Central Alabama ColdFusion User Group - 2008

Home Employment Why ColdFusion? Demonstrations Archives Tips Other Groups Local Sites
2012 2011 2010 2009 2008 2007 Beginnings

Employment

4 December 2008 Meeting

New Meeting Time

We met at 6 PM at the usual location; the new location hasn't been firmed up yet.

Admin Demo

An old admin module that flexibly assigns permissions for various site functions was demonstrated (after clearing a date bug that CF5 ignored but was caught by CF7). Each non-admin user is associated with one of three nested groups (corresponding to various levels of an organization. The configuration screen lets administrators specify that various groups have create/delete, write, read, or no access to to various functions. For example, the mid-level group could be permitted to modify information belonging to the lowest level, or not.

6 November 2008 Meeting

Connect

Instead of our scheduled activity, we experimented with Connect and reviewed methods of organizing RSS feeds.

Change in Meeting Time

Because a monthly global manager-to-manager meeting has been scheduled at 7 PM on our meeting day, our subsequent meetings will start at 6 PM instead of 6:30 PM so that the group managers can catch the tail end of the manager-to-manager meeting after our meeting winds down.

2 October 2008 Meeting

Core Application Modules - Reader and Admin Support

We had hoped to demo code for the rss/atom reader and code for admin support of a member roster. Changes a member makes to his or her own profile would be handled as inserts so admins could roll back to earlier versions of the profile. (If members did something egregious and then wipe their profiles to duck and run, admins would be able to use earlier profile information to follow up.)

However, life happened; this didn't.

The manner in which RSS is implemented and used received some emphasis. And, this meeting spent a little time looking at the Time Travel demo on the futureec.com Web site: http://www.futureec.com/context/timetravel/ This demo explores the idea of using inserts in the guise of updates. However, the Time Travel demo falls short of the requirements for admin support in several areas:

4 September 2008 Meeting

Core Application Modules - RSS and Atom Reader - Requirement

In planning for this meeting, we discussed learning by doing when it comes to frameworks: using various frameworks to create a core application several different ways. The application would eventually be expanded and offered to low-budget organizations (churches and Scouting units, for example), but in the meantime, we'd learn lessons during implementation.

This month, we looked at the parameters and benefits of a useful module for such an application, a module that would read, store, and display inputs from data sources such as RSS and Atom.

Adobe Connect

Don Gilliand demonstrated Adobe Connect; it's marvelous! Without the need to install anything extra, individuals can show what's on their screens, and other individuals can add markings that all can see. We'll use it well.

7 August 2008 Meeting

Photo Function

The photo album approach in June used special pages that displayed subsets of a list of images to create an automated, changing collage. July looked at bridging eternal sites to a server that contains protected images.

This time, instead of relying on a collage of ever-changing images in fixed positions, the ability to customize scrapbook pages by placing image tags placed as desired was demonstrated. The source information of these image tags is specified through a function; the function causes the image to point to an encrypted URL that only works while a specific session is active. The code that underpins this example feeds multiple pieces of information to the general-purpose code that will render the image: the cfid and cftoken (copied from the session into the request scope as each page is rendered), the path to the image (relative to its storage location outside the webroot), the image filename (including extension), and random padding to discourage tinkering. For example:

Productivity

Frameworks should be chosen because they give the opportunity for increased productivity. We discussed the apparent advantages of several frameworks, then concluded that the best way to make their strengths and weaknesses apparent would be to produce the same useful core application using a number of frameworks.

3 July 2008 Meeting

Build Bridges

We looked at approaches to bridging users logged into a non-ColdFusion site to use restricted functions on a ColdFusion site. The bridging project was overshadowed by the time it took to set up an application that the bridge would access. However, using a "web bug" on the non-ColdFusion site to set a cookie (based on the referring site) that's honored by the target site did work.

It would have been more secure to have a succession of cookies so that analysis and mimicry of a single page wouldn't give the game away. But, that would require users to follow a predictable multi-page path through the non-ColdFusion site to reach the bridge. And, users are likely to bookmark the bridge, foiling this approach.

5 June 2008 Meeting

Build a Protected Photo Album

As promised, we reviewed the source code for a protected photo album. Here's the heart of the approach that was used to build it. For this example, the encrypted URL included a random component so that even an individual with access to the site cannot simply re-use the URL later to get the same image. This example also had filter pages that pare down the list of images to be considered so the user can limit what is seen to images from a single group even if the user is a member of multiple groups. Every six seconds, a display page only needed 65 milliseconds to bring back a collage of three fresh images even though for this example the querysim tag instead of a database was used as the image index described above.

1 May 2008 Meeting

Attack Your Site (Before Someone Else Does)

Nasty unscrupulous experts - you can hardly blame this stuff on bored amateurs anymore - try to use your own URLs and form variables to steal credentials from your users and data from your site. We revisited August's discussion of SQL Injection and Cross-Site Scripting, only this time we focused on a building a simple generic tool to let you attack your own site.

