Entries Tagged as ColdFusion
Dump or list all ColdFusion Variables in all scopes.
Posted by Paul Alkema | Tags: ColdFusion
Dump or list all ColdFusion Variables in all scopes.
On some occasions you may run into issues where you need a variable but your not sure what scope it’s in. Well I’ve found the code below extremely helpful for finding what scope the variable I’m looking for is in.
<cfdump var="#getPageContext().getBuiltInScopes()#"/>
Basically the function, “getPageContext().getBuiltInScopes()” will list all variables in all scopes.
Enjoy! :)
Get Drive Letter With ColdFusion
Posted by Paul Alkema | Tags: ColdFusion
I ran into an issue recently where my production server's code used a different drive letter than my development environment. A small handful of applications relied on that drive letter and would break if the drive letter wasn't changed before deployment. In these specific scenarios, I couldn't call expandPath() or getTemplatePath() directly because the application wasn't in the root of the website.
My solution to this issue was to put the code below in my application.cfm / application.cfc file which sets an application variable called "driveLetter" to the applications current drive letter; then I call the application variable instead of the static drive letter that could change.
Get Drive letter
If you want to get the drive letter once, you could use do something like below.
<cfset variables.driveLetter = listGetAt(expandPath('\'),1,'\')&'\' />
Get drive letter, then set application variable.
Below is the exact code I used in my application.cfm file to set the application variable initially, that way I don't have to run the script every time.
<cfif !isDefined('application.driveLetter')>
<cflock scope='application' timeout='5'>
<cfset application.driveLetter = listGetAt(expandPath('\'),1,'\')&'\'/>
</cflock>
</cfif>
ColdFusion 9 Vulnerabilities, Are You Safe?
Posted by Paul Alkema | Tags: ColdFusion , Security
I recently attended CFUNITED and loved it! It was great! Anyway, one of my favorite sessions at CFUNITED was a session by Pete Frietag entitled "Writing Secure CFML". In the session he said "who here has ever had their server hacked?" and to my amazement about half of the room put their hand up. This tells me that people aren't reading security bulletins (Wait, everyone reads those right?) and patching their servers accordingly. In the last few months I've seen two pop up that I just wanted to bring attention too.
-
Unauthenticated File Retrieval Vulnerability
Problem
Allows remote users to gain access to the server files through the ColdFusion Administrator. This could be used to gain database information or as a stepping stone to find internal vulnerability in applications.
Solution
Adobe has released a patch for this issue.
http://www.adobe.com/support/security/bulletins/apsb10-18.html
If your one of those people that don't like patching, an alternative fix is to change the default location of the ColdFusion Administrator or by limiting the ColdFusion Administrator's access from specified IP's.
Severity: High
CVE: CVE-2010-2861 -
Solr Service Information Disclosure Vulnerability
Problem
ColdFusion allows users to remotely connect to search collections that have been created by the Solr service. The flaw in this however is that by default any user can connect to this service from any IP without any type of authentication would could be used to gather information about the server or internal processes.
http://www.securityfocus.com/bid/38007/discussSolution
The best current solution at this time is to disable this service to be connected to from any other IP than the local IP of the server. Adobe has come out with an article outlining exactly how this can be done.
http://kb2.adobe.com/cps/807/cpsid_80719.htmlSeverity: Medium
CVE: CVE-2010-0185
I would also highly recommend checking your server for vulnarabilities using http://hackmycf.com/. It's a very easy to use website that will tell you what patches your server needs.
PHP vs. ColdFusion
Posted by Paul Alkema | Tags: ColdFusion , php
PHP vs. ColdFusion
In my years I've found myself actively writing in several different languages. I've written full applications in ASP.NET, PHP and ColdFusion. My current primary languages are PHP and ColdFusion.
Throughout the years I've grown really fond of ColdFusion. In this article I'm going to explain the benefits & cons of ColdFusion over PHP.
Benefits to PHP
- Widely supported and has a huge community of people willing to help and answer questions.
- Open source.
- A vast amount of open source scripts available.
- A large number of shared hosting providers that are willing to offer hosting for very low cost. For instance $3.00 - $10.00/month.
Cons to PHP
- Is not the easiest language to learn.
- Development time can be very time consuming as everything is syntax based and requires a lot of code.
- Server settings are made through a text file called php.ini which can be a hassle and can make issues difficult to diagnose.
- Servers are typically apache, which often causes issues with file / folder rights.
- Doesn't have a very good template system compared to ColdFusion's custom tag based templates.
Benefits to ColdFusion
- Very easy to learn compared to PHP.
- Extremely easy to read compared to PHP.
- Writing ColdFusion applications require much less code compared to PHP.
- Coding applications is much less time consuming as ColdFusion is much more Robust than PHP.
- Although the Adobe ColdFusion server is not open source, there is an excellent ColdFusion alternative. http://getRailo.org/
- The ColdFusion administrator is very easy to use and has a nice User Interface.
- ColdFusion has something called Custom Tags, which makes the managing and accessing of website templates a breeze.
- Very easy to use coldfusion OOP functions. Also allows for .NET and Java integration.
- Integrates very well with Flex.
- Extremly Robust with a vast amount of built in javascript packages like cfgrid, cfwindow and cftooltip. Also coldfusion has built in functions to allow ajax binding extremly simple.
Cons to ColdFusion
- Community is not as big. However, although the community isn't as big, I think that you'll find more ColdFusion programmers per capita than php.
- Some people don't like how easy to learn and read ColdFusion is because they claim that it's so easy to code that it's not like programming it's more like talking about code. Which is probably true.
- Those who use Adobe's ColdFusion think that it's expensive. Those who use Railo think it's free.
EXAMPLES
Want to see some code examples? I'll show you how robust ColdFusion really is.
The PHP code below, will return the columns firstname, lastname from the Friends table.
<?php
//
$con = mysql_connect("localhost","username","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("my_db", $con);
$result = mysql_query("SELECT friendId,firstName,lastName,nickName FROM friends");
while($row = mysql_fetch_array($result))
{
echo $row['FirstName'] . " " . $row['LastName'];
}
mysql_close($con);
?>
Now look at the Coldfusion Example
The ColdFusion code below, will return the columns firstname, lastname from the Friends table.
<cfquery name="getMyFriends" datasource="peter"> SELECT friendId,firstName,lastName,nickName FROM friends </cfquery> <cfloop query="getMyFriends"> #firstName# #lastName# </cfloop>
Isn't the ColdFusion code just so straight forward to the point and easy to read?
This is just a single example of hundreds, no thousands of reasons of why I personally think that ColdFusion is better than PHP.
Have an opinion why you think one is better than the other? I want to hear it!
Change IP Address Coldfusion 9 Developer Edition
Posted by Paul Alkema | Tags: ColdFusion
Are you receiving the error below and are looking at how to change the IP addresses available to your ColdFusion Developer box?
A License exception has occurred. You tried to access the Developer Edition from a disallowed IP address (xxx.xxx.x.xxx). The Developer Edition can only be accessed from 127.0.0.1 and two additional IP addresses. The additional IP addresses are: xxx.xxx.x.xxx,xxx.xxx.x.xxx
If you are, I have bad news, unfortunately there is no file or admin area to edit the allowed IP's. By default ColdFusion allocates the first two external IP addresses that hit the ColdFusion service. The only way to change the allocated IP addresses is to restart the ColdFusion service and hit the server with the correct IP addresses. Not ideal I know, but it's currently the only way.
