Join Central Alabama ColdFusion User Group - cacfug.org

Home Employment Why ColdFusion? Demonstrations Archives Tips Other Groups Local Sites

Be Productive. Central Alabama ColdFusion User Group logo Adobe User Group logo ColdFusion logo Macromedia logo Allaire logo
Ask questions - Come to a meeting

3 May Meeting

Krystal's! And CF 9!

This month's meeting will be held at Krystal's (across from Eastdale Mall). Why Krystal's? It has outlets to plug in our laptops, free Wi-Fi, and they will bring food to your table. So that's the venue; what's the topic? ColdFusion 9, especially the implications of its Object Relational Mapping (ORM) tool.

5 April Meeting

Malaise

No topic. Not much discussion. Ended early. [sigh]

1 March Meeting

Lockdown Guidance

Adobe has published lockdown guidance for ColdFusion in Windows and non-Windows environments. Specifically, here's a review of "Adobe® ColdFusion® 9 Server Lockdown Guide" by Pete Freitag." Here's what resonated:

Much of the advice centers around locking down the operating system and file permissions. There's no need to repeat that here. For the web server and ColdFusion, it was interesting that Adobe recommends:

Surprises: In summary, this guide was very useful and (with a few exceptions) very clear.

2 February Meeting

Arrays

For other programming languages, arrays are solid structures. When they are defined, all the cells in an N-dimensional matrix are defined. This is not the case for ColdFusion Markup Language (CFML) "arrays."

ColdFusion "arrays" are not arrays in the traditional sense. They do not consist of a list or lists of consecutively numbered cells. They are not spreadsheets or solid structures of (for example) X by Y by Z cells. They are not even nested lists.

The usual way of conceputalizing relationships is through a spreadsheet or cube arrangement. If you immerse a cube into liquid (representing server memory), it would displace X by Y by Z cells of volume, even though many of its cells aren't used.

The best three-dimensional analogy for a ColdFusion array may be berries on a bush that has many branches of varying lengths. Only the individual berries (cells) you have defined will exist, as far as ColdFusion is concerned. If you immmerse such a bush into liquid (representing server memory), it only displaces space for the cells you have defined, not for every cell in the matrix.

ColdFusion arrays conserve memory. No space is wasted on undefined cells, not even on pointers to them.

However, to use this advantage effectively, we have to understand that using ColdFusion arrays has to be a little different from using arrays defined by other languages.

Most familiar programming constructs to access arrays usually expect data to be stored as if it were in a spreadsheet or cube. That works fine when memory is reserved for every cell, even the unused ones.

However, this approach it fails with ColdFusion arrays. When code encounters an undefined cell (as it will very quickly), it dies with an error.

You could use the arrayset function to predefine all of the cells for a given dimension of an array in order to treat a large array as a big cube. That's one approach to handling this situation. However, it's wasteful. It would waste the space that ColdFusion is trying to conserve by default.

Almost as bad would be to use cfparam to hunt for data; it will fill a cell if it doesn't exist, but at least it won't fill an entire dimension at once.

The least wasteful way is to take typical code used to access an array and place that code inside a cftry-cfcatch block. This way, the code can be made to ignore the error that occurs when it tries to read an element that doesn't exist, and it works without wasting memory.

5 January Meeting

Business Structure

This may seem like a strange topic for a ColdFusion meeting. A variation on an old joke might say: "I'm not a doctor; I only play one on TV!" Advice on the subject of whether to set up a regular corporation or go for the Subchapter S option was the focus of discussion. Here's now things shook down. [Your mileage may vary!]

Subchapter S's Biggest Drawback - Hobby Loss

Subchapter S's Biggest Plus - Profit

Won’t Matter - Passive Income

Won’t Matter - Wages

Won’t Matter - Conference Expenses and Travel

Won’t Matter – Education (and associated travel)

How Does the Money Flow?

8 December Meeting

Free-for-All

The free-for-all focused on using ColdFusion with ODBC, something that's not exactly automatic if you're changing operating systems. The ODBC driver you need is *not* the default driver. [frown]

2 December: Montgomery Nativity

The meeting was bumped from the first Thursday of December to the second Thursday in order to avoid stepping on a local event in central Alabama: Montgomery Nativity. For several years now, individuals across churches and across the community have loaned their nativity scenes for viewing by the public in a beautiful indoor setting as groups from the community perform Christmas music. (Marty has two solos from the Messiah.) For details, see http://www.montgomerynativity.com

3 November Meeting

postgreSQL

This month's project was to successfully connect ColdFusion to postgreSQL. Why postgreSQL? postgres has come a long way over the past decade, and it was probably time to revisit it. It's closer to "normal" now.

