Dan Mackey On ColdFusion Development

ColdFusion, Java, .NET, AJAX, DHTML development and general programming. Daniel is owner and Administrator of CFTagStore.com and works for an Application Development Company in Ireland called Digital Crew. His interests cover all areas of programming in multiple languages with a particular interest in Internet Technologies.

All Articles tagged : Tips
2010-04-29 13:44:00.0

Getting JSP files compiling in Railo

As part of the code samples we are writing for the Teamwork Project Manager API, I needed to get JSP pages compiling. As I have switched mainly to Railo for all my ColdFusion development, I wanted to use that servlet engine and resin to test my work

My knowledge of Resin is pretty poor so this took me a while to figure out (especially the Class Path to JDK bit) but it may help someone else in the same position.

  1. Open up c:\railo\conf\resin.conf
  2. Add in the following to <class-loader> -> <tree-loader path="C:/Program Files/Java/jdk1.6.0_18/lib/"/>
  3. Open up c:\railo\conf\app-default.xml
  4. Uncomment out:
    • <servlet-mapping url-pattern="*.jsp" servlet-name="resin-jsp"/>
      <servlet-mapping url-pattern="*.jspx" servlet-name="resin-jspx"/>
      <servlet-mapping url-pattern="*.php" servlet-name="resin-php"/>

  5. Uncomment out:
    •   <servlet servlet-name="resin-jsp" servlet-class="com.caucho.jsp.JspServlet">
          <init>
            <load-tld-on-init>false</load-tld-on-init>
            <page-cache-max>1024</page-cache-max>
          </init>
          <load-on-startup/>
        </servlet>

        <servlet servlet-name="resin-jspx"
                 servlet-class="com.caucho.jsp.JspServlet">
          <init>
            <load-tld-on-init>false</load-tld-on-init>   
            <page-cache-max>1024</page-cache-max>
            <xml>true</xml>
          </init>
          <load-on-startup/>
        </servlet>

        <servlet servlet-name="resin-php"
                 servlet-class="com.caucho.quercus.servlet.QuercusServlet">
        </servlet>

        <servlet servlet-name="resin-xtp" servlet-class="com.caucho.jsp.XtpServlet"/>

  6. Wait for Railo to restart or Restart it in Services.

Bingo. JSP pages will now be processed along with CFM files

Tags: ColdFusion | Java | JSP | Railo | Tips
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [1] - Leave a comment
2007-08-02 17:35:00.0

Securing Your RSS Feeds Using Basic HTTP Authentication and ColdFusion

We are working on a project at the moment that requires secure RSS feeds. We need it to be secure in both browsers and Feed readers such as FeedDemon so decided that Basic HTTP Authentication was the best way forward.

The snippet of code below demonstrates how to force the user agent (browser/feed reader) to prompt for a username and password which in turn ties into our existing users table without messing around with IIS permissions and users etc

<cfset REQUEST.userAuthenticated = false>
 
<cflogin>
    <cfif isDefined("CFLOGIN")>	
	<cfquery name="checkUser" datasource="myDatasource">
	SELECT	u.userId
	FROM	users AS u
	WHERE	u.userName = <cfqueryparam value="#CFLOGIN.name#">
	    AND u.password = <cfqueryparam value="#CFLOGIN.password#">
	</cfquery>
	
	<cfif checkUser.recordcount NEQ 0>
		<cfset REQUEST.userAuthenticated = true> 
	</cfif>
   </cfif>
</cflogin>

<cfif NOT REQUEST.userAuthenticated>
   <cfheader statuscode="401">
   <cfheader name="WWW-Authenticate" value="Basic realm=""My RSS Feed""">
   <cfabort>
<cfelse>	
	<!----------- Continue With RSS output ------------------->
	Output your RSS Code Here
</cfif>

One small sticking problem which took some time to figure out:

On my local development server, the above worked perfectly. When I uploaded it to the production server running Windows Server 2003 Web Edition, the authentication popped up but kept popping up no matter what was entered in the username and password fields. The Realm header text was also not the one entered in the code above. After alot of digging it turned out to be a simple option on IIS that needed to be turned off.

