Dan Mackey On ColdFusion Development

ColdFusion, Java, .NET, AJAX, DHTML development and general programming. Daniel is owner and Administrator of CFTagStore.com and works for an Application Development Company in Ireland called Digital Crew. His interests cover all areas of programming in multiple languages with a particular interest in Internet Technologies.

All Articles tagged : My Work
2007-06-29 10:00:00.0

Setting IIS Maximum Connections To More Than 10

Every project I am working on, I test against 5 different browsers: Safari, Mozilla, IE7, Opera and IE6 on the same machine. Since Safari has entered the browser lineup, I have been receiving an annoying "HTTP 403.9 - Access Forbidden: Too many users are connected" message.

To solve this issue, do the following:

  1. Download the Administrative Plugin MetaEdit from Microsoft : http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B301386
  2. Install Application (Comes with old files so skip these in the installation)
  3. Go to Administrative Tool in Control Panel and launch MetaEdit 2.2
  4. Navigate to the key LM/W3WSVC/MaxConnections
  5. Change the value from 10 to the number of connections you need. I chose : 2000000000 to be extra safe ;-)

This will work on:

  • Microsoft Internet Information Server 5.1 on Windows XP Professional
  • Microsoft Internet Information Server 4.0, when used with:
    Microsoft Windows NT 4.0
    Microsoft Windows 2000 Standard Edition
  • Microsoft Internet Information Services 5.0, when used with:
    Microsoft Windows NT 4.0
    Microsoft Windows 2000 Standard Edition
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [3] - Leave a comment
2007-01-24 20:01:00.0

Retrieving Non-Volatile USB Serial Number Using C# .NET

This is something I meant to post up ages ago as information and solutions are hard to come by on this specific topic.

The problem all stems from the fact that the USB specification does not require a hard coded serial number as mandatory for USB devices, especially memory sticks although in my tests 99% of sticks did in fact have an OEM serial number.

Windows secifies its own serial number for each device which is volatile meaning the serial number is erased and renewed everytime the USB stick is formatted. This causes problems when your using your stick as a security device or dongle. Basically, in Windows if you get 2 devices from the same manufacturer without OEM numbers, it gets confused. Not sure about a Mac or Linux.

Anyways, to the point of this article.....how do we actually get the OEM serail so a device can be formatted over and over again and you can still tell the drive apart from another one?

Well, there are 2 ways. Using the registry or using something called a Win32 WMI Provider. WMI is a database of all aspects of your operating system and hardware and is used by Windows to hold everything together. Infact the WMI is a all held in the regisrty but the provider using management classes lets you query it using SQL.

You need to add a reference to your C Sharp program to SYSTEM.MANAGEMENT.

Step 1 is to query the Win32_LogicalDiskToPartition section and get all the logical disk names e.g: F:\ and mapped enumeration which have a big long string attached like so : 000000001

This will give us the enumeration of the drive so we can then strip off the int at the end and query the Win32_DiskDrive. The drive we are looking for will be in the form \\\\.\\PHYSICALDRIVE(enumeration(enumeration) where (enumeration) is the bit we found out above. The PNPDeviceID is the full non-volatile serial number which with a bit of parsing we can retrieve the actual serial number.

It may sound confusing reading the above so the best thing to do is look at the attached source. I have wrapped it all up into a class that can be called as follows:

USBSerialNumber usb = new USBSerialNumber();
string serial = usb.getSerialNumberFromDriveLetter("f:\"Wink;
MessageBox.Show(serial);

You can download the class by clicking the image below:

Download USBSerialNumber Class

Hope you like it and it saves you some time!

UPDATE Thursday 10th May 2007
You can download a test project from here : USBSerialNumberTest.zip

Tags: .NET | My Work
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [22] - Leave a comment
2006-09-11 23:12:00.0

Scriptable Browser Tag To Send Free O2.ie SMS Texts

Since we set up CFTagStore.com 4 years ago, I have tried many different things to get free SMS text alerts on our sales. With on average 4 sales a day multiplied by 365 at 13 cent per text, we were literally spending too much (189.80 Euro) on something as trivial but necessary as text alerts on sales.