6 October Meeting

Log In

The challenge was to see many different approaches to implementing a login function and to look at the advantages and disadvantages of each: "How many different approaches can you quickly describe and demonstrate to implement a login function for an application? What will influence your choice of methods? Come, show off your skill!"

Here are a couple of entries...

Bare Bones

Full-Featured

1 September Meeting

ColdBricks

As it says at the ColdBricks web site: "ColdBricks is a versatile and extensible platform for Content Management, Portal Creation and Website Development." This meeting, the task was to installing a starter application or two using ColdBricks running on ColdFusion under Tomcat.

Getting started with ColdBricks was straightforward except for one thing: the directory path is case-sensitive. I had unzipped it into a directory named "ColdBricks". The images in the administrative application for ColdBricks would not render until I renamed the directory "coldbricks" (all lower-case).

Unfortunately, that's as far as we got. Tomcat and ColdFusion still have "issues." And, attempts to use CF Administrator return "the requested resource is not available." It was an unproductive exercise, this time around.

4 August Meeting

First, an apology for not posting the agenda in advance this month. There's almost as much to do during transition back to full employment (finishing tasks at home) as there is when employment winds down (finishing tasks at work), and Marty was accepted by a new employer this week. He was laid off last month after fifteen years with his company but is blessed to be working again next week.

Apache Tomcat

JRun, once a commonly used java application server for ColdFusion, is a memory hog so greedy that Marty uninstalled ColdFusion (and its companion JRun) from his laptop to not have anything interfere with the job hunt. Today, the challenge was to install Apache Tomcat (a worthy java application server with a smaller footprint) and ColdFusion (without its "built-in" JRun package this time) in a hour.

Selection. Even though ColdFusion 9 is being pushed by Adobe, its lack of some functionality for some operating systems suggests that it's not quite mature. So, ColdFusion 8 (already downloaded) was chosen for use. Apache Tomcat 7.0.19 seemed stable; so, it was picked.

Installation. Tomcat for generic Microsoft Windows rapidly installed. It was allowed to install in its default location (under Program Files) except that some directory names were shortened for convenience. CF 8 was installed with the WAR file option. All components were loaded except for Adobe LiveCycle Data Services; this platform could barely cope with the services it currently had. RDS was enabled (for directory browsing from CF Administrator).

Smoke Test. In the time remaining for the meeting, Tomcat provided a working Web server (at http://127.0.0.1:8080), and it did it with one-fourth as much memory as JRun had used. There wasn't time to configure Tomcat to work with ColdFusion, but this was a good start. And, a link for instructions on now to have the two talk was found: http://www.adobe.com/support/coldfusion/j2ee/phase2-tomcat-deploy.html.

Later Results: ColdFusion on Tomcat

Not long after the meeting, Marty did the tweaks required to get ColdFusion to run on his box. The creative part involved modifying a batch file to provide the right environment and trying to get used to completely different deployment trees. With reference to Adobe's support link - see last month's meeting - his Tomcat root was C:\Program Files\Apache\Tomcat7, and the batch file setenv.bat had to be edited in C:\Program Files\Apache\Tomcat7\bin. Here's what worked:
rem Set a few variables.
set JAVA_HOME=C:\Program Files\Java\jre1.6.0
set CF_HOME=C:\Program Files\Apache\Tomcat7\webapps\cfusion
set CF_WEB_INF=%CF_HOME%/WEB-INF
rem Concatenate binary file directories into a single variable.
set CF_SHARED_LIB=%CF_WEB_INF%/cfusion/lib
rem The following variable must be on a single line.
set CF_SHARED_LIBS=%CF_SHARED_LIB%;%CF_SHARED_LIB%/_nti40/bin;%CF_WEB_INF%/cfusion/jintegra/bin;%CF_WEB_INF%/WEB-INF/cfusion/jintegra/bin/international
rem Add libraries for binary files to the Windows system path.
set PATH=%PATH%;%CF_SHARED_LIBS%

