 |
Fusion Authority The House of Fusion Technical Magazine |
Issue:
37 August 21, 2000 August 27, 2000 |
| This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission. | ||
- Community
- CF Community Leaders Announce CF_Underground Pre-Game Show Before the Allaire Conference
- JRun-Interest Club on eGroups.com
- Fusioneers Developers Network Provides Contract Work
- ColdFusion Specials at the Cheap Geek
- Next Issue: Creating Custom Functions
- JRun-Interest Club on eGroups.com
- News
- Allaire Technical Support Revamped
- Boston Globe and CNET Portray Allaire as the Wal-Mart of Net Software
- Empower Gets Glowing Reviews from ZDNET
- Boston Globe and CNET Portray Allaire as the Wal-Mart of Net Software
- Tech and Tags
- What's new in the Tag Gallery
- Explore ColdFusion Server Advanced Security
- Release Notes for Allaire Software
- ColdFusion Locking Best Practices
- CFQUERYPARAM and Oracle Databases
- The Evolution of JSP
- Leverage the Web with Standards-Based JRun
- Case Study: Triphub.com
- JRun Betas Now Available
- Explore ColdFusion Server Advanced Security
- Views
- Community support
- Techniques
- Evaluation in ColdFusion
- Security
- PGP Encryption Security in Question
- O'Reilly WebSite Pro Write Access Vulnerability
- O'Reilly WebSite Pro Write Access Vulnerability
- Knowledge Base
- Copying Verity Collections in a Clustered Environment Causes Indexing and Searching to Fail
- Enabling Extended Character Sets in Oracle in ColdFusion for Unix
- Enabling Extended Character Sets in Oracle in ColdFusion for Unix
- Stock
- Legg Mason Views on Allaire
- Weekly Numbers
- Weekly Numbers
Community
CF Community Leaders Announce CF_Underground Pre-Game Show Before the Allaire Conference
Get ready for fun and excitement--ColdFusion style--courtesy of TeraTech, Fusion Authority and CFTipsPlus! The three CF community leaders announced today a mini-event, called the CF_Underground, to be run the day before the Allaire Conference in November. Games, CF events and fun networking will be the focus of this four-hour extravaganza, to run from 11 a.m. - 3 p.m. on Sunday, November 5, at a location near the Conference hotel to be announced soon."The idea is to get together as a community, but most of all, to have fun," said Judith Dinowitz, editor of Fusion Authority. "It's like a big, warmup party before the bigger one. Like the pre-game show at the NFL Superbowl." She promises that this "break-the-ice" event will have no serious "break your head" ColdFusion lectures, but that people will find themselves learning something about the language through events like the CF gameshow that is being planned for the Underground.
To find out more, visit the TeraTech site (http://www.cfconf.com/cf_underground/) or CFTIPSPLUS! (http://www.cftipsplus.com/cftipsplus/CF_UnderGround/cf_underground.cfm). To register, go to http://www.cfconf.org/cf_underground/cfudgreg.cfm.
[Top]
JRun-Interest Club on eGroups.com
Let me be totally honest and say that I hate egroups. A while back, they were used for the CF-Talk archives. At some point in the relationship they tried to hijack the list. I was not amused and asked them to stop. They instead kept on sending people to their CF-Talk rather than the 'official' one. I refuse to have anything to do with them since. On the other hand, I should not stop people from using new resources and they seem to have one now. Other than the Jrun-Talk list that took over for the official lists at livesoftware, there is a new JRun related list. This list, JRun-Interest is hosted by egroups and can be subscribed to there. The 'official' JRun-Talk list can be found at http://www.houseoffusion.com.[Top]
Fusioneers Developers Network Provides Contract Work
Amy Brooks of Allaire recommended the Fusioneers website. This network of ColdFusion developers are pooled each time a new ColdFusion contract comes up for work. The guy who runs it, Mark Warrick, outsources other developers on projects that he gets.There are almost 200 developers signed up in the network so far, so it's also a nice place to communicate with other ColdFusion developers.
Check it out.
[Top]
ColdFusion Specials at the Cheap Geek
Just received the following email in my mailbox, and thought, hey, why shouldn't everybody benefit? (Remember, though, mention in Fusion Authority does not mean an endorsement.)"The Cheap Geek now has Specials on Bundles of ColdFusion Server Professional, Studio and the SkillBuilding Interactive Training CBT.
"These bundles are for either Windows or Linux with or without the 2 year subscription. Buy as a package and save $590!