The option to turn off is Directory Security -> Annonymous Access and Authentication Control - Edit - Integrated Windows Authentication

Once you disable Integrated Windows Authentication the whole thing works like a dream!

Not only is this a good way of securing your RSS feeds, its also perfect for Web Services or even securing your whole application. The draw back is that you cant style the login form as it uses the built in browser dialog.

Tags: ColdFusion | IIS | RSS | Security | Tips | WebDev
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [1] - Leave a comment
2007-02-08 17:49:00.0

Handy MySQL - ORDER BY FIELD

Had a slight problem today and found a neat solution.

My problem was I wanted to sort properties by status and date added but needed the status to show in a priority fashion.

For example, I wanted the order of the property status to be For Sale, For Rent, Sale Agreed and also to sort by date added.

I couldnt use ORDER BY propertyStatus, propertyDateAdded because then For Rent would come before For Sale.

The solution was to use ORDER BY FIELD

Syntax: ORDER BY FIELD(propertyStatus,'For Sale','For Rent','Sale Agreed'), propertyAdded DESC

This assumes you need some order though. Another good application of this would be ordering a field where its 'HIGH','MEDIUM','LOW'

Tags: MySQL | Tips
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [13] - Leave a comment
2007-01-25 14:10:00.0

Annoying IE7 bug with window.opener.document.location

I hate these types of bugs.

I have just wasted an hour of my day trying to figure this out. It works in Mozilla as expected and I havent tried IE6 but IE7 threw a strange error.

I was trying to check if a certain string was in the url of the window that opened a pop-up.

The code I was using that failed was:

I tried everything I could think of to try and test and re-check my code etc. I stripped it all back and thought maybe it was to do with string types so did the following:

Bingo...it worked. Turns out when I concatenate the str variable with an empty string, it solved the problem.

BTW, the code above is taken from the updates I am making to CF_FileManager to allow it to use CF_ProFlashUpload if you have that component in your dcCom folder.

Working pretty well right now!

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [5] - Leave a comment
2007-01-24 20:48:00.0

Two ColdFusion Things I Love

  1. REQUEST Scope
  2. Query Of Queries

Lately, while working on new interfaces for UDI - Digital Crews Database Interface custom tag (written by Peter www.cftopper.com) I was in the need for a simple method of querying a database using recursion with little overhead on the database.

I needed this to build up the path of a node in a { PARENTID, ID, NAME } type table. For instance, if it was a breadcrumb navigation and I wanted a page 4 levels deep, I wanted to know that the path was : Home » About Us » History » Overview when all I had to work with was the ID of the Overview page.

Before the REQUEST scope (CF 4.5 / 5 and earlier) I would possibly have used a SESSION or passed the data all around the shop. Now, I just pop my data in the REQUEST scope and can access it in the recursive custom tag.

Another issue I had was solved by Query Of Queries. I only wanted to hit the MySQL database once and in my example above, before Query Of Queries, I would have hit the database 4 times in a loop. Not good. Now, I do one query against the database and pass the resultant query into the custom tag (or function) recursively. Far more efficient!

One snag was if I passed the query as follows : <cf_myCustomTag query="#myDBSQuery#"> and tried to use it in the myCustomTag.cfm page as follows <cfquery name="QOQQuery">SELECT * FROM #ATTRIBUTES.query#</cfquery> I got an error saying the query wasnt in memory.

To solve it, I created a temp variable called cQuery and set it to ATTRIBUTES.query using <cfset cQuery=ATTRIBUTES.query> and called <cfquery name="QOQQuery">SELECT * FROM #cQuery#</cfquery>

Tags: ColdFusion | Tips
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [0] - Leave a comment
2006-10-20 01:41:00.0

Efficient MySQL database queries for pagination

Heres a nice little known gem of SQL to help with selecting limited amounts of records from a table. This can be used to pull paginated recordsets from a MySQL database efficiently.