See Real Web Bugs

In addition to the main activity, we looked at real Web bug examples.

8 April 2008 - Employment Opportunity

I learned today that there may be a current opening in Montgomery for a senior ColdFusion developer, and there is potential for entry- and intermediate-level openings in the future. Contact me, Marty Ladner, for details.

3 April 2008 Meeting

Dip Into Our Barrel of Swag

Here was the offer:
Adobe has been kind enough to provide copious amounts of swag. Convince us why you deserve first pick from this collection, and you'll get it. The next most convincing participant will get next pick, and so forth. We expect to do two complete rounds of the room. No one will be left out, but you must be present to get the presents.

Here's what happened:
We opened a sealed box of swag. In addition to simple pleasures such as a WI-FI detector and small USB mice, we found a video recorder that will be used in future presentations. If you missed this meeting, don't lose hope. There are other unusual items here, and there are enough T-shirts to outfit a baseball team. Now all we need is a new excuse for giving some of it away.

Skim a Request for Proposal

In keeping with the idea that tools are meant to be used, we reviewed an openly published request for proposal (RFP) to see how you might achieve the results it asks for. (The RFP specifies an architecture to be used, but we ignored that during this no-holds-barred session.)

Gauge Programmer Demand - Pick a Job - Build Tools

This evolved into a nice discussion on how reviewing work requests can help you gauge the continuing demand for programmers, on why one might turn down a job, and some ways to make a little preparatory work (such as code generation) go a long way towards meeting a firm's needs now and in the future.

6 March 2008 Meeting

Consider Using Adobe Tools to Build Rich Internet Applications (RIA)

Adobe's RIA technologies enable you to rapidly build and deploy the most engaging applications across browsers and on the desktop. Central Alabama ColdFusion User Group is hosting a special event to share exciting new information on Adobe's platform tools and technologies for building RIAs. We saw an exclusive user group video presentation by Adobe Chief Software Architect, Kevin Lynch, heard some important product news, and had the opportunity to get our hands on some exclusive swag and other giveaways.

Want to know more? See below for a description of the pre-release tour for Flex and AIR.

7 February 2008 Meeting

Review ColdFusion for Rapid Development

Compared with other languages for the Web, ColdFusion uses 1/3 as many lines; and ColdFusion server provides capabilities not directly provided by other application servers. Thus, code reviews go faster than with other languages, and the result is easier to maintain. We explored techniques to quickly support additional valid values tables, data-driven form structure, and browser- and server-side validation.

Jan-Feb 2008 Count Down to the Flex and AIR Pre-Release Tour

Although ColdFusion is often the best tool, it isn't the only tool. [Gasp!] Is it time to get more flexible? Why is there air? Is it really to blow up basketballs? (Apologies to Bill Cosby)

Well, the pre-release tour isn't about that kind of AIR, but it can bring you more Flexibility. Together, Flex and AIR let you use your Web skills to develop desktop applications. Flex 3 is on the threshold of release, and AIR quickly provides breathtaking results in a small footprint. Last year, I watched Ben Forta use an early version of AIR (then code-named Apollo) to build a browser wrapper in three minutes. (See our notes from CF United Express Atlanta last year.)

Flex

Adobe Flex is a full-featured development framework for programmatically creating rich Internet applications (RIAs) usually deployed through Flash, which works across all major browsers and operating systems. Flex uses ActionScript to specify logic, uses a form of XML to specify screen layouts and controls, and has several communication methods including data messaging and data push with LiveCycle Data Services. Flex also interacts with middleware such as ColdFusion, Java, PHP, and .NET.

AIR

Adobe Integrated Runtime (AIR) reduces the seam between being on-line and off-line by letting you deploy your AJAX- and Flex-based Web applications to the desktop, extending them to provide access to the local file system, system tray, notifications, and more.

Pre-Release Tour

Flex 3 and AIR are getting close to launch and in preparation, the Adobe Platform Evangelist team is traveling to select cities to show off their great features and some brand new demos.

The sites closest to us are Atlanta and Nashville. Atlanta Adobe Flex User Group will host Ben Forta on 22 January. Nashville Adobe Flex User Group will host Ben Forta on 24 January.

These free events are a great opportunity to see and hear about the highly anticipated release of Adobe Flex 3 and Adobe AIR during this special pre-release tour! In addition to giving away some one-of-a-kind Flex/AIR branded schwag, each event will also be raffling off a copy of Adobe Flex Builder 3 Professional (pending availability) and a full commercial copy of Adobe CS3 Web Premium. (See flex.org for more locations in the States and overseas.)

3 January 2008 Meeting

Human Help (Chat) via javascript and ColdFusion

Suppose you want to provide human help via interactive text to those who request it but aren't ready to use flash yet. javascript in a hidden frame can keep the main frame fresh, and ColdFusion backed by a database can provide the rest. We reviewed a working demonstration of this approach.