Previous Issue Current Issue Main page Next Issue
Fusion Authority Fusion Authority
The House of Fusion Technical Magazine
Issue: 121

April 26, 2003
May 1, 2003
This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.

Michael Dinowitz to Present on Spam and Email at CFUN-03!
Macromedia Contribute Higher Education Solution Now Available
Tech and Tags
The Rules of Spam: An Introduction
How to Stop Spammers from Ripping Your Pages
Eminently Readable 'Templates and Parameters in ColdFusion'
Create Charts and Graphs in ColdFusion MX
What's New at
Best of ColdFusion Talk
Best of Talk (4/2/03)
Best of Talk (4/1/03)
Best of Talk (Weekend, 3/29/03 - 3/30/03)
Best of Talk (1/31/03)
Best of Talk (1/30/03)
Best of Talk (1/29/03)
Best of Talk (1/28/03)
Best of Talk (1/27/03)
Best of Talk (1/8/03)
Best of Talk (1/7/03)
Best of Talk (1/6/03)
Macromedia Announces Q4 Earnings for 2003 with an Increase in Earnings!


Michael Dinowitz to Present on Spam and Email at CFUN-03!

Michael Dinowitz hates spam. Yes, everyone else hates spam but he really hates it. He runs a number of high volume lists out of House of Fusion ( and he's in a constant war to keep spam off the lists. He thinks about spam, he dreams of ways to stop it and he write all his own code for this.

Why do you care? Because at CFun-03 on Sunday, June 22, he will be presenting on the topic of "What email is and how to control it," which will examine how email works, what the headers of a message mean and the various ways that one can determine if a message is spam just from the headers. Using this information to build custom anti-spam agents will also be provided.

If you hate spam as much as Michael does, you might want to sit in and listen.

For more information on CFUN-03, visit the CFUN-03 website at



Macromedia Contribute Higher Education Solution Now Available

April 15, 2003 -- Macromedia announced the immediate availability of the Macromedia Contribute Higher Education Solution, a licensing program that provides all the necessary software, development resources, and training materials to empower faculty, students, and staff to maintain web content. Contribute is Macromedia's new website editing product that allows non-technical users to create and edit their own static websites. The Higher Education package includes a license to install Macromedia Contribute on 25, 50, or 100 institution-owned computers, two Macromedia Press books on Contribute, online training modules, and development resources for both contributors and administrators. Additional assets, website templates, staff development resources, and presentations will be available to campuses that purchase the 50 or 100-pack versions of this solution.

The Higher Education Solution is available to Windows users only in the United States and Canada. Introductory pricing is $1,229 for 25 users, $2,449 for 50 users, and $4,659 for 100 users.

For more information, you can read the press release at, or visit the Contribute product page at


Tech and Tags

The Rules of Spam: An Introduction

By Michael Dinowitz

Many of you know of CF-Talk. Many of you know of the various other lists that are also run out of House of Fusion. One thing that never gets to these lists is spam. Why is that? For many reasons, the first of which is that I write and update my own spam filters.

In the next dozen issues or so of Fusion Authority, I will be going over the rules that I use to filter out spam. Some of these rules are very simple, while others are esoteric in the extreme. Each of these articles will examine one rule, the logic behind it and how much spam has been filtered by it (in relative terms).

The goal of these articles is to provide an education in blocking spam, while also making people aware of some of the tactics taken by spammers.

Michael Dinowitz
Master of the House
House of Fusion


How to Stop Spammers from Ripping Your Pages

by Michael Dinowitz

One of the tools of the spammers trade is the intelligent agent. This is a piece of code that goes to a web page, reads through the HTML and looks for anything that looks like an email address. This email address is then added to a database and will inevitably be spammed.

How can we stop this? One option is to remove all email addresses from web pages. This is not really an option, as it removes the ability for someone to contact you. Another option is to provide a form that will allow a visitor to contact you. This is also a bit cumbersome and not really worth it. A third option is to hide the email address. This option takes into account something that is basic to HTML -- the fact that any extended character written in a certain way will be displayed properly.

