 |
Fusion Authority The House of Fusion Technical Magazine |
Issue:
4 January 3, 2000 January 9, 2000 |
| This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission. | ||
- News
- Allaire's Latest Acquisition: Valto Systems
- ColdFusion ICQ Active List Database Corruption
- CFBugTraq Down for Repairs
- TeraTech Announces Two-Day ColdFusion E-Commerce Conference
- Multex.com Upgrades Allaire's Rating
- JRun 3.0 Beta 2 Released
- Allaire 'Webinar' on Servlets Scheduled for January 13th
- The Allaire Developer's Conference 1999 and 2000: New Resources
- ColdFusion ICQ Active List Database Corruption
- Tech and Tags
- What's New in the Tag Gallery
- Views
- A Year in the Life of ColdFusion-Talk
- Techniques
- The Law (according to Michael Dinowitz) Part 1
- Security
- Patches Released for ColdFusion 4.5 Bugs
- Authenticated Webtop User Security in Allaire Spectra 1.0
- Potential Denial of Service Problem in Allaire Spectra 1.0
- Patch Available for CFCACHE Tag Potential Exploit
- Upgrade Installation Problems with HomeSite 4.5 or Studio 4.5
- Clustered (4.5) Server May Lock into Busy State
- Authenticated Webtop User Security in Allaire Spectra 1.0
News
Allaire's Latest Acquisition: Valto Systems
Allaire Corp. has announced the acquisition of Valto Systems, a company specializing in Enterprise JavaBean (EJB)-based server technologies. According to Jeremy Allaire (as quoted in InfoWorld), the addition of Valto's all-Java EJB server, Ejipt, should fill out Allaire's overall e-business platform by providing greater Java support and transaction technology. Allaire has said that it plans on bringing to market a standards-compliant suite of Java2, Enterprise Edition, server products based on Valto's technology.Those servers will connect to Allaire's ColdFusion application server and will include a Java Server Pages (JSP) server with full support for the JSP 1.1 and Servlets 2.2 specifications, an EJB server compliant with the EJB 1.1 specification, a Java transaction server based on the Java Transaction Architecture 1.0 specification, and a Java message queue server based on the Java Messaging Service 1.0 specification.
Allaire also plans to continue selling Valto's Ejipt 1.2 EJB server. Look for a public beta release of the next-generation Ejipt later this month.
Allaire Announcement
[Top]
ColdFusion ICQ Active List Database Corruption
The ColdFusion Active List (ICQ 48787133) experienced a database corruption over the weekend and a number of people were dropped from the list. These people should have no problem getting right back on. If you are no longer receiving the list, please sign on again and your service will be restored.[Top]
CFBugTraq Down for Repairs
January 4, 2000: A known and respected ColdFusion resource, CFBugTraq, is closed down temporarily due to technical difficulties. The site was sending out multiple emails about each bug that was submitted. It has been shut down while G-Triad fixes the problem.[Top]
TeraTech Announces Two-Day ColdFusion E-Commerce Conference
TeraTech is holding a two-day ColdFusion E-Commerce conference on Saturday, Feb. 12 and Sunday, Feb. 13 in Rockville, Maryland. The speaker is Adam Phillip Churvis, the President of Productivity Enhancement. The cost is just $49, which includes materials. For more info and registration, see http://www.teratech.com/cfconf2/.[Top]
Multex.com Upgrades Allaire's Rating
NEW YORK--(BUSINESS WIRE)--Jan. 5, 2000--Multex, a financial research site, has upgraded the rating for Allaire Corp. shares (ALLR) to BUY/HOLD. Industry analysts have been predicting that Allaire's year-end report will show a brightening of the financial picture. Losses are expected to be less than in prior years.This research report is available free; you will be asked to register at multex.com to download the document: http://www.multexinvestor.com/download.asp?docid=1358299&promo=bw
[Top]
JRun 3.0 Beta 2 Released
Allaire has released JRun 3.0 Beta 2 for Windows NT and Solaris. The new release includes a JRun tag library, support for 2.2 Servlet API and JSP 1.1 spec, new JRun demos/examples, and a new UNIX script for controlling start/stop of individual JRun JVMs (Java Virtual Machines). Allaire plans to release JRun 3.0 in early 2000. JRun 2.3.3 purchasers will receive a FREE upgrade to JRun 3.0.For more information, see http://www3.allaire.com/developer/gallery/index.cfm?Objectid=13910.