If all 3 people who are involved in the running of CFTagStore.com were to pay for the SMS alerts, we would be 569.40 Euro out of pocket. (Over 4 years - 2277.60 Euro)

The SMS alerts are important to us as sometimes an extra human intervention is needed to successfully deliver the soft products we sell so we used to be shelling that much cash out by sending an email to our O2.ie accounts and using their (rather unreliable and expensive) email-to-text alert service which at the time cost 13 cent per message.

One day, the O2 email-to-text service went down and didnt return for 2 weeks. I wrote numerous emails to O2 explaining that we were paying alot for the service and it was important and got nothing but canned-responses back from a moron who didnt really understand the problem. The answer back? It is working. My answer back? Its not. Return canned-response? We will be upgrading our site in the future and will take your feedback into account.

It was then I said I would write my own app to use the free 500 texts (as it was at the time) to send the alerts to our phones for free. I had done a bit of work on an application that would log into eBay and scrape some information from a users logged in account. The way I went about is was a quick-n-dirty Windows application that used the Microsoft Browser Control coupled with the MS Scripting Control that was called using ColdFusion CFEXECUTE (as a custom tag) and capturing the STDOUT to return to CF. Another nice thing is that even though the core app is a Windows executable, there is no form as such so on the server, you actually never see anything running.

The application was flexible and you loaded it using a host of scripts (either VBScript or Javascript syntax was supported) which let me script a user travelling and clicking through a website. To the host website, it appeared that a user was genuinely using the site so none of the sites could block it in any way. This worked perfectly for years until O2 upgraded (and broke) their site. The security cert they implemented threw a modal security dialog on Internet Explorer (the basis of the Web Browser control I was using) which froze my app. There was no way of using sendKeys or anything to click OK.

Today I managed to tweak the registry on my machine to force the suppression of the dialog and so resumed my free texts through O2. Unfortunately, I lost my source code to the original app so wrote a quick-and-dirty version this evening specifically targeted at O2 and free texts so it doesnt have the generic scripting of the previous version but it does the job!

If anybody wants the code or have a situation in which they may benefit from a scriptable browsing scenario, just email me. I have often thought of adapting the core of the app to help in unit testing etc. Seeing as I lost my original code, on the side at night or in the evenings I am thinking of starting from scratch again and making the solution generic with possibly a wizard for creating the scripts.

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [3] - Leave a comment
2006-08-30 11:23:00.0

Securing your applications URL variables

On my current project, security is top priority. The application is working with sensitive financial data so I really have to lock things down. Like most of my solutions ideas, this idea spawned while in the shower and thinking of how I was going to secure my URL variables.

To give a bit of background on the problem:

The framework we are using is our in-house application framework powered by ColdFusion which we have improved over the last 5 or 6 years. The security lies in the actual framework but my project uses quite a bit of AJAX so my ajax calls need to be secured in someway. Why not use the existing framework security I hear you cry? Well I do...to a point. But this is more of an extension to it. Typically an ajax call is done via URL GET and normally to a small action file. This call could easily be called and modified by an unscrupulous person as the main framework security is sometimes bypassed.

The solution:

In my application I have users logged in and I hold their userId in the session variable session.userId

My url would typically look like:

The problem with this is that on the EditTimeSheet page you must in someway check that the user calling the url is valid and that the timeSheetId passed is actually the intended record.

Knowing that I am storing the current users ID in session.userId I reckoned I could use this variable to encode the URL and decode it automatically on the receiving end, again using the users session.userId as the decoding key.

When this link is now click on in the browser, it looks like:

The next thing we have to do is write some code to decrypt this URL on the receiving end. This is the code that does it:

What this code does is check to see if only one URL var is passed. Then it checks to see if has a & or a =. It then attempts to decrypt it using the session.userId and recreates the ColdFusion structure URL[]

In a simple example of the output, have a look at the screen below:

Now, the above is a simple example of the whole concept and I have hard coded USERID in place of SESSION.USERID.

The overall aim is to build 2 UDFs to do all the work and make it nice and reusable and cut down on duplicate code.

