Archive for the ‘coldfusion’ Category

Variable assignment in loop

I had to debug something quite subtle yesterday and learned something in the process.

Spent quite some time on this problem. Perhaps if my ColdFusion fundamentals were stronger, the problem should be identified easily.

The problem was this, in a cfloop query, the code was meant to overwrite the value from the query for a given condition.

Supposed you have this query below:

image


		
			
		




FieldID
FieldLabel
variables.FieldLabel



	
	

#FieldID#
#FieldLabel#
#variables.FieldLabel#

So as you can see we are looping over a query, but for one particular condition, in this case: if the fieldLabel column called job type, we want to output something different.

The result was this table:

FieldID FieldLabel variables.FieldLabel
169 Job Type this is overwritten
170 Location this is overwritten
171 Industry Sector this is overwritten
172 Job Duration this is overwritten
173 Job Start Date this is overwritten
174 Salary this is overwritten
896 Account to use this is overwritten

The bug was, our application was reffering to FieldLabel unprefixed by the scope, as you can see from the result, it will always getting the value from the qAllActiveFields (as from scoping from a view the query scope has precedence over variables scope).

Very subtle bug, but can really be so easily avoided by doing any of the folllowing:

  • Never set variable name inside a loop as one of the column name of that query
  • Prefix correctly

Posted by felixt on September 24th, 2008

Filed under coldfusion | Comments Off

This vs Variables Scope in CFC

This is just rehashing of Raymond Camden’s very useful post of Variable Scopes in CFCs.

I always wonder whether to use This or Variables to scope the variables that are available to all the functions on for that particular CFC. This is a problem that I didn’t have before because now I am writing a LOT of CFCs from scratch (CFC is just starting to become a practice in this company). I know I’ve read some explanations from books and blogs but none has been as clear as Ray’s post.

From what I’ve read on the post, variables scoped with This can be accessed outside the CFC via referencing the variables directly, this is similar to declaring your variables public in Java. A no no in OO practice, as you want getters and setters to handle access to variables.

So I’ve got the confirmation today to use Variables scope instead of This.

There are also a couple things worth mentioning from the post:

  • Always use var to scope variables inside functions/methods (admittedly a practice I just picked up recently).
  • Avoid using these scopes inside CFC: Form, URL, Application, Session, Server, CGI, Client, Request, Cookie. As this is not portable.

Posted by felixt on September 17th, 2008

Filed under coldfusion | Comments Off

The downside of being a ColdFusion developer in Australia

I’ve come to this realization, if you are a ColdFusion developer (esp if you’re a new to it), you might be disappointed with the reality in Australia.

Working on Legacy Applications

You’ll most likely have to work on legacy applications built pre-CFC days (pre 6.1MX). Spaghetti codes abound. Unlike on the other parts of the world, where companies are writing apps in newer CF versions, using frameworks and best practices. This is also my suspicion, I believe in Australia there’s a smaller percentage of fresh CF developers compared to UK or US for example, this limits the possibility of being exposed to best practices (my bias is the younger you are, the more tuned to best practices you are -> the younger you are the more likely you are to read books and blogs).

Resistance to OO and Frameworks

Most ColdFusion frameworks are following some OO approaches anyway, so I lump OO and frameworks together.

You’ll suggest moving to more OO approach as well as using frameworks, for long term benefits. But this will mean re-write and re-architect the application. Management asks why, the app is working, it does what it does, what’s wrong with that?

Even if they are agree in moving to OO and/or frameworks, you’ll find these problems:

  1. Not many ColdFusion developers (speaking from the experience of 1 and 8 months working in ColdFusion) know or have used ColdFusion frameworks nor OO before (in fact finding a decent ColdFusion programmer is actually quite hard in Sydney, let alone one that uses frameworks and knows OO).
  2. You want to be mentored by the senior developers or system architect on these areas, but they have no or little experience on them.
  3. There’s no framework training available in Australia yet, at least in Sydney. In one of the job interviews that I had this year, I was asked whether I know any Model-Glue training in Australia, obviously this guy is keen getting his developers to work in framework but finding it hard to get his developers trained.

In places like US for example, I think there are little problems with the points above.

We really need new applications written incorporating best practices and what’s possible in ColdFusion. We need the legacy applications to be re-vamp. We also need pre CFMX developers to at least be trained in OO (I believe Rocketboots has some courses on this). Only then you can entice fresh blood to come and develop in ColdFusion, or in my case to stay and develop in ColdFusion and not moving to Java, .NET, PHP or even Rails.

Posted by felixt on August 18th, 2008

Filed under coldfusion | Comments Off

verynx strikes

There was (or is?) a wave of SQL injection attacks apparently targeting ColdFusion sites in the past few days.