"Check out the bundle for Windows at http://www.TheCheapGeek.com/itemDetail.cfm?id=226 or for Linux at http://www.TheCheapGeek.com/itemDetail.cfm?id=229.
"Also, save 20% on any product upgrade when buying with a 2 Year Subscription.
"We have ColdFusion, Jrun, HomeSite, and even Spectra at the lowest prices you will find anywhere. Check out our entire inventory at http://www.TheCheapGeek.com."
[Top]
Next Issue: Creating Custom Functions
Yes, I know I promised my article on custom functions a few weeks back, but things kept coming up. As you can see above, the first part of the article (on Evaluation in ColdFusion) is here. The next part, which actually deals with creating the custom functions, will be in next issue.[Top]
News
Allaire Technical Support Revamped
Allaire has announced some new professional support programs:
- Single-Incident Support (Phone-based on a case-by-case basis)
- Bronze Support (5 pre-purchased incidents with a four-hour response time)
- Silver Support (Year-round, unlimited support, with a four-hour response time)
- Gold Support (Senior-level support with unlimited incidents, two-hour response time, and scheduled onsite visits
- Platinum Support (Senior-level support with up to eight authorized contacts, unlimited incidents, 2-hour response time, scheduled onsite visits, and rapid response assignments)
For information about these programs and the costs involved, see the link below.
[Top]
Boston Globe and CNET Portray Allaire as the Wal-Mart of Net Software
A very nice write-up of Allaire in CNET that poses some intriguing questions. Steven Syre And Charles Stein describe Allaire's stellar growth as a provider of low-cost web applications and speculate on the company's future. Allaire is the "Wal-Mart" of Net software, which has managed to reach an audience of several hundred thousand developers because of Jeremy Allaire's vision. "Wall Street doesn't doubt that Allaire can grow rapidly for a while. But it wants to know if the company is going to emerge as a winner in the end, one with a distinct advantage that will separate it from the pack." This question, the key for the company's long-term growth, is discussed candidly.Allaire Wants To Be Wal-Mart Of Net Software (CNET)
Think Wal-Mart of Net software (Boston Globe)
[Top]
Empower Gets Glowing Reviews from ZDNET
Ektron should be supremely happy with this review of their recently released content management system, Empower. The article was a glowing endorsement of Ektron's product and, indirectly, of ColdFusion, and had very little criticism. For example, "We were extremely pleased with the straightforward way Empower handles templates. They are simply ColdFusion files, which made it possible for us to easily edit templates and quickly drop our own pages in ... This simple approach provided one of the best template editing experiences we've had with any content management package."Congratulations, Ektron!
Empower Broker: Ektron Content Manager Handles Simple Tasks Well
[Top]
Tech and Tags
What's new in the Tag Gallery
- Execute 2
- This tag extends the ColdFusion CFEXECUTE tag to allow for creation of a variable as return instead of dumping the data directly to the calling page or outputting to a file. Works on Windows NT and 2000 with CF 4.5x.
- FuseMail 1.0
- FuseMail is a product unlike any other browser-based mail solution. FuseMail starts where other mail programs leave off, allowing users a system that can be used anywhere in the world. FuseMail currently requires Internet Explorer, due to the cutting edge technology that is used to create a powerful and efficient GUI. The main feature of FuseMail is an interface that is simple, clean and familiar. Users have all of the popular features that one would expect from a database-driven mail solution.
- CF_eFax
- Formats a message to be faxed via eFax.com. No special software is required on the Webserver or Web browser, since the message is sent to eFax via e-mail using the CFMAIL tag.
- CF_Accuweather4
- This is an update to CF_Accuweather3 to take out the ads they are sneaking in.
- CF_LOCATION
- Client-side redirection utility with a wait attribute that allows you to specify a pause in milliseconds.
- cf_containerContents
- This tag will return the contents of any given container on your site. You can return an array of object IDs, or a structure containing the object data, or both. Useful for programmatically inspecting what's going on with your site elements.
- CF_Slashdot
- version 0.4: The purpose of this tag is to parse the slashdot xml file containing the 10 latest headlines. The information is stored in an array of structures.
- Fully-scalable forum (newsgroup layout)
- This forum is fully configurable. It allows users to view all messages and login to post a new message or reply to a current message. Users can edit and delete their own messages.
- CF_Getweather
- This tag retrieves the current weather and the seven-day forecast for a user-specified ZIP code from weather.com. The information is returned as either a CFML structure or WDDX packet.
