Kevin Hoyt on ColdFusion 9
You may or may not know that the Muse' company, CF Webtools, sponsors the Nebraska ColdFusion User's Group (NE CFUG). Actually all the real work is done by our ColdFusion and Linux Guru, Ryan Stille who's energy keeps ColdFusion thriving here in the heartland. Last night we heard a presentation by the affable and knowledgeable (and really really tall) Kevin Hoyt. He spent about 2 hours both in presentation and chatting with us afterward. He was pretty cool and called his presentation a "slide deck" and talked about how the "newbies" put in too many "transitions". Oh you Adobe people and your fancy pants lingo. What will you think of next.
Now in the interest of full disclosure, I'm a ColdFusion zealot. I know that's not news to my regular readers, but it bears mentioning in case I slip up and say something negative. All in all the Muse has been thrilled with each release of ColdFusion and I have waited with bated (or is it baited) breath for each Beta (or is it Baita) version. When CF 8 came out I rewrote our entire tracking and project management system to take advantage of the new UI features. I'm an early adopter and a CF enthusiast. Also I should note that, although I have the beta version of CF 9, I will only be talking about what was in the presentation. Here's my take.
Read MoreMy Funny Val()entine and SQLi
Regular readers know I'm always on the lookout for interesting issues regarding SQL Injection and ColdFusion. This year has been a banner year for injection on ColdFusion sites and if you are not on the Cfqueryparam bandwagon yet I have one more example of a code that might seem to be inoculated but is not. It has to do with the use of val( )....
Read MoreAsk-a-Muse: How Do I Upgrade the JVM?
Muse Reader Rob Asks:
I have a silly question. How exactly do you upgrade the JVM on your ColdFusion server? My server is on Win2k3 x64 and the JVM version is 1.6.0_04. Do you specify it manually in the jvm.config file?
I'm glad you asked this question because it reminds me that I sometimes give advice without any follow through - which is the same problem I have with my 8 iron. Upgrading the JVM on a windows installation is pretty easy. Just remember that you will need the correct Java Runtime for your platform and ColdFusion version. Rob specified Win2k3 x64 so I assume he means he is running ColdFusion 8 enterprise 64 bit - in which case the target version is 1.6 update 14 (or 1.6.0_14). I usually start at the Sun Java download page. Once you have the right version in hand the rest is easy.
Read MoreCertain JPGs Can Crash Your ColdFusion 8 Server
This issue was brought to my attention by Adrian Lynch on CF-Talk. It seems that if you use the new image functions in ColdFusion 8 against certain kinds of JPG images you can actually cause your JVM to crash. If you have code that uses the latest image functions to handle uploaded images you should definitely take note of this post. I cannot yet see how a user might take advantage of this bug to penetrate your server, but a malicious (or even non-malicious) user could easily perform a denial of service attack and cause your CF server to go up and down like Jack LaLanne doing jumping jacks. So if you fit into that category (handling uploaded images using CF 8 image functionality) here's the scoop.
Read MoreConnector Problems - Win2k8, IIS7 and Multi-Server ColdFusion 8 x 64 Bit
I have not yet had this problem specifically, but it was pointed out by CFG Tom Forrest who spent some time wrangling with it. He was trying to use the connector widget to connect IIS 7 sites to ColdFusion instances (running in Multi-Server Mode). He reports as follows:
The connector refused to install anything into IIS. When I started it, the first window would appear. When I clicked "add" I would see something to the effect of, Installing required IIS7 components. It may take 2 to 5 minutes to complete. The window that allows you to set all the parameters would open, and you could select any of your running CF servers. However, you couldn't select any of the IIS sites that were created. Assuming you give up and click ok, allowing it to "install to all" you would get an error window stating error creating IIS application extensions ColdFusion.
According to Tom the fix is to install the IIS 6 Management Compatibility role service. This service allows an IIS 7 server to "act like" an IIS 6 server. Once installed the configuration tool began to work.
While I haven't had this specific problem, I have noticed that a number of other things are easier and more familiar with the IIS Management Compatibility installed. Thanks Tom.
Ask-a-Muse: Killing the Immortal Thread
Muse Reader Joe Asks:
How do I kill a request? Every other day or so there will be a runaway process that cannot be killed. Clicking on the red exclamation in the monitoring tool does not give an error but it does not kill the request either. My question is how to kill this process?
Ah the immortal thread - like a god coming down from Mt. Olympus and laughing with his (or her) hands on his mighty hips (see why I chose "his"? ... "her mighty hips" ... well, I just didn't want to go there). Such threads are mind bogglingly frustrating. In actual fact, there are some requests spawned by ColdFusion that may not be able to be terminated by ColdFusion. For the long version read on McDuff.
Read MoreGoogle Wave - The Next Thing?
Like most geeks I love technology. I'm always reading about the cutting edge of research. I can become as engrossed in an online white paper about nano-technology as I am in my favorite TV Show - which is a toss up between the gritty AMC Drama Breaking Bad and the light hearted and endearing (although occasionaly gruesome) Pushing Daisies with the irrepresible Kristin Chenoweth as former Jockey-turned-waitress Olive Snook. Who else could make unrequited love seem so appealing and delicious... but I digress. This "forward leaning" interest in technology tends to create a momentum for me and even for my company (CF Webtools) that makes me prone to try new things. So when Google announces a ground breaking new paradigm for collaboration my temptation is to say "count me in". In case you missed the hype I'm talking about Google Wave which was previewed at Google I/O.
Google Wave aims to combine elements of email, chat, blogging, micro-blogging, collaboration, source control, and social networking into a single interface that claims to draw in all the best features of these tools while eliminating some of the annoying drawbacks. The paradigm for Google Wave moves away from "messages" and toward a "conversation". That might seem too abstract to matter, but such idioms are important because they give us an anchor - a point of reference for understanding something new.
Let me say at the outset that I'm positively inclined toward this product (at least, what I've seen of it). I can see how it would benefit my own team in many ways. I'm already thinking of how I might enhance our vast, custom tracking system using the Wave Protocol. One of the best things about Wave isthe protocol layer and integration strategy. So I am not against the product - indeed I'm rooting for it. I would love to get rid of our hodgepodge of tools in favor of one elegant way of collaborating. Still, I see some problems for Wave on the horizon. So if you want the contrarian view read on...
Read MoreSites to Watch
Aggregators
RSS