rem Set JVM options to enable sandbox security (all on one line).
set CF_SECURITY_JVM_OPTIONS=-Djava.security.manager
-Djava.security.policy="%CF_WEB_INF%/cfusion/lib/coldfusion.policy"
-Djava.security.auth.policy="%CF_WEB_INF%/cfusion/lib/neo_jaas.policy"

rem Set JVM options for CORBA. Use if vbjorb.jar is not in
rem your JRE's lib/ext directory.
rem set CF_CORBA_JVM_OPTIONS=-Xbootclasspath/a:"%CF_WEB_INF%/lib/vbjorb.jar"

rem Consolidate JVM options.
rem * Use this line if you've configured CORBA
rem set CF_JVM_OPTIONS=%CF_SECURITY_JVM_OPTIONS% %CF_CORBA_JVM_OPTIONS%
rem * Use this line if you haven't configured CORBA
set CF_JVM_OPTIONS=%CF_SECURITY_JVM_OPTIONS%

rem Populate JAVA_OPTS, which will be used by catalina.bat
rem when starting the JVM.
set JAVA_OPTS=%CF_JVM_OPTIONS%

7 July Meeting

Content Management System

It would be nice to offer a customer a site that the customer can make routine changes to. A Content Management System (CMS) can keep the developer from having to re-invent the wheel. The idea here is to help a small customer reap the benefits of ColdFusion.

The CMS should be open to the developer; since, the developer has to be able to evaluate its risk. Cost is an issue, but it isn't the other only issue. Inexpensive hosts can't let developers add executables or make sweeping changes to their hosting environment. So, the CMS environment has to be installable by the developer without such measures.

The hunt for a Content Management System looked at a half-dozen paid alternatives but eventually settled on a free alternative for further study: ColdBricks.

2 June Meeting

Politician's Sites

Politician's sites each have common functions. They need to make it easy to see the candidate's positive qualities, donate funds, energize supporters, and get supporters to do specific things as election day draws near.

In the interests of time, we looked at the site of one lesser-known candiate, Herman Cain, and evaluated the site in light of the support it should be providing to this candidate. Even though the site was apparently provided by a group that works with multiple politicians, it fell short in several areas.

It's a shame; because, given his stance on the issues and his experience as a businessman and knowledge of the Federal Reserve, Herman Cain would fill the office of the President of the United States in an outstanding manner.

Maybe you don't feel you can help at that level. Wherever you are, there are individuals running for local offices. They aren't necessarily well-funded. Your expertise can make a difference. Ditto for local causes. You can help messages you care about be presented clearly, perhaps in a professional manner, so the the Court of Public Opinion will have enough facts to draw a reasonable conclusion (one hopes). You have skills that others lack; use them.

5 May Meeting

Supporting Cast

We looked at techniques outside of ColdFusion to help up assemble content for presentation. For example, you can use Outlook to reduce the size of dozens of photos in a single pass, then save the reduced photos back out for use instead of actually mailing them.

7 April Meeting

Ruddderless, this meeting had no agenda.

10 March 2011 Meeting

Note: due to schedule conflicts, the meeting was on the 2nd Thursday this month: 10 March.

What, then How

We analyzed Web design tenets with an eye to implementing them in ColdFusion.

3 February 2011 Meeting

Broaden the Base? Almost.

Broadening the base was the topic. For all its power, ColdFusion has not captured enough "mind share" for the average Web programmer to have even heard of it. Because its Wikipedia entry doesn't clearly state that CFML is a language, it's not included in the annual survey of languages that programmers use! If you put up a flyer inviting Web programmers to a ColdFusion meeting, most will have no idea what to expect.

The idea of broadening the focus of the group was anathema to us a few years ago. We lamented the name change in most ColdFusion user groups to Macromedia groups and then to generic Adobe groups. However, at least most people have heard of Adobe, even if they only associate it with frequent updates to Adobe Reader for PDFs.

For now, we'll show how ColdFusion complements other tools for building dynamic Web sites and let the name alone.

6 January 2011 Meeting

"Brush Up Your Shakespeare"

It's amazing how quickly adults lose (temporarily, at least) skills that they don't use. If you've been promoted to a management position or moved sideways to a test or certification role, your skills can quickly become stagnant.

And, the state of the art doesn't stand still. So, if you merely retain your current skills, you're moving backward relative to the state of the art.

On the table were ways to stay in our favorite game even when we're currently being paid to play a different one. It's important to do that to retain your usefulness. As the song says: "Brush up your Shakespeare, and they'll all kowtow."