Usually when I do pagination, I do a query on the database and limit the output using

The problem with this is that the whole query is executed and the results filtered out for you by ColdFusion.

I have only ever used the MySQL LIMIT clause with one parameter e.g : LIMIT 10 to return only 10 results but I didnt know you could tell it to start at a specific row and return the next 10 records.

So, the above can be cut down to:

which basically puts all the work on the database and tells it to fetch 10 records from the database starting at record 20.

The ORDER BY is important because the 20 is the row index so it will order the table first and then start at row 20.

A small tip but a valuable one none the less.

Tags: ColdFusion | MySQL | Tips
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [6] - Leave a comment
2006-08-30 11:23:00.0

Securing your applications URL variables

On my current project, security is top priority. The application is working with sensitive financial data so I really have to lock things down. Like most of my solutions ideas, this idea spawned while in the shower and thinking of how I was going to secure my URL variables.

To give a bit of background on the problem:

The framework we are using is our in-house application framework powered by ColdFusion which we have improved over the last 5 or 6 years. The security lies in the actual framework but my project uses quite a bit of AJAX so my ajax calls need to be secured in someway. Why not use the existing framework security I hear you cry? Well I do...to a point. But this is more of an extension to it. Typically an ajax call is done via URL GET and normally to a small action file. This call could easily be called and modified by an unscrupulous person as the main framework security is sometimes bypassed.

The solution:

In my application I have users logged in and I hold their userId in the session variable session.userId

My url would typically look like:

The problem with this is that on the EditTimeSheet page you must in someway check that the user calling the url is valid and that the timeSheetId passed is actually the intended record.

Knowing that I am storing the current users ID in session.userId I reckoned I could use this variable to encode the URL and decode it automatically on the receiving end, again using the users session.userId as the decoding key.

When this link is now click on in the browser, it looks like:

The next thing we have to do is write some code to decrypt this URL on the receiving end. This is the code that does it:

What this code does is check to see if only one URL var is passed. Then it checks to see if has a & or a =. It then attempts to decrypt it using the session.userId and recreates the ColdFusion structure URL[]

In a simple example of the output, have a look at the screen below:

Now, the above is a simple example of the whole concept and I have hard coded USERID in place of SESSION.USERID.

The overall aim is to build 2 UDFs to do all the work and make it nice and reusable and cut down on duplicate code.

Problems with the solution:

One thing you may have asked yourself is what if someone tacks on another variable name/pair value? Will the whole thing be bypassed? Yes and No.
Not only are you masking the variables, your also masking the way your app is working so on the receiving end you could check to see if the first element of the new URL structs value is blank, then ignore the rest of the vars in the struct. This though assumes that you are always using this encoding method in your URLS and that the first element will always be an encrypted string.

One interesting thing of note:

ColdFusion has 2 inbuilt and not widely documented functions called cfusion_encrypt() and cfusion_decrypt() which are exactly the same as encrypt() and decrypt() except that the encoded string they produce is alphanumeric as opposed to all ASCII chars of the latter functions. This makes them perfect for what I need as we are passing and dealing with URL variables.

Download the example files as a ZIP file

I'd love to hear other peoples views and ideas on it, so drop me an email, skype me or simply comment :-)

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [8] - Leave a comment
2006-06-08 13:15:00.0

URL Protocol and Instancing Fun

As I posted here one of the applications I had to write recently as part of a bigger project was a Guarantee Certificate printing application.

People register for a guarantee certificate on the website and an email is generated with a Guarantee Certificate Number and sent to the marketing department of the specific company offering the guarantees. The person tasked with printing the certificates then took this number from the email and pasted it into my application which in turn both generated a graphical certificate and address label and sent the output of both to a colour printer and Dymo LabelWriter respectively.