[Top]
Allaire 'Webinar' on Servlets Scheduled for January 13th
For the not-yet-committed-to-servlets, Allaire will hold a free "Webinar" (Web-based seminar) from Intraware titled "Building, Testing, and Deploying Java Servlets: Should you be doing it?". This seminar covers what servlets are, what products are on the market, how to test servlets, and how best to deploy servlets. It ends with a Q&A session where you can address your concerns to folks from KL Group, Allaire, and Intraware.For more information, see http://www2.allaire.com/developer/gallery/index.cfm?Objectid=13929
[Top]
The Allaire Developer's Conference 1999 and 2000: New Resources
For those of us who missed the Developer's Conference last year, the General Sessions were taped and are now available at the Allaire site in streaming video. See what you missed, then go to http://www1.allaire.com/conference/ and sign up for the e-mail list in preparation for Allaire Developer Conference 2000. Next year, we'll meet from November 5-8 at the Marriott Wardman Park Hotel, in Washington, DC. See you there![Top]
Tech and Tags
What's New in the Tag Gallery
- Event Registration System
- The Event Registration System allows you to create online registration for classes, seminars, presentations, etc.
- CF_OpenDirectory
- Add a full-blown internet directory and search engine to your web site!
- NSI_Whois
- WHOIS lookup tag using the new NSI shared registry to determine if a domain name is available for registration.
- CF_NoTags
- This strips all tags (HTML and CFML) from whatever text is passed to it.
- CF_Voyeur
- This ColdFusion custom tag parses out the search criteria from a well-known search engine.
- SiteVine V3.0
- SiteVine is a dynamic web content management system site built on an SQL database, allowing your organisation, through the SiteVine Administration Centre, to manage and maintain your own Web site content.
- CFX_EventLogger
- Writes custom events to the Windows NT/2000 application event log system from your ColdFusion applications.
- CF_iAuthorizerCC
- A tag to accept and authorize credit card transactions real time with Atomic's iAuthorizer Payment service.
- Mail Client v 1.0
- High quality web based email client.
[Top]
Views
A Year in the Life of ColdFusion-Talk
by Judith DinowitzA tremendous thank you to the members of the CF-Talk list, who provided House of Fusion with some statistics on CF-Talk activity in 1999. Here are the results of their research:
An Overview
The number of email posts on CF-Talk last year totaled 40,427.- The top ten posters were:
- 833 dwatts@figleaf.com
- 551 paul.smith@sag.support.net
- 540 mdinowit@i-2000.com
- 499 jp@myob.net
- 477 pra@aspmedia.co.uk
- 446 howie@CoolFusion.com
- 429 hannum@ohio.edu
- 387 jason@logisoft.com
- 369 cameronc@mindspring.com
- 363 ian@apa.org
- 551 paul.smith@sag.support.net
Volume and Bandwidth
At the currrent subscriber count on CF-Talk (over 1200), 40,427 posts would generate approximately 48,512,400 outgoing messages. If 90% of them (43,661,160) were sent out between the hours of 7:00AM and 10:00PM EST, that came to 7974 messages per hour during peak traffic, and 132 outgoing messages per minute. (During the week, this volume was probably higher than on the weekend.)As Cameron Childress noted, "That's an awful lot of email service to be providing for free."
On Friday, January 7, 2000, between the hours of 10:00AM and 5:00PM EST, 95 messages were posted to the list. With over 1200 subscribers, that generated 16,285 outgoing emails at the average rate of 271 messages sent per minute or 4.5 emails every second.
Assume an average email of about 2 or 3K in size. That would put last year's bandwidth consumption by CF-Talk at a little less than 139 Gigs. If everyone trimmed just one kilobyte off their replies to the list, that would bring that number down to about 92 Gigs. This could make quite a difference when sending out 4.5 emails per second.