Problems with the solution:

One thing you may have asked yourself is what if someone tacks on another variable name/pair value? Will the whole thing be bypassed? Yes and No.
Not only are you masking the variables, your also masking the way your app is working so on the receiving end you could check to see if the first element of the new URL structs value is blank, then ignore the rest of the vars in the struct. This though assumes that you are always using this encoding method in your URLS and that the first element will always be an encrypted string.

One interesting thing of note:

ColdFusion has 2 inbuilt and not widely documented functions called cfusion_encrypt() and cfusion_decrypt() which are exactly the same as encrypt() and decrypt() except that the encoded string they produce is alphanumeric as opposed to all ASCII chars of the latter functions. This makes them perfect for what I need as we are passing and dealing with URL variables.

Download the example files as a ZIP file

I'd love to hear other peoples views and ideas on it, so drop me an email, skype me or simply comment :-)

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [8] - Leave a comment
2006-07-06 11:59:00.0

Latest Project : ColdFusion + AJAX = ColdJax

I am just about finished phase one of the latest Digital Crew project.

We were asked to develop an application to manage submissions of timesheets from indivual contract workers which would feed into the existing clients Intranet (also built by Digital Crew - using our Teamwork Intranet engine).

This is the type of project I love getting passed by my desk. - Where you can innovate. I decided for this project I would make it completely AJAX enabled. 90% of the requests to the server are made behind-the-scenes using AJAX. The user interface is very Web 2.0-ish with big text and buttons and also benefits from keyboard short cuts etc

I took our standard application engine and spent the first 2 days re-writing segments of the framework to communicate with the server entirely using AJAX. The next step was to figure out the various modules and UDFs I would need to maximise code re-use.

Every major widget is called using CFMODULE and controlled by simply passing attributes. This gave me enourmous flexibility and in the future if we need to upgrade some functionality or extend a widget, there is only one segment of code to re-write.

Another aspect I wanted to do right from the start was the layout code. Every part of the application re-uses classes in the global style sheet. Before I would have added and added to the CSS as I needed some styles but with a bit of planning from the start, I identified the main style blocks and wrote more modules (custom tags) to encapsulate them all.

For example, the main modules are:

  • A button module with different colouring and ability to accept href or js functions
  • A timesheet widget module
  • A page turning module
  • A timesheet printing module
  • A tooltip module
  • An encapsulated object based AJAX library
  • An invoice capture module

Overall the satisfaction in writing this application out-weighed the total hours I put into it. Although debugging was alot harder than a traditional application, the AJAX portions actually saved me lots of time!

Tags: AJAX | ColdFusion | My Work
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [1] - Leave a comment
2006-06-08 13:15:00.0

URL Protocol and Instancing Fun

As I posted here one of the applications I had to write recently as part of a bigger project was a Guarantee Certificate printing application.

People register for a guarantee certificate on the website and an email is generated with a Guarantee Certificate Number and sent to the marketing department of the specific company offering the guarantees. The person tasked with printing the certificates then took this number from the email and pasted it into my application which in turn both generated a graphical certificate and address label and sent the output of both to a colour printer and Dymo LabelWriter respectively.

Now, the problem here is the amount of time it takes to generate a certificate through this process. The copying and pasting from email to guarantee application was about 10 seconds and with about 70 signups a day, that was 700 seconds of someones time wasted coupled with the amount of time for both printers to actually print. Thats about 10 minutes alone to copy and paste.

I had to find a way of speeding it up and cut down on the monotonous task of copying and pasting.

I noticed that FeedDemon had a custom url protocol called feed:// which would launch the FeedDemon RSS reader when a feed:// link was clicked. This got me thinking about adding a custom URL Protocol called guarantee:// which would call my app and pass the guarantee number into it.

As with anything, if you know it can be done, its only a matter of time before you figure out how to do it yourself. I began to think what has to be set in Windows to allow this custom URL Protocol and thought of the registry. Doing a quick search through the registry gave me the answer.

