.3.7 and MySQL 5.1.4 installs survived the upgrade to OS X Lion. PostgreSQL was installed via Mac Ports and MySQL was installed via the download from their website. PG Admin and MySQL workbench are also working just fine.
ColdFusion 9 on OS X Lion
Jul 20
The Lion Shipped Last Night, or this morning. Today we'll see if it Roars! I am downloading and installing OS X Lion on my older Mac Book Pro. I have ColdFusion 9 Developer edition as well as the rest of my developer tools on there. I plan to use the MBP as the guinea pig and if that works fine then to my main system, a much newer iMac. I'll update this post with details as I have them.
The Install Process
FIRST RUN YOUR SOFTWARE UPDATES! New updates came out for Snow Leopard in the past few days including and update to the Migration Assistant. Next, go the the App store. Lion if featured on the home page. Purchase Lion for $29 and wait while it downloads and installs. This is what's happening right now on the MBP. I hope everyone has a fast internet connection. This is 3.49GB.
The Results
So far I am running into an issue getting CF 9 server started. I don't have time right now to debug.
ColdFusion Builder 2 is running. This was installed already when I did the updated to Lion.
Flash Builder 4.5 is hanged in the install process. I hadn't installed it yet and it seems to be not working. The first issues was it could not communicate with Adobe to verify my Adobe ID. I don't have time to debug this either right now.
*UPDATE*
JRun is running, but I can't control starting or stopping of ColdFusion from CFBuilder or the ColdFusion Launcher. If I kill JRun then use the ColdFusion Launcher, I get the message "Server 'cfusion' failed to start." I'm not seeing anything in the logs indicating why it failed. I'm wondering if the connector to Apache is an issue. I remember that I had to redo that for ColdFusion 8 when I upgraded to Snow Leopard. Otherwise I'll reinstall ColdFusion 9 and see what happens.
- Flash Builder 4.5 did install finally
- ColdFusion Builder 2 is running.
*UPDATE 2*
There had to be something else wrong with my previous install. maybe I had the wrong connector or installed previously. I am not sure. This is a 3+ year old MacBook Pro that had Leopard installed originally and has had two OS upgrades since. None of these upgrades have been fresh clean installs. Plus ColdFusion 8 prior and now ColdFusion 9. So, I decided to uninstall ColdFusion and reinstall. That only took 5 minutes and now ColdFusion 9 is up and running. The good news about doing this way is we now know the installer works on Lion. Maybe this weekend I'll upgrade my iMac which is much newer and has not had so many previous upgrades. I'm feeling better about OS X Lion now.
*UPDATE 3*
Well, I tried to install the ColdFusion 9.0.1 update. That failed. I'm having all the same issues I had when I originally upgraded to OS X Lion. I usually stay up-to-date on these updates and hot fixes so I'm guess this may have been the issue all along. I'm posting the items from log files that may point to a clue. I'm not sure what the problem is at the moment.
1Apache error.log
2[Fri Jul 22 12:01:47 2011] [notice] jrApache[136: 59841] Couldn't initialize from remote server, JRun server(s) probably down.
3[Fri Jul 22 12:01:47 2011] [notice] jrApache[136: 59841] JRun will not accept request. Check JRun web server configuration and JRun mappings on JRun server.
4
5
6cfusion-event.log
707/22 12:02:08 info No JDBC data sources have been configured for this server (see jrun-resources.xml)
807/22 12:02:08 info JRun Web Server listening on *:8300
907/22 12:02:08 info JRun Proxy Server listening on *:51020
1007/22 12:02:08 info Deploying enterprise application "cfusion-ear" from: file:/Applications/JRun4/servers/cfusion/cfusion-ear/
1107/22 12:02:08 info Deploying web application "Adobe ColdFusion 9" from: file:/Applications/JRun4/servers/cfusion/cfusion-ear/
1207/22 12:02:09 user JSPServlet: init
1307/22 12:02:10 user ColdFusionStartUpServlet: init
1407/22 12:02:10 user ColdFusionStartUpServlet: ColdFusion: Starting application services
1507/22 12:02:10 user ColdFusionStartUpServlet: ColdFusion: VM version = 20.1-b02-383
2[Fri Jul 22 12:01:47 2011] [notice] jrApache[136: 59841] Couldn't initialize from remote server, JRun server(s) probably down.
3[Fri Jul 22 12:01:47 2011] [notice] jrApache[136: 59841] JRun will not accept request. Check JRun web server configuration and JRun mappings on JRun server.