Based on these numbers, every 2K email sent to the list creates about 2.3 megs of outgoing email, but every 3K message creates 3.5 megs of outgoing email. So does it matter if you trim your posts? Apparently, on CF-Talk, the answer is "Yes!"
Composition of the Posts
One member of CF-Talk did a tally of the last few days' digests. He said that 40% of the traffic on CF-Talk is quotes from previous messages, and 5% of posts are in HTML (which creates about three times the traffic of normal messages.) As Rob Cawte put it, "In consideration of the list operator and the bandwidth challenged, it'd be real nice if people were a bit conscious about only quoting relevant parts of messages, and turning off HTML mail (yes, you CAN do it!)." Also, he suggested that people include links to websites rather than pasting in the HTML.And the Conclusion?
These statistics serve to underscore the monumental task it can be to sustain CF-Talk (and the numerous related ColdFusion mailing lists on the roster here.) Many of our members, after seeing these figures, thanked Michael for his dedication in providing these resources to the community on his own free time. In turn, Michael and I would like to thank the community for being so responsive on the lists and in other forums. You help make the CF community the open, friendly place it is. Keep up the good work, and may we go into an even better year!
[Top]
Techniques
The Law (according to Michael Dinowitz) Part 1
By Michael DinowitzCFSET is probably the first tag that anyone learns in ColdFusion. Unfortunately, few learn it efficiently. Eventually, they learn through trial-and-error or from reading docs on how to do it right, but that's usually a while into their career. This paper should change that and serve to pull together all the different documentation about CFSET into one location.
I'm going to lay out some 'laws' of the CFSET tag that I've found to be the most efficient. They'll include when and where to use pound signs (#), how to create dynamic variables and when setting a variable isn't even needed. Please remember that while I call these laws, they're really good suggestions. If you find some practice that works better, use it. If you find something wrong in what I'm writing, please contact me so we can set it right.
There are actually two functions of the CFSET tag. The first is Assignment and the second is Execution . When used for Assignment, the CFSET tag can be said to have two parts. (This is rather important as it will color the terminology I'll be using throughout the article and in almost all my writings.) The first part of a CFSET tag is the Variable. This is the name of a variable that will be set by the CFSET operation. This value is usually static, but can be dynamically created in a special circumstance. The Variable section of a CFSET tag is only used in Assignment; It is not needed in Execution. The second part of the CFSET tag is the Value. This is the information that will be placed into the Variable. This information can be static, dynamic or a combination of the two. We can even use functions as dynamic information. This part of a CFSET is always used. When a CFSET tag is used for Execution, it allows certain ColdFusion functions to be run without trying to assign any value to a variable. In this case, only the Variable portion of the CFSET is used.
Tag Basics
These are the basic rules for a CFSET tag. There's little or no difference from the documentation that ships with ColdFusion other then the layout. You may want to skip this section, but I'd suggest looking it over as you may see something new.A Variable may only contain letters (a-z), numbers (0-9) or an underscore (_). No other character may be used in a Variable. A period (.) is used only to separate a Variable name from its Scope. All Variables are case insensitive.
|
Wrong: <CFSET Name$ = "Michael">
Right: <CFSET FirstName = "Michael"> Right: <CFSET Variables.FirstName = "Michael"> |
A Variable may not start with a number (0-9) or an underscore (_). Only letters (a-z) may be used.
|
Wrong: <CFSET 1stName = "Michael">
Right: <CFSET FirstName = "Michael"> |
Remember to always close off your quotes in a tag.
|
Wrong: <CFSET FirstName = "Michael>
Right: <CFSET FirstName = "Michael"> |
Remember to always close your tags properly.
|
Wrong: <CFSET FirstName = "Michael"
Right:<CFSET FirstName = "Michael"> |
Style
This section is totally arbitrary. This is the style I like to use for my code, but it's not the rule. Use what you feel most comfortable with.Variables should be as descriptive as possible. ColdFusion does not use more resources to write a long variable vs. a short one.