2 December 2010 Meeting

Everything Old is New Again

Things went in a different direction than we had expected. The intercepting proxy (and subsquent attempts to manually free up memory) locked up Marty's machine that we had planned to use for the demo; so, he borrowed his wife's machine for the meeting. And with new blood in our group, we got a new topic: changes in old friends.

Tags that have been part of ColdFusion since CF 4 or earlier have gained new attributes. Patterns adopted years ago to get the "most" out of these tags are no longer necessary or have been supplanted with better ones. A case in point is the venerable CFFORM tag.

4 November 2010 Meeting

Intercepting Proxy - Part 2 (Injection)

Now that the proxy is loaded, we wanted to compare notes on how we were able to use it over the past month. Remember that an intercepting proxy is essential to testing most web vulnerabilities. Not sure of this? Check out OWASP's testing guide at http://www.owasp.org/index.php/Category:OWASP_Testing_Project

However, many's the slip twixt cup and lip. It should have been straightforward - we've created code in the past that compensates for other programmers' weaknesses. But this time, it was tough to select a simple injection to prove the value of the tool. [sigh]

7 October 2010 Meeting

MAC vs. PC

We loaded Web Scarab from Open Web Application Security Project (OWASP) http://www.owasp.org to use as an intercepting proxy. Imagine Marty's frustration when Don got his proxy working immediately on a MAC laptop but Marty couldn't get it working on his PC laptop before the end of the meeting! The Windows hardware insisted on a DLL that wasn't on the box and didn't seem available through the Internet: "WINlnet.dll". He looked in vain for "WINLNET.DLL"winInit.dll, copied it into the same directory as Web Scarab, and it worked. Was this just a misunderstanding due to a capital "I" [sounds like eye] looking like a small "L" [sounds like "ell"]? We don't know, but this resolution seemed to work.

Intercepting Proxy

By the time we got the software installed and understood how to make the browser work with the proxy, the meeting was essentially over. It seems that while the browser is working through the proxy, the browser doesn't work normally. Duh!! OWASP gives great examples of what to test for, and we did see (on Don's MAC laptop) cookies, headers, and other things you normally don't spot through a browser. During the meeting, we didn't get to the point of injecting changes using the proxy. We'll have to share our experiences at as subsequent meeting.

2 September 2010 Meeting

Favorite Technical Sites

We surveyed sites that discuss ColdFusion techniques. Here are some you might find interesting. We couldn't reach agreement during this meeting on which topic to pursue in October, but Marty later turned to Open Web Application Security Project (OWASP) and thought to experiment with an intercepting proxy.

No meetings in July and August!

Life happened to the manager and co-manager simultaneously. For the first time since March 2007, there wasn't a ColdFusion user group meeting in Montgomery. Don had a newborn in his family, and Marty got married!

3 June 2010 Meeting

Why was Marty distracted coming into this meeting? He was on the cusp of a marriage proposal. Now that his favorite person has accepted, maybe he'll be able to concentrate again. Then again, he has this stupid grin that won't wipe off, so we're not sure he's ready to come back to Earth yet.

What's the Buzz?...... ..... .... ... .. . Where's the Buzz?

Searching for ColdFusion in general brings back articles from 2005! Not enough is being written lately (good or bad) [not that we can think of anything bad about CF]. Or, it's not being linked to enough to attract search engines. There's no buzz.

It's unclear why this is so. Wikipedia makes the case that ColdFusion is MORE portable than java. ColdFusion has gained in flexibility and power, and it was the best middleware in existence before now. And, it's free for development (and shared hosts make it cheap for the average joe's deployment).

So have all the interesting problems already been solved through the use of ColdFusion? Or have they gotten too big for a single person to write about?

6 May 2010 Meeting

Has ColdFusion Gotten Too Big?

Yes

One of the virtues of ColdFusion was that it hid details that could otherwise be misused and would have to be debugged. As ColdFusion has gotten larger and larger, the bulk of it has shifted from a declarative language to an object-oriented language, and much of the simplicity has been lost. It used to be that it almost served as its own pseudocode. You could show a functional the raw code, and the commands would be quickly understandable; only the functions would require explanation. Now, the trend is to write code that isn't self-documenting (to put it mildly). Since most of the cost of programming is in maintenance, not initial production, this is a sad trend.