- Add Token
- CF_AddToken is a wrapping tag which will add a specified token to any hyperlinks in the HTML between the opening and closing tags.
- WAPMail 1.0
- This is a prototype WAP email application I developed earlier this year that allows users to send emails or check emails from any POP servers through a WAP device. Still have lots of room for improvement (exception handling, string parsing etc.), just don't have the time to tweak it. Feel free to modify the codes. Tested on UP.Simulator 3.2 and 4.0.
[Top]
Explore ColdFusion Server Advanced Security
This compilation, by by Joshua Pickering, Allaire Technical Support, and David Golden, Allaire Developer Relations, explores articles in Allaire's knowledge base that address the issues of advanced security on ColdFusion Server. The article addresses issues of installation, configuration, and operation of ColdFusion Server's advanced security features.Explore ColdFusion Server Advanced Security
[Top]
Release Notes for Allaire Software
Allaire has posted the release notes to current versions of its software in PDF format. This may help developers with questions about specific features of each version. Included: ColdFusion Server 4.0.1 and 4.5.1, ColdFusion Studio 4.0.1 and 4.5.1, JRun 3.0, Spectra 1.0 and 1.0.1, Forums 2.0.5 and 2.0.6, and HomeSite 4.0.1 and 4.5.1.[Top]
ColdFusion Locking Best Practices
Jim Schley, Premier Support, Allaire Corp., has come forth with this very important explanation of some of the best practices involved with locking shared variables. If you don't follow these practices, folks, you may run into some unforeseen pitfalls.ColdFusion Locking Best Practices
[Top]
CFQUERYPARAM and Oracle Databases
Bantu.com has done extensive work with CFQUERYPARAM with Oracle databases, and they note a major performance improvement of between 100 and 1000 percent, depending on the page, on the database side. CFQUERYPARAM allows you to bind variables to a specific variable type in a database engine. In this article, the Chief Information Technology Officer at Bantu.com explains how CFQUERYPARAM works and how to use them effectively.CFQUERYPARAM and Oracle Databases
[Top]
The Evolution of JSP
This article is taken from the JRun Custom Tag Library, included in JRun 3.0. Using code examples and explanations, it discusses the history and evolution of JRun and JSP (Java Server Pages), and the current JSP 1.1 specification in JRun 3.0. Examine the JRun methodologies, including the servlet API, the first iteration of JSP, and the current JSP 1.1 specification.[Top]
Leverage the Web with Standards-Based JRun
An in-depth study of the architecture of APRON, a Java-based web application built with JRun that uses JRun's extensibility to its benefit. It uses XML and Corba, as well as JRun's Java, to put W.R. Berkley Corporation's A+Plus quote and policy processing system on the Web. Find out why JRun is called "the Swiss Army knife of Java application servers."Leverage the Web with Standards-Based JRun
[Top]
Case Study: Triphub.com
A study of Triphub.com, a site that uses Allaire Spectra and a ColdFusion-based eCommerce engine to market travel and travel-related content to college students. This study specifically focuses on how this site uses Allaire Spectra's workflow services to get its content on the web quickly and efficiently.Online Travel Portal Makes Good Use of Workflows
[Top]
JRun Betas Now Available
JRun SP1 and JRun studio can be found at the new Allaire beta site.[Top]
Views
Community support
This is the 38th issue of Fusion Authority and I have to say we're going strong. The readership is still growing steadily, the content is rather useful (if I do say so myself) and the feedback we get from the community is great. There's just one problem. We don't charge for this service. Yes, its true we have banner ads, but to be totally honest, they don't bring in much money. We tend to give out banner space to friends and colleagues in support of the community, rather than searching out paid advertisements.For the first 6 months of operation, we did have a sponsor in AbleCommerce. This worked out rather well with us getting some very much-needed cash. Sadly, this relationship recently ended. Now we have a question. How do we fund this? How do we pay the editors and writers we have (yes, we are behind in paying some of our authors. This will be taken care of.) I've come up with a few suggestions and I'd really like community feedback on them.
- Charge a small fee for a subscription
- Charge a site fee
- Trust in banner ads
- Look for more corporate sponsors
- Fund it out of pocket
Just as a teaser, we have a number of additional projects being worked on to advance the community. The first is an annotated documentation system that allows people to make comments to the ColdFusion docs. This is currently in a final beta here. Additionally, we are building COMPLETE archives of all the houseoffusion lists. The structure of this is done and the display is in alpha at the moment. Currently this is limited to an archive of the Spectra-Talk list, but others will be put up soon. One of the places that the cash will be going to is to pay for editors to organize and clean up all of this content. Five years of content with anywhere from 50,000 to 100,000 messages a year is a LOT of work. What we need is a clear plan for support.