This is what needs to be added to the registry:

My Computer\HKEY_CLASSES_ROOT\guarantee
My Computer\HKEY_CLASSES_ROOT\guarantee\(Default)=URL:Guarantee Protocol
My Computer\HKEY_CLASSES_ROOT\guarantee\URL Protocol=""
My Computer\HKEY_CLASSES_ROOT\guarantee\DefaultIcon\myApp.exe
My Computer\HKEY_CLASSES_ROOT\guarantee\shell
My Computer\HKEY_CLASSES_ROOT\guarantee\shell\open
My Computer\HKEY_CLASSES_ROOT\guarantee\shell\open\command
My Computer\HKEY_CLASSES_ROOT\guarantee\shell\open\command\(Default)="C:\Program Files\myApp\myApp.exe" "%1"

Now when someone clicks a link <a href="guarantee://234-343-34343">Certificate Number</a> my application is launched and the number is passed to it as a Command Argument

This led to another problem aside from parsing the Command$ input to get the number and strip out the URL Protocol call. My app instancing had to be corrected.

Obviously all I needed was one instance of my app running but the code to do this checked to see if my app was running and if it was killed the second instance of the app and using the windows handle of the previous app, activated it. When you do this though, you have to pass the command$ from the second app to the previous instance and call the load certificate function.

After reading and testing and reading and testing, the code was getting messy with alot of Windows API calls and dealing with Mutex calls and sub-classing. I was under pressure with time and just needed a quick and dirty solution and so used a simple .ini file as storage so the previous app would know what certificate to launch.

End result? Works flawlessly....

Moral of the post?
A quick an dirty hack, although not the correct way of doing things, sometimes works out more efficient time wise than re-writing a big part of the application if it achieves the goal you set out to achieve.

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [1] - Leave a comment
2006-06-06 10:36:00.0

Hot Computerless Weekend

This was the first weekend since going to New York that I havent taken my laptop home for the weekend.

I decided to leave it in work on Friday and as this weekend was a bank holiday only got to check my mail etc today. The break was good.

The weather was roasting and I spent the last 3 days lying on the beach reading. I picked up a book called Adventures in Code

"Adventures in Code tells the story of the software industry in Ireland through the experiences of its key figures. It explains how a small country with no apparent aptitude for applications development produced hundreds of small exporting companies and broke through the barriers to selling non-American products in the US. This remarkable achievement deserves attention because it reflects the broader socio-economic-cultural evolution of Ireland over the past 25 years and offers insights into the country’s changing relationships with the rest of the world."

While an interesting read in places, the book had a very poor structure and focused more on stats an percentages than giving insights and anecdotes on software development in Ireland. I found the whole book quite boring and biased. The key figures responsible for the driving of software development in Ireland were painted too favourably and it was apparent the author didnt want to piss people off. For instance, a number of these so called legends wasted alot of money on stupid ventures which were quickly brushed under the carpet.

Even though this book was meant to focus on software development, too many pages were filled with product service companies who wrote NO code such as CadCo and Horizon etc One interesting part of the book was the running theme of cashflow. Nearly every software house ran into cash flow difficulties and struggled along doing Service and Contract work to survive while also trying to roll out some products.

The successful companies achieved this by focusing on specific areas. The message of the book is one we see everyday and that is that companies dont really care how good a piece of software actually is as long as its affordable and saves money in the long term...

It was both blood boiling and interesting though to read about companies in Cork who we are now bidding against for work. At one stage 3 Cork companies were mentioned together and I had a little chuckle cause we have beaten 2 of these companies for contracts in our local area :-)

Tags: Books | My Work
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [0] - Leave a comment
2006-05-15 22:13:00.0

Freefoam Guarantee Application

Just completed a nice little application to help Freefoam staff print Guarantee Certificates and Address Labels.

The application was written in VB and uses a WebBrowser Control to display the online HTML based Certificates which are in turn generated using ColdFusion.

Each certificate contains META data which is polled by the VB app, de-serialized and transformed into a raster image which can be sent directly to a DYMO LabelWriter 400 Turbo printer. At the same time the label is printed, the HTML certificate is sent to a Colour HP Printer.

The user can enter a Certificate number and the correct certificate loaded in the browser control.

The application runs in the system tray and is instantly available for use by double-clicking the task tray icon.

Small App but one that was fun to write and saves a hell of a lot of time to the client.....

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [0] - Leave a comment