Now, the problem here is the amount of time it takes to generate a certificate through this process. The copying and pasting from email to guarantee application was about 10 seconds and with about 70 signups a day, that was 700 seconds of someones time wasted coupled with the amount of time for both printers to actually print. Thats about 10 minutes alone to copy and paste.

I had to find a way of speeding it up and cut down on the monotonous task of copying and pasting.

I noticed that FeedDemon had a custom url protocol called feed:// which would launch the FeedDemon RSS reader when a feed:// link was clicked. This got me thinking about adding a custom URL Protocol called guarantee:// which would call my app and pass the guarantee number into it.

As with anything, if you know it can be done, its only a matter of time before you figure out how to do it yourself. I began to think what has to be set in Windows to allow this custom URL Protocol and thought of the registry. Doing a quick search through the registry gave me the answer.

This is what needs to be added to the registry:

My Computer\HKEY_CLASSES_ROOT\guarantee
My Computer\HKEY_CLASSES_ROOT\guarantee\(Default)=URL:Guarantee Protocol
My Computer\HKEY_CLASSES_ROOT\guarantee\URL Protocol=""
My Computer\HKEY_CLASSES_ROOT\guarantee\DefaultIcon\myApp.exe
My Computer\HKEY_CLASSES_ROOT\guarantee\shell
My Computer\HKEY_CLASSES_ROOT\guarantee\shell\open
My Computer\HKEY_CLASSES_ROOT\guarantee\shell\open\command
My Computer\HKEY_CLASSES_ROOT\guarantee\shell\open\command\(Default)="C:\Program Files\myApp\myApp.exe" "%1"

Now when someone clicks a link <a href="guarantee://234-343-34343">Certificate Number</a> my application is launched and the number is passed to it as a Command Argument

This led to another problem aside from parsing the Command$ input to get the number and strip out the URL Protocol call. My app instancing had to be corrected.

Obviously all I needed was one instance of my app running but the code to do this checked to see if my app was running and if it was killed the second instance of the app and using the windows handle of the previous app, activated it. When you do this though, you have to pass the command$ from the second app to the previous instance and call the load certificate function.

After reading and testing and reading and testing, the code was getting messy with alot of Windows API calls and dealing with Mutex calls and sub-classing. I was under pressure with time and just needed a quick and dirty solution and so used a simple .ini file as storage so the previous app would know what certificate to launch.

End result? Works flawlessly....

Moral of the post?
A quick an dirty hack, although not the correct way of doing things, sometimes works out more efficient time wise than re-writing a big part of the application if it achieves the goal you set out to achieve.

Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [1] - Leave a comment
2006-05-23 12:02:00.0

Quick Tip : Mozilla disables window.status by default

I was doing some testing on an app that needed to display mouse events so instead of doing what I normally do I said its only quick debug so I'll set the window.status - No joy.....

Mozilla by default now disables access to WINDOW.STATUS

You have to enable it by going to : TOOLS->OPTIONS->CONTENT-> ADVANCED and enable "Change  window status text"

Just a quick one incase you ever need to turn it on. This is a good thing to stop annoying sites but bad in general. There should be a wizard when installing Mozilla where you can specify whats turned off and not have to find things in the future.

This is one of my main gripes with Mozilla and Thunderbird. There doesnt seem to be any consistancy in where OPTIONS, SETTINGS or PREFERENCES are stored and their popup windows, dialogs, menus and tabs all hide settings in the most unpredictable places.

This is one of the reasons Windows is the de facto desktop operating system for normal users because they standardised the user interface. Even though Firefox is a great browser and Thunderbird is a great email application, you can see they were primerily developed on platforms other than Windows where there is no standard as far as settings, menu items etc should be placed.

Tags: Javascript | Rants | Tips
Add to your del.icio.us    DIGG This!    Technorati Cosmos Link    Post to Reddit    Add to your Furl    Add to Blinklist
Comments [3] - Leave a comment