Unfortunately some of our sites were not immune to this attack, because apparently these are olders apps built on the days where cfqueryparam either didn’t exist or not widely used.

I am just wondering whether this is the case where ColdFusion developers take security for granted because ColdFusion is meant to be secure right? I mean you did pay for the server.. I remember back on my PHP days, when we have to write our own sanitizer to handle form inputs, because we know security is an issue with PHP.

Although it’s easy to get angry with the attackers, but not having your application secured thoroughly is also plain silly. You are asking for it, and you get it served.

There is no longer excuse for not using <cfqueryparam>, at least now everyone sees the need for it.

A simple short term solution at the moment is to filter SQL keywords in URL and FORM scope (variant of EXEC especially). A longer term solution would be to scan the older applications for queries with cfqueryparam and make it mandatory now for cfqueryparam to be used.

Come to think of it, this was a very clever attack and quite harmless in a way, no drop tables or anything nasty like that. It served as timely reminder for us (and to me as well) to not taking security for granted in whatever platform you are developing. Thank you hacker, but I hope you go to jail for this.

Posted by felixt on July 24th, 2008

Filed under coldfusion | Comments Off

ColdFusion and SSLv3

Last week was probably one of the most unproductive and frustrating weeks that I’ve been in. I spent 70% of my time Googling around, trying different things around,

I was assigned a project to integrate our system with an overseas partner, the integration will be facilitated via web services. And our partner web services are secured via SSL. I’ve done quite a few web service integration work, but doing secure web service over SSL is something new for me.

During the course of the week I hit so many walls (if you are only interested in ColdFusion and SSL version 3 (SSLv3), skip to the appropiate section below):

Problem 1: Registering certificate to Windows

Ok disclaimer first, as mentioned earlier, I really have little experience with SSL, certificates and all the like. So I googled A LOT and trying things frantically as well. To be able to connect to our partner web services, I had to create a private key (this is to be kept secret) and a Certificate Signing Request (CSR), for the partner to sign.

The partner returned a signed certificate from the CSR, and basically I need to install this to my machine. Now this was the major first roadblock that I have, it took me and lead developers on the partner’s side about 2 days to solve.

We thought once the certificate installed we can just use it to browse the web service site, but whenever I entered the URL, I was always prompted with an empty list of certificate to choose from to secure the connection.

Found out that not only that I have to install the certificate, but I also need to combine the certificate with my own private key, the result of this would be a PKCS12 file, I use OpenSSL again to do this. And after installing the PCKS12 to key store, the certificate appears on the list. 

Problem 2: ColdFusion and SSL version 3 (SSLv3)

To cut the story short, CFINVOKE up to ColdFusion 8 doesn’t support SSLv3 (although apparently the CFHTTP does, haven’t checked myself). It is still on the wish list for ColdFusion 8 see no 35.

And how do you know that the web services you’re trying to invoke are using SSLv3? If the web service expects you to supply a certificate when invoking its functions that it’s probably SSLv3. More information on this read Steven Erat’s from talkingtree blog especially: this entry. Special thanks for Mark Kruger from ColdFusion Muse blog, who has kindly replied to my questions,.

So I made the decision to use .NET to consume the web services and then use ColdFusion to call this .NET object. Glad to say that this approach works, but it wasn’t easy process as:

  1. I haven’t done much .NET programming
  2. I encountered some frustrating issues with CF8 and .NET integration

I think I will explain how the .NET looks like on another post, but if you are desperate please feel free to contact me I am sure I can give a snippet or two.

Posted by felixt on July 4th, 2008

Filed under coldfusion | Comments Off

ColdFusion 8 & .NET integration

I think the current project that I’m working on is one of the most difficult and frustating projects that I’ve ever been into.

Spent 2 days trying to make CF8 and .NET talks to each other in different environment.

On my local machine, everything is fine. Then I move the project to development server, it didn’t work, I’ve got this cryptic message from CF when invoking the .NET component:

System.NullReferenceException: Object reference not set to an instance of an object.

After hours of debugging, found out that it is caused by one of the inner class on the .NET cannot be instantiated (perhaps it wouldn’t take me that long to figure this out if I know .NET better). So problem fixed.

When moving to staging environment, guess what, it didn’t work again, different error message was thrown. It was something in the line of DotNetClassNotFoundException. Again spent hours playing with jnbridge config to no avail.

