Entries for month: December 2008
Railo 3.0 Community, Resin 3.1 and IIS6 -- Learn from my mistakes
Posted by Jason Durham | Tags: ColdFusion , IIS , Railo
What is Railo 3.0 Community?
Railo is a free CFML engine that compares well to the commercial Adobe ColdFusion software. However, Railo differs in that it requires a 3rd party (also free) application server to work. According to Railo's web site, there appear to be multiple application servers that work, however the Community edition comes with Resin. Similar to Adobe ColdFusion, Railo also comes bundled with a built-in web server (actually, part of Resin).
I imagine that I'm not alone when I say that configuring Resin to work with IIS is a chore for a first-time user. For those that are unfamiliar with Resin, it is an open source Java (and PHP) application server. Resin comes with a built in web server, so technically, there really is no need for IIS. However, I'm a proponent for keeping things the same between environments (who isn't tho?). There are a number of sites that basically regurgitate the same configuration instructions for making IIS work with Resin. I spent nearly all of yesterday trying to accomplish this task...
Custom App XML Configuration File
Posted by Jason Durham | Tags: ColdFusion , ColdBox
When starting a new application, I always think back through the frustrations I had with a previous project and try to prevent being stuck in the same situation. I presume (and hope) every developer does that. As my skills continue to grow, so does my base of reusable widgets I've made along the way. The allure to Object Oriented development for me was the likelihood being able to reuse mundane, time-consuming or complicated code. On the aforementioned project, the exact spelling of the business wasn't even decided when I wrote the first view. The solution to this problem was provide a mechanism to easily change common business parameters found on most sites.
Secure FTP on Windows 2003 Server (SSH/SFTP)
Posted by Jason Durham | Tags: IIS
If you didn't already know, FTP (File Transfer Protocol) is inherently insecure. The files you're sending to/from your web server (including authentication params) are easily captured and read by a savvy network nerd. There are a number of 3rd-party FTP applications floating around that solve this problem on Windows servers, at a cost. I have found a solution that doesn't cost a dime other than a few minutes of your time. I have to be honest and say, I had to do a part of this process 3 times before the installer completed successfully.
SQL injection safeguard and implicit action protection
Posted by Jason Durham | Tags: ColdFusion , ColdBox
The routing mechanism for ColdBox's SES Interceptor uses a ported version of ColdCourse, a project by Adam Fortuna. It is incredibly simple and just as powerful. While playing with my SES urls, I realized it was possible to execute implicit framework/handler methods directly from the URL. While I couldn't find a specifc reason why this may cause me grief in the future, I thought it might simplify my life to prevent those methods from being executed.
ColdBox 2.6.2 RC is available!
Posted by Jason Durham | Tags: ColdFusion , ColdBox , IoC Frameworks
The latest release of ColdBox framework includes a slew of new integrations with model objects, dashboard enhancements, a new anti-XSS plugin, and var notation in the configuration file. Thanks to the all of the ColdBox team for providing the new enhancements to an already stellar tool!