Archive for January, 2003

How To Never Have to Write Another Get or Set Method Again

If you don’t need your setters and getters to do anything more than just set and get properties (without modifying those properties), you might be able to save yourself the hassle of implementing all those set and get functions by building a little support framework. In the example below, there is a component called “support.cfc” which all components that need a lot of get and set methods should extend. Notice how the component “test_support.cfc” is free to set and get arbitrary properties without those set and get methods actually having been implemented. (This will also hold true if your component contains an instance of a component that extends support as opposed to extending support itself as in the example below.) I believe you can even scope variables (with or without “this”) using this technique:

support.cfc

<cfcomponent>
<cffunction name="setter" access="public">
<cfargument name="varName" type="string" required="yes" />
<cfargument name="varValue" required="yes" />
<cfscript>
setVariable(varName, varValue);
</cfscript>
</cffunction>

<cffunction name="getter" access="public">
<cfargument name="varName" type="string" required="yes" />
<cfreturn evaluate(varName) />
</cffunction>
</cfcomponent>

support_test.cfc

<cfcomponent extends="com.macromedia.util.support">
<cffunction name="init" access="remote">
<cfinvoke method="setter" varName="this.foo" varValue="bar" />
<cfinvoke method="getter" varName="this.foo"
returnVariable="baz" />
<cflog text="#baz#" />
</cffunction>
</cfcomponent>

I’m sure there are better ways to implement this type of technique, but you get the idea.

Windows NT Authentication Security Bulletin

If you have trying to get Windows NT Authentication to with CFMX the way it used to with CF 5, you will want to check this out:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23734

Special Deal on DRK Volume 1

Only a couple of days left to get a special deal on the DRK. Buy DRK 2 and get 50% off of DRK 1. Details at the URL below:
http://www.macromedia.com/software/drk/special/promotion.html

How To Limit File Upload Sizes

There was some discussion a while back on a possible vulnerability in CFMX. I was worried that a denial of service attack would be possible by uploading a single very large file. My fear was that the ColdFusion server was buffering files in RAM before writing them out to the file system, however I was relieved when two people from the ColdFusion team confirmed that the files were written directly to disk and not buffered in RAM. In other words, the input stream from the request is written directly to a file output stream (without being buffered more than just a few K), which means you cannot cause the JVM to run out of memory by uploading a file. Very good implementation.

The next question, however, was whether or not it was possible to create a DOS attack by making the server run out of disk space. Could someone upload enough gigabytes of data to fill an entire partition? Shouldn’t there be a way to guard against this type of issue?

Fortunately, there is. On the advice of Laurent Rouquette, I confirmed this morning that you can use the variable cgi.CONTENT_LENGTH to decide if you want to allow a file to be uploaded or not. The code below only allows files less than 25,000 bytes to be saved:

<cfif cgi.CONTENT_LENGTH lt 25000>
<cffile action="upload"
fileField="testFile"
destination="/tmp"
nameConflict="overwrite" />
</cfif>

Note that the file will still be uploaded and saved in a temporary location, but if the cffile tag does not get executed, the temp file will simply be deleted after the upload is complete.

I recommend that anyone who has an application that allows files to be uploaded use this technique as an extra level of security. Remember, though, that the content length of the request contains all the information in the request, so allow a little extra space for other data, as well.

Download Runes for the Sony Ericsson t68i

If you don’t have a Sony Ericsson t68i, this is a good reason to get one. The Macromedia runes make perfect backgrounds, as you can see. Mike Chambers posted them on his weblog today. You can download them from here.

Christian Cantrell Returns from Newton

Sorry for the lack of posts recently. I was in Newton for a couple of days meeting with Phil, Debbie, Jeremy, Spike, Mike Chambers, Amy Brooks and all your favorite Macromedia folks. There has been a lot of talk recently on the lists and forums about the future of ColdFusion, and ColdFusion versus all kinds of other technologies. I have stayed out of the discussions, but one thing I will say is that I came back from Newton very excited and encouraged. As Rob Burgess says here, “ColdFusion Developers Are in a Sweet Spot”.

I have also been working with a few other folks on a new weblog framework. Mine is already about a month old, so it’s about time to end-of-life it (joking, of course — this was always intended to be an interim solution). Expect within the next week or two to see something new. Don’t worry — it will still use ColdFusion.

By the way, while waiting to fly out of Logan airport in Boston, I was able to get a little work done by using my Sony Ericsson T68i, a D-Link bluetooth dongle and my Powerbook to get connected right from the gate. Very cool, and pretty decent speeds, too (easily comparable to dial-up). It wasn’t easy to get working, and it may have cost me a fortune in data transfer fees, but it was worth it. The only problem was that it attracted the attention of this guy who wouldn’t leave Mike and I alone, so I didn’t get as much work done as I would have liked.

TechNote 23684: How Client Variables are Purged

Based on the time-out period of inactivity specified in the ColdFusion Administrator, ColdFusion removes client variables stored in either the registry or a data source. This TechNote will explain the purge process for client variables.
http://www.macromedia.com/v1/Handlers/index.cfm?ID=23684&Method=Full

Macromedia Releases a Pure CFMX Version of the Pet Market App

Macromedia recently released a pure CFMX version of the blueprint Pet Market application. Tim Buntel, Senior Product Manager for ColdFusion MX, has good article at the URL below:
http://www.macromedia.com/desdev/mx/coldfusion/articles/petmarket.html

Answer a Few Questions About How You Use ColdFusion and Enter to Win $100

The following was posted by Phil Costa, the ColdFusion Product Manager:

On the Macromedia server product teams, we believe in delivering tools and technologies that solve real-world problems for web application developers. To help us plan future releases of Macromedia server products, we’d like you to answer a few questions about your web development projects and your use of ColdFusion and JRun for database reporting applications.

HELP SHAPE THE FUTURE OF MACROMEDIA SERVERS AND MAYBE WIN $100 AT AMAZON
http://www.macromedia.com/go/reportsurvey

With your valuable feedback, we can ensure that Macromedia servers continue to meet your development needs. And if you complete the survey, you’ll be automatically entered in a contest to win one of two $100 gift certificates at Amazon.com.

Thanks again for your continued enthusiasm and support. We look forward to reviewing your feedback.

Regards,
Phil Costa

How To Get Around the Linux/Solaris and ColdFusion Installation Bug

The bug manifests itself only on Linux and Solaris platforms when you install ColdFusion and then Updater 2 without starting ColdFusion and going to the Administrator between the two steps. If you do not go to the Administrator between the steps, all requests for CFM pages (whether you use Apache or the default web server) will come back as 404s.

If you are installing CFMX on Linux or Solaris from scratch, you must do so in this order:

  1. Install ColdFusion MX.
  2. Load the Administrator. (Log in for good measure.)
  3. Install updater 2.
  4. Install Apache 1.3.27 or 2.0.43.
  5. To configure CFMX to work with Apache, start ColdFusion MX (/opt/coldfusionmx/bin/coldfusion start) and run the wsconfig program to install the Apache connector. The command should look something like this:
/opt/coldfusionmx/jre/bin/java -jar \
/opt/coldfusionmx/runtime/lib/wsconfig.jar -ws apache \
-dir /usr/local/apache/conf -a -bin \
/usr/local/apache/bin/httpd -script /usr/local/apache/bin/apachectl -v

I’m not sure if it’s simply starting the server between installs, loading a single CFM page, or specifically loading the Administrator, but it works if you load the Administrator, so I would stick with what works for now. Macromedia is aware of the bug and is able to reproduce it, which is the first step toward fixing it.

Please let me know if you have any additional information regarding this problem.