Luckily I remember the thread at CFAussie on similar issue. To debug CF8 & .NET issues, someone (Joel) suggested to look at jnbproxy.exe.config to see what .NET runtimes supported.  And this was the answer to my problem, I couldn’t see runtime version v2.0.50727 (.NET framework 3.5) on this config file. So I thought maybe added these lines to the config file and restarted .NET service would solved it, but alas it didn’t. So further googling around this time with keyword DotNetClassNotFoundException, found that I had to re-install CF8 .NET service to get the newly added .NET framework recognized (I think it was suggested on that CFAussie thread as well). So I uninstall the .NET service and download the CF8 .NET service installer and install it again. And yes, now CF8 and .NET talking nicely to each other.

Posted by felixt on July 1st, 2008

Filed under coldfusion | Comments Off

Learning Management System?

Note to self: found out today that Todd Sharp has open sourced his application called iLearn. Also found out this sort of application is called Learning Management System.

Similar to what I am working on at the moment with cfexam, but obviously Todd’s one is functional :) .

Posted by felixt on June 9th, 2008

Filed under coldfusion, stuffs, projects, to look at | Comments Off

Producing Excel Report in ColdFusion

There are two ways of doing this:

  1. The hard way
  2. The POI Utility way

I didn’t do the easy way until now, because I didn’t think it will be that easy.

This is how I did it the hard way:

<cfset lColumns = "job_ref,job_title,firstname,lastname,email,contact_preferred,TrafficLight,location,area,jobType,industry,Occupational">
<cfloop query="qJobs">
     <cfoutput>
     <cfset index = 0>    
     <cfloop list="#lColumns#" index="columnName">
        <cfset thisColumn = "qJobs." & columnName>
        <cfset columnValue = Replace(Evaluate(thisColumn),",","|","ALL")><!— escape all commas —>
        <cfif index gt 0>,</cfif>’#columnValue#’
        <cfset index = index + 1>
     </cfloop>
     </cfoutput>
</cfloop> 

The template will output the string on the browser

  • I will then copy the output, open Notepad and save it as a CSV file.
  • Close Notepad, opens the CSV file using M$ Excel and saves it as an Excel file and then I am done.

Ben’s POI Utility does all the above, and it only took me 5 minutes or so to modify his example file, it’s just too easy. Below is the code: 

<cfset objPOI = CreateObject(
      "component",
      "POIUtility"
      ).Init()
      />
  <cfset objSheet.Query = qManpower />
  <cfset objSheet.ColumnList = lColumns />

  <cfset objSheet.ColumnNames = "Job Reference,Job Title, Firstname, Lastname, Email, Contact Preferred, Traffic Light, Location, Area, Job Type, Industry, Occupational Area" />
  <cfset objSheet.SheetName = "Sheet 1" />
  <cfset objPOI.WriteExcel(
      FilePath = ExpandPath( "./Sheet1.xls" ),
      Sheets = objSheet,
      HeaderCSS = "border-bottom: 2px solid dark_green ;",
      RowCSS = "border-bottom: 1px dotted gray ;"
      ) />

Posted by felixt on June 2nd, 2008

Filed under coldfusion | Comments Off

CFINVOKE - refreshWSDL

I was implementing a web service the other day, it all went ok until I had to add another parameter on the web service function.

Suddenly my test template doesn’t work, I suspected the problem has to do with the stubs not being refreshed, so I refreshed it using CF admin interface, but it didn’t solve it.

I asked my workmate, he pointed me to a parameter in CFINVOKE method that I never heard before: refreshWSDL (my Eclipse didn’t suggest me this parameter neither did Dreamweaver 8) … Setting this parameter to true solves the problem.

Posted by felixt on May 29th, 2008

Filed under coldfusion | Comments Off

1st CFUG

Tonight was my first time coming to CFUG, well it’s now called Adobe Platform Users Group (APUG) as NSW CFUG and the Flash User Group merged together. Managed to get one workmate to join, he’s a CF enthusiast and has been to these meetings before. But rather unfortunatelly the other 6 weren’t interested, how can I get these people interested in being involved in CF community I wonder…

Also managed to caught up with 2 mates from the old workplace which is good.

Geoff from Daemon gave a presentation on open source community, he gave tips on what can developers do to help out the community (things like: submitting bug reports, feature requests, contributing financially etc2). He also shared a bit his experience with FarCry of which he is the benevolent dictator.

He also explained some of the open source licences, he brought into our attention the difference between GPL and LGPL and gave an example of the current controversy on ExtJS community caused by moving the library from LGPL to GPL (a controversy that I wasn’t aware of, wonder why I haven’t seen it blogged on CF or Flex blogs).

It was an informative session, I am glad that I came.

Posted by felixt on April 28th, 2008

Filed under coldfusion, user group | Comments Off

Next Entries »