4
5
6cfusion-event.log
707/22 12:02:08 info No JDBC data sources have been configured for this server (see jrun-resources.xml)
807/22 12:02:08 info JRun Web Server listening on *:8300
907/22 12:02:08 info JRun Proxy Server listening on *:51020
1007/22 12:02:08 info Deploying enterprise application "cfusion-ear" from: file:/Applications/JRun4/servers/cfusion/cfusion-ear/
1107/22 12:02:08 info Deploying web application "Adobe ColdFusion 9" from: file:/Applications/JRun4/servers/cfusion/cfusion-ear/
1207/22 12:02:09 user JSPServlet: init
1307/22 12:02:10 user ColdFusionStartUpServlet: init
1407/22 12:02:10 user ColdFusionStartUpServlet: ColdFusion: Starting application services
1507/22 12:02:10 user ColdFusionStartUpServlet: ColdFusion: VM version = 20.1-b02-383
*UPDATE 4*
A huge thanks to Marcin Szczepanski - see his comment below.
I could confirm his findings on my installation also. The new jpedal.jar is different. There are class files in the old one that are not in the new one. By replacing the new jpedal.jar file with the old one, ColdFusion 9.0.1 is up and running. Considering this was part of the update for 9.0.1 I wonder what else will break because of using the old file?
I am just getting fully into code for today with the ColdFusion Builder 2 HotFix 1 applied. I had to edit some JavaScript and I noticed that it appears another bug was fixed that wasn't documented in the HotFix documentation. It used to be that when editing JavaScript files "name.js" that if JavaDoc style comments were used the syntax coloring would break. Now it's working. Can anyone else confirm this?
This had been reported as bug # 2824457 to Adobe back in March of 2011 and attributed as a "third-party" issue.
1/**
2 * File name: myJsFile.js
3 * Date: 07/19/2011
4 *
5 * @param int
6 * This function does something
7 *
8 */
9 function testMeNow(myInt) {
10 if (myint == 0) {
11 alert("Too Small");
12 } else {
13 alert("too big");
14 }
15}
2 * File name: myJsFile.js
3 * Date: 07/19/2011
4 *
5 * @param int
6 * This function does something
7 *
8 */
9 function testMeNow(myInt) {
10 if (myint == 0) {
11 alert("Too Small");
12 } else {
13 alert("too big");
14 }
15}
Adobe released the ColdFusion Builder 2 HotFix 1 today. Three bugs have been fix related to searching files.
2918913 If you select multiple files in the navigator and perform search, ColdFusion Builder Search scope does not display the option Selected Resources.
2918906 If you select multiple files or folders and perform search, ColdFusion Builder Search does not provide the option to specify file extensions to narrow down the search.
2918920 At times, ColdFusion Builder Search becomes unresponsive if you perform search on large number of files.
Hopefully this is a sign that Adobe will be releasing HotFixes more often than was done with ColdFusion builder 1, because there are still more bugs to be resolved.
One of the first things you may need to do after installing ColdFusion Builder (or Flash Builder) in setup SVN. My personal preference is the Subversive Plugin. Prior to importing any projects I recommend installing the Subversive plug in and getting it setup with an SVN connector. Doing this first will make importing any existing previous version CFBuilder projects or existing SVN Checkouts much easier to import and get re-connected.
I am blogging this because the great Ray Camden, the ColdFusionJedi, was tweeting for help today with this subject and the Subversive plugin. This is what we figured out. Not all SVN Connectors are equal, use SVNKit. Below is how to install Subversive and the SVNKit connector and why you should choose this connector.
You need to install the plugin first. On the Standalone version of ColdFusion Builder do the following:
I woke up this morning to hundreds of alert emails from one of my websites. It seems while I was sleeping someone or "somebot" tried a SQL Injection attack on this site and they (or the bot) failed miserably. Why did they fail? I properly use CFQUERYPARAM.
The fundamental problem in SQL injection is concatenation of untrusted data (raw user input) to trusted data and the whole strings is being sent to the database for execution. The moment you merge the raw untrusted data to trusted data for execution, you got a problem. You should never allow raw data get to the database.
The nature of this attack was to append to a URL param like this.
1action=song&prod=11866+and+1=0+%20Union+Select+......... (I'm leaving off the encoded SQL)
My alerts told me that the value failed for the data type. Part of the reason for using the CFQUERYPARAM tag is to enforce data protection by using the CFSQLTYPE and MAXLENGTH attributes.
1<!--- borrowed from the ColdFusion 8 LiveDocs
2http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_p-q_18.html
3--->
4 <cfquery name = "query name" dataSource = "data source name" ...other attributes...
