Dan Mackey On ColdFusion Development

ColdFusion, Java, .NET, AJAX, DHTML development and general programming. Daniel is owner and Administrator of CFTagStore.com and works for an Application Development Company in Ireland called Digital Crew. His interests cover all areas of programming in multiple languages with a particular interest in Internet Technologies.

All Articles Posted In August 2007
2007-08-02 17:35:00.0

Securing Your RSS Feeds Using Basic HTTP Authentication and ColdFusion

We are working on a project at the moment that requires secure RSS feeds. We need it to be secure in both browsers and Feed readers such as FeedDemon so decided that Basic HTTP Authentication was the best way forward.

The snippet of code below demonstrates how to force the user agent (browser/feed reader) to prompt for a username and password which in turn ties into our existing users table without messing around with IIS permissions and users etc

<cfset REQUEST.userAuthenticated = false>
 
<cflogin>
    <cfif isDefined("CFLOGIN")>	
	<cfquery name="checkUser" datasource="myDatasource">
	SELECT	u.userId
	FROM	users AS u
	WHERE	u.userName = <cfqueryparam value="#CFLOGIN.name#">
	    AND u.password = <cfqueryparam value="#CFLOGIN.password#">
	</cfquery>
	
	<cfif checkUser.recordcount NEQ 0>
		<cfset REQUEST.userAuthenticated = true> 
	</cfif>
   </cfif>
</cflogin>

<cfif NOT REQUEST.userAuthenticated>
   <cfheader statuscode="401">
   <cfheader name="WWW-Authenticate" value="Basic realm=""My RSS Feed""">
   <cfabort>
<cfelse>	
	<!----------- Continue With RSS output ------------------->
	Output your RSS Code Here
</cfif>

One small sticking problem which took some time to figure out:

On my local development server, the above worked perfectly. When I uploaded it to the production server running Windows Server 2003 Web Edition, the authentication popped up but kept popping up no matter what was entered in the username and password fields. The Realm header text was also not the one entered in the code above. After alot of digging it turned out to be a simple option on IIS that needed to be turned off.

The option to turn off is Directory Security -> Annonymous Access and Authentication Control - Edit - Integrated Windows Authentication

Once you disable Integrated Windows Authentication the whole thing works like a dream!

Not only is this a good way of securing your RSS feeds, its also perfect for Web Services or even securing your whole application. The draw back is that you cant style the login form as it uses the built in browser dialog.

Tags: ColdFusion | IIS | RSS | Security | Tips | WebDev
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [1] - Leave a comment
2007-08-02 16:46:00.0

Navicat 8 for MySQL Released

We have just upgraded our copies of the fantastic Navicat 8 in the office from version 7 and first impressions have left me disappointed.

The upgrade process was fast and easy and I had it installed and activated within minutes. The most important thing to me and the bit I was looking forward to was the code-completion when writing queries. Sometimes you have so many field names you cant remember the exact name of all of them so the code-completion would be a God send. Its there alright but not as good as I thought it would be.

For instance, its not really automatic while typing. To activate it for SQL statements/functions etc you have to press CTRL+SPACE and even then it only gives you the name of the function, not the syntax like Visual Studios Intellisense gives you.

Another problem is when your dealing with named tables. You get a blank code-completion window when you try and use p.fieldName from a query detailed as "FROM pages AS p" It does work if you use pages.fieldName in other words, you have to call the table name explicitly.

Another problem I found after using it literally 3 minutes, was a hard crash (and repeating exception window) after I clicked new stored procedure and then cancelled it without doing anything else. I am guessing the app was developed with Delphi as I have seen the same type of problem with Homesite.

One of the most annoying things I found was that they no longer open objects in the tree using a single click. You have to double-click databases/tables etc to open them which when your used to 3 generations of the app over the last 4 years, its quite annoying. I thought surely they would have a Preferences dialog but unfortunately this was not an option in here although they do have quite a few customisable sections.

The good part was that it imported all my settings from Version 7. The app is also slower to start up which is one of the things I loved with Version 7 - It was so fast. Accessing databases online is also slower for some reason.

Overall, there is no real benefit to upgrading to Version 8 so I would hold off until an update is released before shelling out more cash for a product that doesnt necessarily improve anything.

Find Out More : Navicat 8 Official Website

Tags: MySQL | Reviews | Tools
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [4] - Leave a comment