 |
Fusion Authority The House of Fusion Technical Magazine |
Issue:
10 February 14, 2000 February 20, 2000 |
| This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission. | ||
- Community
- inFusion Mail Server Contest Winner
- New Fusecards Tool
- New Fusecards Tool
- News
- Allaire Links with Productivity Point to Expand CF and HomeSite Training Nationwide
- Leading Animal Healthcare Site Picks Spectra
- New Software Packages 'Fueled by ColdFusion'
- The Installed Spectra Family Continues to Grow
- Column About L0pht's Lack of Ethics Mentions ColdFusion Exploit
- Leading Animal Healthcare Site Picks Spectra
- Tech and Tags
- What's New in the Tag Gallery
- New Allaire Clustering Technology White Paper
- Allaire Publishes New Security 'Best Practice' Recommendation
- Allaire's Site Posts New and Top Developers' Exchange Downloads
- Migrating Security Data
- Allaire Technical Brief: Use Clustering with Cisco's Local Director
- New Allaire Clustering Technology White Paper
- Reviews
- ColdFusion E-Commerce User Conference
- Techniques
- Know your Tools: Customizing Studio 1
- Errata: Two Small Items, FA Alert Week of Feb. 7 - Feb. 13
- Errata: Two Small Items, FA Alert Week of Feb. 7 - Feb. 13
- Security
- Cross-Site Scripting Vulnerability
Community
inFusion Mail Server Contest Winner
Congratulations to Scott Shou of Firewall Media for winning the inFusion Mail Server contest and receiving a free copy of inFusion Mail Server. Congratulations to Howie Hamlin and the rest of the iMS staff on a successful rollout of Version 1.1.[Top]
New Fusecards Tool
Steve Nelson just released a new, first-generation tool to build Fusecards. He's planning on collaborating with Firewall Media to improve the interface, and is open to suggestions for improvement.[Top]
News
Allaire Links with Productivity Point to Expand CF and HomeSite Training Nationwide
Allaire Corporation and Productivity Point International, a market leader in customized IT training, have announced a distribution agreement to offer Allaire authorized training on ColdFusion and HomeSite. Productivity Point will expand training on Allaire products to more than 100 cities across the North America at state-of-the-art technology learning centers scattered all over the country. This will allow Allaire to focus on expanding the curriculum of courses needed by the burgeoning development community.
Allaire Article 14504
SmartMoney Article
[Top]
Leading Animal Healthcare Site Picks Spectra
Allaire Spectra has made another conquest! VetCentric, the leading Internet company serving the veterinary medical community, has selected Spectra for its next-generation content management, e-commerce and personalization.
Allaire Article 14503
SmartMoney Article
[Top]
New Software Packages 'Fueled by ColdFusion'
BIRMINGHAM, Ala.--(BUSINESS WIRE)--Feb. 15, 2000-- Some tangible evidence of how far ColdFusion has come: Sitech Software has released two web development and management tools that list ColdFusion 4.0 Professional Server and ColdFusion 4.0 Studio as part of their system requirements. The tools are SiteMaker Corporate 2.0, designed specifically for mid-sized and large corporations, and SiteMaker Development 2.0, designed specifically for professional Web developers.
Yahoo Article
Sitech Press Release
[Top]
The Installed Spectra Family Continues to Grow
Allaire has published a list of over 50 new customers that have purchased Spectra.[Top]
Column About L0pht's Lack of Ethics Mentions ColdFusion Exploit
An interesting column by John Taschek on PC Week blames L0pht for hurting consumers, despite their stated "lofty" goals of strengthening Net security. Among his examples is the fact that nearly 100 ColdFusion sites were hacked within two days of L0pht posting a script that exploited a weakness in the examples shipped with the product.[Top]
Tech and Tags
What's New in the Tag Gallery
- HyperBanner CustomTag
- A ColdFusion custom tag to display HyperBanner Ads.
- CF_pimpCALENDAR_01
- This Monthly Calendar allows you to scroll to the next or previous months and highlights today's date, not a 'monthly planner.' Works great in both Netscape and IE 4+. Highly flexible, you can control all colors, fonts, and sizes.
- uniPOP
- Access your POP3 e-mail via the web. A friendly web interface to any POP3 account. No database, hence no email login information is saved.
- CFX_CYBERCASH Studio support
- This Studio 4+ tag editor is designed for the CFX_CYBERCASH tag from Allaire. Both 2.1 and DirectPay messages are supported.
[Top]
New Allaire Clustering Technology White Paper
Allaire has released a white paper describing multiserver processing options, introducing Allaire Clustering, and detailing how Allaire's clustering technology provides high-availability and scalability services. This URL will allow you to download the entire paper.[Top]
Allaire Publishes New Security 'Best Practice' Recommendation
Allaire continues to address the problems created by dynamically-generated HTML pages containing non-validated browser input with this set of "best practice" guidelines.Security "Best Practice": Validating Browser Input
[Top]
Allaire's Site Posts New and Top Developers' Exchange Downloads
Check this URL for a list of all tags and programs posted recently to the Allaire Developers' Exchange, and a rundown of the "Top 50 downloads" from the last month across the entire Developers' Exchange.New and Top Developers' Exchange Downloads
[Top]
Migrating Security Data
This article goes through the steps to upsize and migrate the policy store for Advanced Security from Access (smpolicy.mdb) to a MS Sql server datasource.[Top]
Allaire Technical Brief: Use Clustering with Cisco's Local Director
Allaire's high-availability clustering features work well with Cisco's Local Director load balancer to deliver increased Web site reliability and performance.[Top]
Reviews
ColdFusion E-Commerce User Conference
by Eva HoltsmarkEditor's Note: This article was originally published by Michael Smith in his CFConf mailing list. Reprinted with permission by Michael Smith.