5 SQL STATEMENT column_name =
6 <cfqueryparam value = "parameter value"
7 CFSQLType = "parameter type"
8 list = "yes|no"
9 maxLength = "maximum parameter length"
10 null = "yes|no"
11 scale = "number of decimal places"
12 separator = "separator character">
13 AND/OR ...additional criteria of the WHERE clause...>
14 </cfquery>
2http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_p-q_18.html
3--->
4 <cfquery name = "query name" dataSource = "data source name" ...other attributes...
5 SQL STATEMENT column_name =
6 <cfqueryparam value = "parameter value"
7 CFSQLType = "parameter type"
8 list = "yes|no"
9 maxLength = "maximum parameter length"
10 null = "yes|no"
11 scale = "number of decimal places"
12 separator = "separator character">
13 AND/OR ...additional criteria of the WHERE clause...>
14 </cfquery>
This SQL Injection attack was prevented because the datatype was not integer. If this was a string field then it would have failed due to the MAXLENGTH attribute except for maybe on some very long fields. Next, because CFQUERYPARAM creates a Prepared Statement instead of raw SQL, essentially encapsulating the raw data and preventing it from being executed.
In addition to stopping these types of attacks you need to know when these attack happen. I was sound asleep when these happened, and I really don't feel like reading miles of log files every morning to check to see if something happened. I've setup email notification for these types of errors so that I get alerted to a threat and can then check to make sure nothing else happened. I know a lot of people that never log these things and still many more that log these errors but never review the log files. Trust the logs! Believe the logs! The logs aren't lying. Reading the logs are time consuming (and can cure insomnia) which is why some sort of log scanning tool and notifications should be setup. You can't stop an attack if you don't know about it.
In this case the code blocked the attack, my alerts told me about it and I went on with my morning consuming caffeine.
SVN Clients For OS X
Jul 8
I do a lot of work with version control on the Mac. Typically I only use the Subversive plug-in for ColdFusion Builder or Eclipse. However some clients of ours at CFWebtools are using Versions , so I had to install and learn Versions to help them out. The download and install is typical "Mac easy". However, I find the way Versions works is a bit more confusing than it should be. Also, unless I am not seeing them, Versions only has a subset of the SVN commands. I am not seeing merging, branching and tagging. I don't know how you're supposed to merge branches and tag using Versions. To me this is a severe shortcoming.
Also I found the UI to be confusing. Repository Bookmarks? What are those? I've never heard bookmarks used in terms of SVN with exception to how tags are sometimes explained. When you look at the top level in the Bookmarks pane you get the view of the server. In other SVN clients this is called the Repository Browser mode. In the subfolder level of the Bookmarks pane you see the code checkouts. I can see how is it very easy to get the two views, which are blended together into the same window, confused. As far as functionality goes, I can checkout, commit, update and view differences etc. However I cannot merge two branches or merge a branch back into the trunk. I can checkout the trunk and a branch for the same repository at the same time and see them both but I can't do a merge. If this was a freeware product I suppose it would be acceptable that wasn't full-featured but this is commercial-ware and as I see it, it's missing critical features.
So I started downloading other SVN standalone clients. There is RapidSVN and SmartSVN that I found and they both looked like they have a decent UI to work with. First I tried RapidSVN and it required Rosetta to install so I said "the heck with it", and deleted it. SmartSVN did install and what struck me was it had a more intuitive interface than Versions. The first thing it did was to ask if I wanted to connect to an existing check out of code. Not, ask if I wanted to create a new Repository Bookmark. Of course I did, I have code for about a dozen projects checked out. I also found that SmartSVN has a more complete set of version control commands, including merging and branching and tagging. Also the UI does not try to blend or hide the difference between the repository browser and your local check out. If I need to browse the repository it does so in a new window just like every other SVN client I've used on Windows and Mac.
SmartSVN clearly, without any customization, identifies changed files. And I believe the default sort order was by changed files on top but don't remember if I change that right away or not. It is very easy to change the way you sort your files with SmartSVN. I found that the ignore feature works like other advanced SVN clients and lets me set wildcard patterns. This is something that I noticed I could not do in Versions.
Overall the look the feel and the flow of usage of SmartSVN was very intuitive and useful. If I needed to use a standalone SVN client I would definitely purchase SmartSVN even though the price tag is a bit hefty at $80. Which is why I prefer using the Subversive plug-in for ColdFusion Builder.
Of course OS X already has command line SVN commands available at your fingertips if you so choose to use them. Enjoy!
*** UPDATE ***
Cornerstone was mentioned in the comments below, so I downloaded and tested. My quick 5 minute review is positive. Multiple SVN repositories, clear delineation between repo view and check out view. Most SVN commands available on right click (had to hunt around to find ignore). Branching is as easy as it is in Subversive. And the price is better than SmartSVN. +1 for Cornerstone.