|
Wrong: <CFSET FNM = "Michael">
Right: <CFSET FirstName = "Michael"> |
All ColdFusion tag attributes should only be in double quotes ("). This is to differentiate them from function attributes which should only be in single quotes (').
|
Wrong: <CFSET FirstName = 'Michael'>
Right: <CFSET FirstName = "Michael"> |
The first character of a Variable should be capitalized. In addition, capitals should be used in various places to make the Variable more descriptive. Finally, a capital should be used after the period in a Scoped Variable .
|
Wrong: <CFSET firstname = "Michael">
Right: <CFSET FirstName = "Michael"> Right: <CFSET Variables.FirstName = "Michael"> |
When setting and/or using a string that contains both text and variables, you should separate the string component from the dynamic variable component and concatenate them together using an ampersand (&).
|
Wrong: <CFSET firstname = "Michael#url.id#">
Right: <CFSET FirstName = "Michael"&Url.ID> |
To expand on the last note, when the Value section of a CFSET only has a dynamic variable or a function, it should not be placed in pound signs (#) and quotes ("). This is commonly done.
|
Wrong: <CFSET firstname = "#Url.ID#">
Right: <CFSET FirstName = Url.ID> |
Dynamic Variables
The Variable portion of a CFSET can be set dynamically by placing the text portion within double quotes (") and surrounding the dynamic portion with pound signs (#).The Variable part of a CFSET does not need pound signs unless you're setting a dynamic variable name, in which case it should be inside double quotes (") as well.
|
Wrong: <CFSET #Name# = "Michael">
Right: <CFSET "#Name#" = "Michael"> |
When setting a dynamic Variable in a CFSET, remember to place the entire Variable within double quotes (").
|
Wrong: <CFSET #varname# = "value">
Wrong: <CFSET var#name# = "value"> Right: <CFSET "#varname#" = "value"> Right: <CFSET "var#name#" = "value"> |
Optimization
These are various tips that will help speed up your code. The savings tend to be in fractions of a millisecond per operation, but when you have a number of them on a page, they add up.The Variable part of a CFSET does not need quotes unless it is being dynamically set. This actually has a savings in time of approximately .004 ms.
|
Wrong: <CFSET "Name" = "Michael">
Right: <CFSET Name = "Michael"> |
When a large number (3+) of CFSETS are used in a row, it is more efficient to place them within a CFSCRIPT block. The savings is .02 ms and increases with each CFSET added. When 4 or 5 are used, the savings was .04 ms.
|
Option1:
<CFSET FirstName = 'Michael'> <CFSET Lastname = 'Dinowitz'> <CFSET Email = 'Mdinowitz@houseoffusion.com'> Option2: <CFSCRIPT> FirstName = 'Michael'; Lastname = 'Dinowitz'; Email = 'Mdinowitz@houseoffusion.com'; </CFSCRIPT> |
Execution
Certain ColdFusion Functions may be run without any concern being given for any sort of return variable. When these functions are run, it is more efficient and cleaner to use the following syntax for them.|
<CFSET Function()>
|
The following functions can be used in this way:
| ArrayAppend | ArrayClear | ArrayDeleteAt |
| ArrayInsertAt | ArrayPrepend | ArrayResize |
| ArraySet | ArraySwap | CF_SetDataSourceUsername |
| CF_SetDataSourcePassword | CFUSION_SETODBCINI | CFUSION_SETTINGS_REFRESH |
| CFusion_DBConnections_Flush | QueryAddRow | QuerySetCell |
| SetLocale | SetProfileString | SetVariable |
| StructClear | StructDelete | StructInsert |
| StructUpdate | WriteOutput |
This is usually used in such statements as the following one, which will delete a user session:
|
<CFSET StructClear(Session)>
|
Now before you get a smart idea about using a CFSET to output variables in place of a CFOUTPUT, let me tell you that it is less efficient.
|
<CFSET WriteOutput(Url.FirstName)>
|
To be continued ...
[Top]
Security
Patches Released for ColdFusion 4.5 Bugs
Source: http://www.allaire.com/Handlers/index.cfm?ID=14055Allaire has recently released patches for certain technical problems in ColdFusion 4.5. These problems have been reported by ColdFusion users to Allaire in the Forums.