Adam Churvis of commerceblocks.com did a full "brain dump" of ColdFusion knowledge to a filled auditorium in the DC metropolitan area this weekend. We got the code, savvy and techniques all in one.
The 2-day seminar cost $49, and at the end of the last day, he asked us, "Who here in the audience would have paid $195 to attend this?" Half the audience raised their hands in agreement! Churvis may be an e-commerce evangelist, but he is also a devoted programmer, and an engaging teacher too.
He made complex ideas seem doable. His homey presentation included true-life stories from the trenches of e-commerce and ColdFusion development battles. He admitted (and in one case demonstrated) his own mistakes to ensure us he knew us — and our mistakes. His metaphors made ideas entertainment: "If a client offers a big carrot and an unfair legal contract then tell them what they can do with the carrot!" In other words, all the technology in the world can not help you, if your business relationship sucks. Optimization is not to be performed at the query level but at the 'create table' level, DDL not DML. Write it out in pencil and paper! Or maybe take a look at commerceblocks product...save yourself the effort.
A few of the many incredible techniques, tips and tools he shared:
- Techniques:
- Indexing your website:
"TITLE tag and the first X# of words found in the body of the home page." - ABC Always Be Closing - upselling/cross-selling, post-sale e-mail
- Indexing your website:
- Tips:
- "Database locking granularity? The difference between a boulder and a grain of sand."
MSAccess = Table-level locking, SQL7 = page-level locking, Oracle = row-level locking
- "Database locking granularity? The difference between a boulder and a grain of sand."
- Tools:
- E/R Studio data modeling
http://www.embarcadero.com/products/Design/design.htm - E-commerce hosting
http://www.comstar.net - Payment processing
http://www.authorize.net
http://www.cybercash.com - remote access, PC Anywhere
http://www.symantec.com
- E/R Studio data modeling
I really enjoyed the show. And, Churvis is 'happy to help.' Contact him at (770) 446-8866 or at info@commerceblocks.com and he promises to help you. He even invited each of us to his home for dinner whenever we are in Atlanta. The guy is incredible; try the shopping at http://www.commerceblocks.com.
Want to see what you've just been reading about? Visit the ColdFusion E-Commerce User Conference Photo Page.
[Top]
Techniques
Know your Tools: Customizing Studio 1
by Michael DinowitzOne thing that I've learned is that to be good at something, you need more than just talent; You need good tools as well. Luckily for us all, Allaire has ColdFusion Studio to go hand in hand with the language. This editor cuts down on the time needed to write ColdFusion templates of any size, ranging from a single 'agent' to read through Ebay, to an entire stock site. The only problem with Studio is that it is so feature rich that many are lost on people. I'm going to highlight one such feature in this article and show how you can heavily customize Studio to make it "your" editing environment.
Most of us know the Tag Inspector that's located on the Resource Tab. This window shows us all the tags that are used within the current page. It also shows all the attributes for a specific tag that's been selected. One thing that few notice is that there's an option to edit the Tag Definitions.
This button, shaped like a little gear and located above the lower portion of the window, gives a programmer access to the definitions for any tag used in Studio. Here you can add new tags, edit the attributes of a tag, or even set some optional default values for an attribute.
In the figure above, we've added the values of #Application.DSN# and #DSN# to the optional defaults for the datasource attribute of the CFQUERY tag. When we press done, these values are then automatically added to the .vtm file for the CFQUERY tag. As you know, the .vtm file contains all the information for the tag, both for the Tag Wizard and for the Tag Insights. The optional defaults we added will not show up for the Tag Wizard . To make them show up there, we have to physically edit the .vtm file, which is something only a handful of people have actually done. On the other hand, these optional defaults WILL show up when we type the CFQUERY tag on the page. Once we type in the datasource attribute, the Tag Insights will offer us the option to select one of the values we set or it will allow us to type in anything else we may want.
After all this work, what are the results? One is a savings of dozens of keystrokes. This may not seem like much, but when typing all day, a few saved strokes can mean a lot. Additionally, you can now take the CFQUERY.vtm file, give it to all your developers, and now have a 'standard' of programming. This is exceptionally useful when you get a new programmer on your team and you want to get him up to speed fast.
A final thought came to me as I was finishing up this article. Most people don't scope their variables because they're just too lazy. It's true. Typing out a few extra characters is seen as a waste of time and/or effort. If you placed optional defaults into some of your tag attributes that contained all of the 'common' scopes, I expect people will start scoping a lot more. I plan to implement this tomorrow on my own machines.
As an aside, there's nothing wrong with being lazy. Every time-saving invention in the world was created by a lazy person. Lazy people put in a little effort once into building something so that they never have to do it again. This is an article on a lazy person's solution. :)
[Top]
Errata: Two Small Items, FA Alert Week of Feb. 7 - Feb. 13
In the article "ColdFusion with Style," the quote "The best laid plans of mice and men often go astray" is actually a paraphrase by the author of "The best laid plans of mice and men gang aft aglay." The original quote is by Robert Burns, not John Steinbeck. (Thank you to Dan Litwiller for bringing this problem to our attention.)In the review "E-Commerce Development with ColdFusion: Conference, February 12-13, 2000," we announced the availability at the end of March of Adam Churvis's cfseminar.com website. Actually, the name of his website will be coldfusionseminar.com.
[Top]
Security
Cross-Site Scripting Vulnerability
Allaire's Security Zone has issued Alert #ASB00-05: Cross-Site Scripting Vulnerability Information for Allaire Customers. Security Best Practice Article 14558 discusses validating browser input. Not a new vulnerability, "this particular problem has existed for years, and happens only when applications do not adequately validate end-user input."Allaire Security Alert #ASB00-05
[Top]
| This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission. | ||