Let me explain. Let's say you want a ¢ on your page. There is no character in HTML for this. Instead you have to use this:

¢ HTML will automatically turn the above into the ¢ sign. This same technique can be used with email addresses. All you have to do is convert each character of the email address into its extended form and *poof*, it's safe from just about every web agent. The agent will see a mass of characters that do not match a web address. A human looking at the page will see a real web address. As this is something based in HTML itself, it'll work on every browser around.

Here's a UDF that provides this functionality:
 function AEmail(email)
  var ascii="";
  for(i=1;i LTE len(email); i=i+1)
   ascii=ascii&"&##"&asc(mid(email, i, 1))&";";
  return ascii;
Rather slick if I say so myself. This can be used in a static page by running an email address through this and pasting the results onto the static page. Instant spammer protection.

Just another tool in the war on spam.


Eminently Readable 'Templates and Parameters in ColdFusion'

It's rare that I find a beginner's level ColdFusion article that is readable, entertaining and crystal clear. So I was very surprised when I read through Chris Ivey's "Templates and Parameters In ColdFusion," part of a series called "Learn ColdFusion in 15 Minutes a Week" on So steer your ColdFusion newbies over to:

Templates and Parameters In ColdFusion (, March 9, 2003)


Create Charts and Graphs in ColdFusion MX

In this article, Brian Kotek gives a simple overview of charting and graphing features in ColdFusion MX.

Create Charts and Graphs in ColdFusion MX (, March 27, 2003)


What's New at

Create a new file. (CF Version 5)
This function will return the length of a file. (CF Version 5)
Returns the size (in bytes) of the specified file. (Windows only)(CF Version 5)
Returns a list of ancestor custom tags. (CF Version 5)
Add security by encrypting and decrypting URL variables. (CF Version 5)
Remove extra characters from a form post added by Mac IE. (CF Version 5)
Function returns a structure of client variable. (CF Version 5)
This UDF is an extensible, easy to use pattern validator using regular expressions. (CF Version 5)
Strip xml-like tags from a string when they are within or not within a list of tags. (CF Version 5)
Function which gets the value corresponding to a certain percentile from a list of numeric values. (CF Version 5)
Convert ASCII characters into a decimal number. (CF Version 5)
Converts a list into a QueryString. Allows an "Exclude List" as well. (CF Version 5)
CssPtScale increases the point size of text by one point for browsers other than Microsoft Internet Explorer. (CF Version 5)
Pass in an XML Node and attribute reference to receive the attribute's value. (CF Version MX)
Turn 1 into 1st, 2 into 2nd, etc. (CF Version 5)
Checks if a given variable is a specific CFC type. (CF Version MX)
ListMax returns the greatest value in a list. (CF Version 5)
NonZero returns TRUE if a value (numeric or text) is not an empty string and is greater than 0. (CF Version 5)
Removes all non-essential formatting from a number. (CF Version 5)
Removes potentially nasty HTML text. (CF Version 5)
Returns the work shift for a sequence based work schedule. (CF Version 5)
Removes ASCII character codes from the string. (CF Version 5)
Creates a verity "safe" search string. (CF Version 5)


Best of ColdFusion Talk

Best of Talk (4/2/03)

by Dina Hess

Title: CFMX Updater 3 Available
Date: 04/02/03      26 Posts
Summary: ColdFusion MX Updater 3, now available for download at Macromedia's website, focuses on improved database drivers and adds over 100 fixes that increase server reliability and stability.
Title: Encrypting Password
Date: 04/02/03      18 Posts
Summary: Use the Hash() function to encrypt a password before storing it in the database. Hash() uses a one-way encryption algorythm that cannot be "decrypted." This thread also includes several options for dealing with forgotten user passwords.
Related: Hash() Across CF Versions (Was: Encrypting Password...
Title: Is There a Trick...
Date: 04/02/03      26 Posts
Summary: Use Application.cfm to duplicate application variables to the request scope if you want to make the request-scoped variables available to all frames in a frameset. This thread also contains a discussion about the changes to locking requirements in CFMX.


Best of Talk (4/1/03)

by Dina Hess

Title: Deleting Items Older Than 7 Days from Today
Date: 04/01/03      11 Posts
Summary: You can use Transact-SQL to return dates that are 7 days older than the current date, like this: DateDiff(dd, startdate, GetDate()) >= 7.
Related: SQL: Deleting Items Older Than 7 Days From Today
Title: Dynamic Anchors on CF Page
Date: 04/01/03      14 Posts
Summary: Need to know how to link to a specific place on a page if you're inside a CFOUTPUT tag and the name is dynamic?