Solutions released include:
New CFHTTP DLL Solves Some CFHTTP Problems
Those experiencing problems with CFHTTP in ColdFusion 4.5 should check out Seth Horan's replacement http.dll, posted on January 5th, 2000. However, this fix only tackled the problem of passing form values correctly to CGI scripts, leaving the issues regarding the addition of the port number to a resolved URL still not fixed. We look forward to further updates and ColdFusion Version 4.5.1, referred to in several posts.CFHTTP Will Not Submit FormFields in ColdFusion Server 4.5
Problem: In ColdFusion 4.5, when you use the CFHTTPPARAM to post FORMFIELDS to another page, it may not work. You will get an error message or you will find nothing will process. The cause of this problem? A simple difference in format. Allaire re-built the CFHTTP tag to use multipart/form-data, while the 4.x release and below used the application/x-www-form-urlencoded format.Allaire has posted a workaround.
CFPOP Bug Fixed For CF Server 4.5
Problem: Some older mailers such as Lotus Notes create non-standard boundary delimiters when constructing multipart submissions for attachments. The NS library that Allaire uses did not accommodate such boundaries. This manifested when an attachment would come through as part of the message body.Solution: The NS library was modified so that it would recognize these boundaries and attachments would be handled correctly by CFPOP. As this modified the MIME libraries, apply the patch to any CFPop code that was working in CF Server 4.01, but no longer works in CF Server 4.5.
[Top]
Authenticated Webtop User Security in Allaire Spectra 1.0
Allaire Security Bulletin Submitted Jan. 4, 2000Problem: An authentic Webtop user (who has been given permission to at least one section of the Webtop) can access other sections of the Webtop by typing explicit URLs.
For more information, see Allaire Security Bulletin (ASB00-01).
[Top]
Potential Denial of Service Problem in Allaire Spectra 1.0
Problem: When installing Allaire Spectra 1.0, a web-based Configuration Wizard is used to finalize a number of configuration settings, including a step that indexes data collections on the server. This step of the Configuration Wizard can be accessed via URL and the collections can be resubmitted for indexing. This could be used in a denial of service attack on an Allaire Spectra server.For more information, see Allaire Security Bulletin (ASB00-02): Addressing Potential Denial Of Service Problem With Installation Files In Allaire Spectra 1.0.
[Top]
Patch Available for CFCACHE Tag Potential Exploit
Released: January 4, 2000This bug concerns ColdFusion 4.0x users.
Problem: The CFCACHE tag, which performs template caching to increase page delivery performance, creates several temporary files, including one that contains absolute filenames with directory path information, URL parameters and timestamps. In ColdFusion 4.0x, these files are stored in the same directory as the .CFM page, usually in a publicly accessible web document directory, making information about the web document directory structure or URL parameters used to call site pages accessible.
Solution: Allaire has released a new version of the CFCACHE tag (also available in ColdFusion 4.5) that allows users to specify a non-web document directory to store the temporary file, making them inaccessible to browsers.
For more information, see Allaire Security Bulletin (ASB00-03)
[Top]
Upgrade Installation Problems with HomeSite 4.5 or Studio 4.5
Scenario: You install HomeSite 4.5 or Studio 4.5 and receive the error message "previous version not found," and are not able to continue.What's the Problem? The HomeSite 4.5 upgrade will not work if there is any instance of HomeSite 4.5 on your system. For example, If you previously had HomeSite 4.5 Evaluation or Beta version on your system.
Solutions to the problem available in the article at http://www.allaire.com/Handlers/index.cfm?ID=13935.
[Top]
Clustered (4.5) Server May Lock into Busy State
A clustered 4.5 Server may lock into busy state and will not serve content. There is a yellow exclamation point in ClusterCATS Explorer over the virtual server. When ClusterCATS cannot get the load value for a web server, it marks the server busy.For more information, see http://www.allaire.com/Handlers/index.cfm?ID=14020.
[Top]
| This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission. | ||