Thank you for your feedback and suggestions and please enjoy the issue. Oh, as a small experiment, I've removed the banner ads on this and the previous issue. This is to see if the ads are really useful at all.
Michael Dinowitz
Publisher, Fusion Authority
[Top]
Techniques
Evaluation in ColdFusion
by Michael DinowitzEvaluation can be divided up into two zones. The first, called an evaluation zone, is a location where variables and functions can be evaluated1 without the need for pound signs (#)2. In addition, it is the only location where expressions3 will be evaluated. The other location will be termed an output zone. This is a place where a variable or function needs pound signs (#) to be evaluated. This difference is mostly a cosmetic one and has almost nothing to do with code tightness and speed. On the other hand, proper usage of pound signs (#) is a sign of a good ColdFusion programmer4.
| Location | Needs # | Variables Functions | Text needs quotes | Processes Strings | Expressions |
|---|---|---|---|---|---|
| Evaluation Zones | |||||
| Right hand side of a CFSET statment | No | Yes | Yes | Yes | Yes |
| Anywhere inside a CFIF statment | No | Yes | Yes | Yes | Yes |
| Inside any Function | No | Yes | Yes | Yes | Yes |
| Inside Array/Structure brackets ([]) | No | Yes | Yes | Yes | Yes |
| Inside a CFSCRIPT tag block5 | No | Yes | Yes | No | Yes |
| Output Zones | |||||
| Inside the body6 of a ColdFusion tag (not CFSET/CFIF) | Yes | Yes | Yes | Yes | No |
| Inside a CFOUTPUT tag block | Yes | Yes | No | No | No |
| Inside a CFQUERY tag block | Yes | Yes | No | No | No |
| Dynamic (Left hand side) CFSET | Yes | Yes | Yes | Yes | Yes |
Evaluation in Strings
A string is simply text to be viewed or manipulated at will. Normally, a string does not have to have any special evaluation--unless there is a variable or function embedded within it.The way to embed a function or variable within a string is rather easy. You simply wrap the variable or function inside pound signs (#) and it'll be seen by ColdFusion as something to be evaluated. Stylewise, this is something that should never be done within an evaluation zone, only within output zones. In past versions of ColdFusion, there was a speed penalty for this but that penalty seems to be gone in version 4.5.1.
Inside evaluation zones, the proper way of using variables with strings is to treat them like expressions and concatenate them together. This will tell the ColdFusion engine to take the string and append the value of the variable or function to it. As above, this is seen as 'tight and proper' coding and makes people think you know what you're doing. :) On the other hand, there is a time and place where it is better to write your strings and variables/functions together. That time is when you are in a rush and have no time and that place is where you will have a LOT of text and variables mixed together.
CFSET
CFSET is a special case even among evalaution zones, as it has some added functions. The standard function of the tag is to take some value (assigned on the right hand side of an equal (=) sign) and assign it to a variable name that is on the left hand side of the equal sign (=). This is rather straightforward, until you want to dynamically create the name of a variable. This event breaks the rules of using variables. To create a dynamic variable, you place the text AND the variable inside of quotes. This is basically what we described above. It'll work and it is useful, but using the SetVariable() function is stylistically better.
<CFSET var1="name"> <CFSET "first#var1#"="Michael"> |
This results in a variable called firstname with a value of Michael.
Order of Operation
Functions have an order of operation when it comes to their evaluation. The reason for this is that you can nest functions and a function can have an expression as an attribute. Before a function can be evaluated, all of its attributes have to be evaluated. If one of those attributes is a function with attributes, then the nested function's attributes have to be evaluated. Let's look at an example:
<CFSET Form.list="1,2,3,4,5"> <CFSET list2="6,7,8,9,10"> <ListGetAt(form.list&list2,> <randrange(listfirst(form.list),listlast(list2)))> |
The order of operation here is:
- Evaluate the expression form.list&list2.
- Evaluate the variable form.list.
- Use the value of form.list as the attribute for listfirst().
- Evaluate the variable list2.
- Use the value of list2 as the attribute for listlast().
- Use the results of listfirst() and listlast() as the attributes for randrange().