To name a place on the page use <a name="#somename#">.
To link to the name use <a href="###somename#">.

Title: HTML Prob
Date: 04/01/03      8 Posts
Summary: The HTMLEditFormat() function comes in handy when you need to escape double quotes within a string. Alternately, you could wrap the string in single quotes or replace each double quote with its HTML name entity--&quot;.
Title: Loopy Loop!
Date: 04/01/03      7 Posts
Summary: Need to increase the performance of a process that gets email addresses from a database to send to a file? Use SQL to return the data in the correct format then write the data directly to the file. Just be sure to use a named lock on the file process to prevent concurrency issues.
Related: How to Make it Go Faster?
Loopy Loop & Fast SOLVED


Best of Talk (Weekend, 3/29/03 - 3/30/03)

by Dina Hess

Title: Accessing Parent CFC's Variables
Date: 03/29/03      13 Posts
Summary: Here's a CFC mini-lesson that focuses on the data accessibility differences between inherited and composition child objects. In short, a child composition object cannot see any of its enclosing parent object's non-public variables, but inherited objects do have access to all of the base object's data. This thread also includes important points about the use of init() and instance.
Title: Form Building software
Date: 03/30/03      22 Posts
Summary: Looking for software that will make short work of database entry forms with add/update/delete functionality? One poster offers his code to build a form from a SQL Server table. Other recommendations include Dreamweaver MX, XForms, CommerceBlocks V2.1, LoRCAT, and CF-Builder. URLs are included.
Title: Request for Review: "Variables in CFML
Date: 03/30/03      22 Posts
Summary: A paper about CFML variables inspires a discussion about why some developers use client variables rather than session variables. This thread concludes with a summary of how J2EE sessions work in a clustered server environment.


Best of Talk (1/31/03)

by Dina Hess

Title: CFCs - Property Access Best Practices
Date: 01/31/03      22 Posts
Summary: This is a "must-read" for anyone interested in learning more about CFCs. Discover why it's a "best practice" to use the unnamed scope for instance data and the set/get methods when creating CFC properties. There's also some discussion about implementing built-in set/get methods on properties, "chaining" method calls in CFSCRIPT, and using a DTO design pattern for CFC structures to reduce network traffic.
Title: CFQUERYPARAM and Unicode
Date: 01/31/03      11 Posts
Summary: You can use CFQUERYPARAM in CFMX to INSERT double byte information for Eastern Asia languages (i.e. Korean). There is a setting in CF Admin that lets you enable Unicode for your data sources.
Title: Deleting Session Variables
Date: 01/31/03      9 Posts
Summary: To delete the contents of a session variable, try:

     structdelete(session, "varName");
There's also a light discussion here about the importance of scoping variables.
Title: OOP, Custom Tags..
Date: 01/31/03      22 Posts
Summary: A developer who recently upgraded from CF 4 to CF 5 is advised to read the online documentation to get up to speed. The world of CFSCRIPT and UDFs is explored along with the advantages of using CFCs over UDFs.
Title: SOT: Serv-U?
Date: 01/31/03      33 Posts
Summary: Serv-U gets a big "thumbs up" from shared hosts for easy-to-manage FTP service. IIS FTP, on the other hand, may be a "best choice" FTP solution to handle users with pre-existing Windows accounts. To provide these users with directory access based on their usernames, just give the FTP virtual directory the same name as the user's login account.
Related: SOT: Serv-U? on Win2K=great


Best of Talk (1/30/03)