No

As users demand more features, the language has grown to accommodate them. For example, many cross-site scripting attacks use scripts to send users's currently active cookies to a different site. A cookie's HTTPOnly attribute could stop this, but this attribute could not be set in older versions of ColdFusion except by using a custom header to create the cookie: not a simple process. CF9 permits it to be set through the CFCOOKIE tag just as for other attributes. Newer versions of ColdFusion support image manipulation directly instead of forcing programmers to switch languages to do this. The language has grown, but programmers can use (or misuse) its features as they wish. Complaining about language growth is rather like complaining like receiving an extra tool set for Christmas. Sure, you can get most jobs done with the tools on hand, but the new tools won't make it harder and may make the job easier as you get used to them.

8 April 2010 Meeting

Life Balance

Programming is fun, and you often get paid you it. However, it shouldn't be all you do. Remember the song in which the person telling the story speaks of getting up at night to work on a song while his love wishes he'd come back to bed. He says he'll be right back, but he keeps on working. Programming can be that seductive and just as destructive to relationships if we let it go that far.

Just as some forums have a separate section for all the off-topic stuff, we wrestled with life. One of us is dating again after the death of his wife. Another is preparing with his wife to welcome a new baby.

A couple of quotes (researched later) reflected our mood. Carl Sandburg reminds us: "Time is the coin of your life. It is the only coin you have, and only you can determine how it will be spent. Be careful lest you let other people spend it for you." [multiple sources] When we work to prioritize our lives, we have to consciously set aside time for those we love and refuse to say "yes" to every opportunity that comes our way. We can't help everyone, and we can't do everything, but we can build up treasure that moths and rust won't corrupt and no one can take from us. [Matthew 6:19-20] Programming is a great thing, but it isn't everything and isn't even the main thing.

4 March 2010 Meeting

Employment

Whether starting a new job or grateful to have a job, this dominated our thoughts. Especially in this area, ColdFusion work that pays well can be tough to come by. Most of the work in Central Alabama centers around government employment (car companies excluded) that favors anything Microsoft wants to sell. Moonlighting runs the risk of endless requirement changes disguised as bug fixes. You have to have a certain level of formality to protect both parties. "Lord, give me a job of work to do.... That's all I want, that's all I ask of you." -- Tom Paxton.

4 February 2010 Meeting

Risk!

Just because you can imagine it doesn't mean you should do it. We explored business forms, the Payment Card Industry (PCI) Data Security Standard (DSS), and some Open Web Application Security Project (OWASP) cautions.

Business Forms

How do you know that an individual who comes to your site is authorized to represent a business? How do you know that the business exists? How do you gain a sense of how reliable the business is? How do you satisfy a purchase order? We reviewed Internet-capable versions of answers to these questions normally handled through paper forms or personal interaction.

PCI DSS

Cheap, shared hosts are fine for some purposes, but when you start accepting credit cards, support requirements increase dramatically. You can dodge some of this by having the payment gateway accept the card information directly from the customer, but whatever path you take has an impact on the user experience.

OWASP

The OWASP top 10 critical risks should be required reading for every developer. They change periodically based on impact and on real-world exploitation. A real eye-opener since 2007 is cross-site request forgery (CSRF). Any site your customer browses while his session at your site is still active can pretend to be your customer and will be able to use your customer's credentials (cookies, etc) to do it.

7 January 2010 Meeting

IDEs

It's time to stop relying on Wordpad and nimble fingers. We reviewed several IDEs but settled on Eclipse.

Disk Space

For Marty, the toughest part was moving 45 Gigabytes of family photos to external storage to make room for an IDE.

More Activity...

Looking for previous meetings? Looking for pictures of CFUnited Express/Atlanta - 15 March 2007? They're in the Archives.

Meetings

Group Managers
=Marty= (R Martin Ladner) is a Certified ColdFusion Developer whose weekly series "ColdFusion in Context" was published for two years by "CFTipsPlus.com". See his tips demonstrated at http://futureEC.com/context. Reach him at 334 294-8990 or martin.ladner@knology.net Don Gilliland is a Certified ColdFusion Developer who reads voraciously, continually seeks increased productivity in design and development, is fluent in several Web languages, and supervises Web-based solutions for Faulkner University in Montgomery, Alabama. Reach him at dgillilandjr@hotmail.com
Home Employment Why ColdFusion? Demonstrations Archives Tips Other Groups Local Sites