- Use the value of form.list&list2 along with the final value of randrange as the attributes for listgetat().
Now you see why we don't want to think about this. It's tedious and obvious once you look at it. Evaluation moves from left to right and from inside out. As a side note, this is also the order of operation for any complex statement using functions and/or expressions such as the code inside the brackets([]) of an array or structure call.
Evaluation is one of the cores of ColdFusion and having a strong understanding of it is a must. With a deep understanding of it, you can create some really complex code. In my next article, I will discuss how to use advanced evaluation with the Evaluate() function to create custom functions in ColdFusion. While these are not true functions, they are a useful and interesting hack.
- 1) Evaluation - 1. The act of turning a variable into its stored value.
2. Getting the final value of a function call. 3. Getting a final value from
a ColdFusion expression.
- 2) Pound Sign (#) - A construct used in ColdFusion code to specify something to be evaluated. Only needed inside of output zones.
- 3) Expression - A combination of two or more of the following types of data: strings, numbers, variables, functions. These will be combined using operation characters such as the concationation operator (&) or the addition operator (+).
- 2) Pound Sign (#) - A construct used in ColdFusion code to specify something to be evaluated. Only needed inside of output zones.
- 1+1
- form.firstname & form.lastname
- 4) ColdFusion Programmer - ColdFusion has the characteristics of a
programming language and anyone writing with it can be considered a
ColdFusion programmer. If someone says that it is not a language or you are
not a programmer, tell them that Fusion Authority has a special shirt for
them (A reference to the FA Mofo shirt given to authors)
- 5) Tag Block - This is the location between a tag and its closing tag
- <CFSCRIPT> tag block </CFSCRIPT>
- 6) The body of a ColdFusion tag is the location between the name of the tag and the closing bracket.
- <CFHTTP tag body >
[Top]
Security
PGP Encryption Security in Question
Normally, Fusion Authority does not cover security issues that are not somehow related to ColdFusion programming. However, an article in this week's Webdeveloper Weekly on PGP encryption caught my eye. I feel it's important enough to put a small warning in the issue. Hopefully, this wrinkle in security will be resolved, but it pays to be aware of these things.Who Can You Trust? (Webdeveloper Weekly Refresh Report)
[Top]
O'Reilly WebSite Pro Write Access Vulnerability
This is an old security hole that has been re-reported in securityfocus. Upon installation of O'Reilly WebSite Pro, a number of CGI directories are created. The cgi-win directory is preloaded with a program called uploader.exe. This program allows uploading of content to the webserver with no security control and should be deleted.O'Reilly WebSite Pro Write Access Vulnerability
[Top]
Knowledge Base
Copying Verity Collections in a Clustered Environment Causes Indexing and Searching to Fail
It is a common practice, when using verity collections in a clustered environment, to index the collection on one server and put copies of the collection files on other servers in the cluster. However, problems may arise when the server storing the index has a different path than the other servers in the cluster. The URL below will explain the problem and how to resolve it.Copying Verity Collections in a Clustered Environment Causes Indexing and Searching to Fail
[Top]
Enabling Extended Character Sets in Oracle in ColdFusion for Unix
If you're using ColdFusion for Unix with Oracle databases, and you'd like to be able to pass extended character sets back and forth (i.e. foreign language characters), you'll need to enable some additional envirnomental variables up front. Here's the lowdown.Enabling Extended Character Sets in Oracle in ColdFusion for Unix
[Top]
Stock
Legg Mason Views on Allaire
"ALLR - Reiterated Buy, management meeting reveals product development ahead of expectations with Co. targeting core mass enterprise market, '00 est. $0.25, '01 est. $0.57, target $80"[Top]
Weekly Numbers
| Date | Open | High | Low | Close | Volume |
|---|---|---|---|---|---|
| 25-Aug-00 | 38.375 | 38.4375 | 37.50 | 38 | 264,400 |
| 24-Aug-00 | 36.375 | 38.75 | 36.375 | 38.6875 | 639,600 |
| 23-Aug-00 | 34.375 | 36.75 | 34 | 36.375 | 523,000 |
| 22-Aug-00 | 34.625 | 35.75 | 34.5938 | 35.375 | 466,300 |
| 21-Aug-00 | 33.75 | 35.375 | 33.75 | 34.5625 | 493,800 |
[Top]
All articles are for informational purposes only and do not constitute a suggestion to buy, sell, or in any way trade in any stock or securities.
| This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission. | ||