by Dina Hess

Title: Breadcrumb Navigation CF Tutorial
Date: 01/30/03      10 Posts
Summary: Here are a few ideas for working with nested navigation paths, like using parent/child database categories, a two-dimensional array, or the CF_BREADCRUMB tag available at DevEx.
Title: CFObject Error
Date: 01/30/03      9 Posts
Summary: If you are experiencing problems with CFOBJECT, run dcomcnfg and add the user CFMX is running as to the access list.
Title: Client Variables - Serious Problem
Date: 01/30/03      37 Posts
Summary: Here's a discussion you won't want to miss out on because it addresses a security issue related to client variable mix-ups. Recommendations include appending the CLIENT.URLTOKEN to every URL to maintain state, comparing the CLIENT and COOKIE CFIDs and resetting if necessary, checking the referrer and redirecting if necessary, and implementing UUIDs to ensure a unique CFID/CFTOKEN combo. Application.cfm code examples are included. Note: Client variables do *not* require locking.
Title: New Problem with CSV... Argghhh
Date: 01/30/03      16 Posts
Summary: This is great resource for working with CSV files! It includes a "best practice" recommendation for setting up the CSV file as a TEXT datasource and using CFQUERY to create a recordset from it. You'll also find a solution for handling nulls so you can loop over the CSV file as a list. Full code examples are included.
Title: Screening Files Before CFFile Upload: Follow-up
Date: 01/30/03      15 Posts
Summary: To gain a better understanding of the HTTP protocol, which controls file uploads, read the RFCs. This thread also contains a discussion about why CFFILE poses a security risk along with a very concise overview of how to secure a CFMX server.


Best of Talk (1/29/03)

Title: CF 5 and Unicode
Date: 01/29/03      5 Posts
Summary: Can CF 5 correctly display Cyrllic characters? Yes; if your character data is converted to UTF-8 and strings are not parsed, CF 5 will display this character set correctly. However, the "best" way to handle global character sets is to upgrade to CFMX and use Unicode throughout the application.
Title: CSV Loop
Date: 01/29/03      23 Posts
Summary: Need to debug problem code? Use CFDUMP to see the contents of any variable. You can also enable debugging options in CF Admin and restrict the display to your IP address. If, after that, you're not seeing debug info, make sure <CFSETTING SHOWDEBUGOUTPUT = "No"> is not included in the Application.cfm file or on the page you're processing.
Title: SQL Query - Can You Do This
Date: 01/29/03      4 Posts
Summary: Is it possible to manipulate data from two different databases in one CFQUERY? Yes. Just prepend the table name with the database name, like this: database_name.table_name
Title: Struct Sort
Date: 01/29/03      10 Posts
Summary: Looking for a way to sort structure keys alphabetically? Try this suggestion, gleaned from Macromedia's LiveDocs:




Best of Talk (1/28/03)

by Dina Hess

Title: Flasher
Date: 01/28/03      5 Posts
Summary: Here are several Flash MX forum recommendations, rated by user level.
Title: Passing Parameters at Time of CFC Object Creation
Date: 01/28/03      2 Posts
Summary: You cannot set CFC variables when the CFC is created. Instead, you will need to create the CFC and then call a method to initialize the CFC's parameters.
Title: SQLException occurred in JDBCPool" for Access ...
Date: 01/28/03      4 Posts
Summary: Database connection problems? You can get CFMX to provide a more accurate error message to assist you in pinpointing the source of the problem. For details, see:


Best of Talk (1/27/03)

by Dina Hess

Title: Newbie Question-Inserting the Current Date into Acc...
Date: 01/27/03      9 Posts
Summary: Looking for a "best practice" way to INSERT the current datetimestamp into an Access database?
  <cfqueryparam cfsqltype="CF_SQL_TIMESTAMP" value="#Now()#">
Title: Session Swapping
Date: 01/27/03      9 Posts
Summary: To end a user session when the browser is closed, create "session" cookies. These cookies store the session's CFID and CFTOKEN but, because they are set with no EXPIRES attribute, they reside in memory and are gone when the browser is closed. For more information about "session" cookies, see the tutorial, "Closing Sessions on Browser Close," at Hal Helms' website (
Title: SQL Worm
Date: 01/27/03      20 Posts
Summary: The SQL Worm threat, which was revealed in July of 2002, is one of many reasons system administrators should be diligent about installing patches and service packs. This thread includes some discussion about UDP and the importance of properly securing firewalls.


Best of Talk (1/8/03)

by Dina Hess

Title: CFLOGIN (Was: Stupid Newbie Tricks)
Date: 01/08/03      5 Posts
Summary: Heads up! There are two issues with the CFMX roles-based security model. The SESSION timeout is different than the CFLOGIN timeout. Even if you synchronize, your login process still won't work as expected if you rely solely on the existence of CFLOGIN values. Also, users who log in under one role, log out, and then log in under another role will still be logged in under the first role.
Title: CFMX on OSX -- Fully Compatible? Why Not production?
Date: 01/08/03      20 Posts
Summary: MX on OSX is not available for use on a production server yet because Macromedia was responding to a demand for a developers edition. If there is enough demand for MX on OSX in a production environment, it's entirely possible that it may be offered in the future. Note: Verity is not available for MX on OSX.
Title: Stopping an Endless Loop
Date: 01/08/03      10 Posts
Summary: How do you end an infinite loop that's sending CFMAIL? Stop ColdFusion service to end the loop process, delete the files in cfusion/mail/spool to end the mail process, then restart ColdFusion service.
Title: Stupid Newbie Tricks
Date: 01/08/03      14 Posts
Summary: CF experts offer tips for refining the login conditional logic and redirection technique used in an Application.cfm file. "First-attempt" code using the CFMX roles-based security model is included.
Related: Login Prob


Best of Talk (1/7/03)

by Dina Hess

Title: CFC - Var vs. This
Date: 01/07/03      16 Posts
Summary: What's the difference between "var" and "this?" "Var" is used to set non-public instance variables while "this" is the public variable scope for a CFC instance. "Var" is not directly related to CFCs and must be placed directly after a function/argument declaration. "This," on the other hand, is related only to CFCs and can be used anywhere in your code.
Title: CFMX & DW MX
Date: 01/07/03      20 Posts
Summary: Need information about where to find CFMX tag, function, and help doc updates for DWMX? Find it here. Homesite+, which is bundled with DWMX, may be an acceptable alternative for developers who prefer the CF Studio environment over DWMX.
Title: For the Mac Users Out There
Date: 01/07/03      27 Posts
Summary: Excitement mounts as Macromedia announces its support of Mac OS X in the Developer Edition of CFX for J2EE. Thank you for listening, Macromedia!
Title: Got an Opinion on MM Contribute?
Date: 01/07/03      22 Posts
Summary: How does Contribute "fit" in the marketplace? In a nutshell, Contribute works best with Dreamweaver to enable non-technical users to publish static, unapproved content to their websites via FTP. Although Contribute is not a true CMS, this thread contains a spirited overview of several top content management systems like CommonSpot and MSCMS. ActivEdit is also mentioned.
Title: OT: HTML Question
Date: 01/07/03      20 Posts
Summary: What causes NS 4.79 to balk when a table's BORDER attribute is set to 0? Suggestions include using the W3C HTML validator, prefacing hex color definitions with hash marks, and enclosing all attributes with quotes.
Related: HTML Question


Best of Talk (1/6/03)

by Dina Hess

Date: 01/06/03      7 Posts
Summary: Discover how different operating systems determine the MIME type of a file. We also learn that the filename can be checked before actually uploading a file.
Title: Newbie School of Hard Knocks
Date: 01/06/03      29 Posts
Summary: How can you test for and avoid duplicate database entries? At the database level, put unique constraints on fields that should not contain duplicate data. Alternately, you can CFQUERY the database for duplicate data, bypassing the INSERT if results are returned.
Title: Running ColdFusion Server on a Different Box to the Web Server - ...
Date: 01/06/03      7 Posts
Summary: Is it possible to run CF 5 on one box with the web server on another? Yes. Installation documentation for this "distributed mode" configuration can be found at:
Related: Running COldFusion server on a Different Box to the Web serve r -...



Macromedia Announces Q4 Earnings for 2003 with an Increase in Earnings!

April 30, 2003 -- Macromedia's earnings statement came out with the news that Macromedia's net earnings for the fourth quarter increased from $76.3 million in 2002 to $83.4 million in 2004, and their net earnings for the Fiscal Year increased from $326.5 million in 2002 to $336.9 million in 2003. This is great news and I just wanted to say "Congratulations, Macromedia."

You can read up on Macromedia's earnings in their press release here:

and more information can be found at, including a Breeze presentation about their earnings statement and the future of Macromedia.

If you're like me, though, some of these financial terms might be causing your head to hurt. So you might want to check out the financial terms glossary on IBM's site that I found very helpful:


All articles are for informational purposes only and do not constitute a suggestion to buy, sell, or in any way trade in any stock or securities.

This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.