Previous Issue Current Issue Main page Next Issue
Fusion Authority Fusion Authority
The House of Fusion Technical Magazine 		Issue: 7

January 24, 2000
January 30, 2000
This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.
Community
Atlanta User Group Hosts Top ColdFusion Speakers, Plans for 550
 
News
Allaire Proposes a Two-For-One Stock Split
'It Was a Very Good Year' for Allaire
Updates, Hot Fixes and New Releases
Good News Spurs Significant Allaire Stock Sell-off
WebTrends Acknowledges Allaire's Role in Its Record Growth
New DevCenter for Spectra Launched
Conference 2000 Call for Topics
More News on February ColdFusion E-Commerce Conference
First National XML Conference Will Include ColdFusion Track
Catouzer Product Takes Off with a Little Help from ColdFusion
CNET HomeSite 4.5 Tour Highlights Time-Saving Features
 
Tech and Tags
What's New in the Tag Gallery
ACCESS DENIED Error When Writing to File-Based Database (Access, FoxPro, etc) That ColdFusion is Accessing
Cybercash Action='Batch-Commit' Does Not Work As Expected
String Data Right Truncation Error When Submitting a Form
Spectra Starter Series
Transforming XML to Application Data Using WDDX
A Hands-On Servlet Tutorial
Cryptography Basics
Ejipt 1.2: Installation Instructions and FAQ
Allaire Helps Siemens AG Group Synchronize the Munich Field Group
Allaire Tallies Popularity of Offerings on Developers' Exchange
 
Reviews
Book Review: Applied Cryptography: Protocols, Algorithms, and Source Code in C
 
Techniques
Crypto in ColdFusion
 

Community

Atlanta User Group Hosts Top ColdFusion Speakers, Plans for 550

The February 23 meeting of the Atlanta ColdFusion User Group (ACFUG) will boast two big names in the ColdFusion world: Ben Forta, lead author of the "ColdFusion Web Application Construction Kit" and related Que books, and Ashley King, a well-known developer and a software engineer at Allaire. Forta will present tips on how and, more importantly, how not to use ColdFusion. He will also include tricks of the trade used by some of the largest web sites powered by ColdFusion. King will be presenting a talk on Allaire Spectra.

The user group is also gearing up for a big turnout. While ACFUG's membership consists of over 250 ColdFusion programmers, the group has reserved a space at Emory University that seats 550 people. The user group has initiated a media push, sending press releases to local media outlets and to the Atlanta Association of Internet Professionals and spreading the word to other user groups in the area.

"ACFUG is very excited to have Mr. Forta and Mr. King as our special guests," said Cameron Childress, ACFUG President. "This will be an excellent opportunity for business leaders and those unfamiliar with ColdFusion to get a good taste for how the program operates, and what it can accomplish for any business."

Congratulations to ACFUG for taking the concept of a user group to the next level. For more information, email Cameron Childress or visit http://www.acfug.org.

[Top]

News

Allaire Proposes a Two-For-One Stock Split

Cambridge, Mass., Jan. 26, 2000

Allaire Corporation announced that its Board of Directors has approved a two-for-one split of the Company's outstanding shares of common stock. (This is subject to the stockholders increasing the authorized shares at a special meeting of stockholders scheduled for March 13, 2000.) The stock split will be effected in the form of a stock dividend and will entitle each stockholder of record at the close of business on February 15, 2000 to receive one share for every outstanding share of common stock held on the record date. The expected pay out date is March 14, 2000, with Allaire common stock anticipated to start trading on a split-adjusted basis on March 15, 2000.

Allaire Press Release
Individual.com Article: "SplitTrader.com Announces Investment Opinion on Allaire Corporation"
VarBusiness.com Article: "Allaire Stock Soars, Splits on Earnings Report"

[Top]

'It Was a Very Good Year' for Allaire

Cambridge, Mass., Jan. 26, 2000

Allaire Corporation has reported record financial results for the fourth quarter and year ended December 31, 1999, above analysts' expectations. Revenues for the quarter were $18.3 million, a 164% increase over the fourth quarter of 1998, and a 22% increase over the third quarter of 1999. The result: earnings for the quarter of $478,000, or 3 cents per share, compared with a loss of $4.3 million, or 54 cents per share, for the same period in 1998. This is the first quarter that Allaire stock has turned a profit.

For the fiscal year overall, Allaire lost $2.6 million, or 22 cents a share, on sales of $55.2 million, compared to a loss of $17.1 million, or $2.20 a share, on sales of $21.4 million in fiscal 1998.

The press release, noted below, also discusses Allaire's acquisitions of Bright Tiger Technologies, Inc., Live Software, Inc. and Valto Systems, Inc., as well as new business, product offerings, partnerships, industry recognition, and the just-announced proposed two-for-one split of the Company's outstanding shares of common stock (see previous article).

Allaire Press Release: "Allaire Announces Year-End Results and Profitable Fourth Quarter"
Computer Reseller News: "Allaire Shares Climb After Posting Solid 4Q Results"
ZDII: "Net Earnings Roundup: Allaire, Proxicom Shine"
CNET News: "Allaire Taking on the Tech Giants and Thriving"
On24.com Interview with David Orfeo, Allaire President and CEO, on Stock Split

[Top]

Updates, Hot Fixes and New Releases

Thanks to feedback from the ColdFusion community, Allaire has resolved specific technical issues with ColdFusion and HomeSite 4.5 releases. A number of "Hot Fixes" are available for ColdFusion 4.5 Server, and 4.5a updates are available for both ColdFusion Studio and HomeSite. The HomeSite and Studio 4.5a maintenance releases resolve two issues in version 4.5: one that may lead to lost data, and a color-printing issue. Allaire strongly recommends that these Hot fixes and updates be applied to their respective 4.5 product installations.

HomeSite 4.5a Update:
Instructions
Update

ColdFusion 4.5 Server:
Hot Fixes

ColdFusion 4.5a Studio:
Instructions:

http://www.allaire.com/handlers/index.cfm?ID=14215
http://www.allaire.com/handlers/index.cfm?ID=14216

Update

[Top]

Good News Spurs Significant Allaire Stock Sell-off

Friday, January 28

Allaire's announcement of earnings and revenue above analysts' estimates and a two-for-one stock split prompted a 25% drop in Allaire's stock, but this shouldn't disturb your sleep. Hear why Robert Fagin, Analyst with Bear Stearns, has a very positive outlook on Allaire.

On24.com Complete Streaming Audio Story

[Top]

WebTrends Acknowledges Allaire's Role in Its Record Growth

Portland, Ore., Jan. 24: Source: PRNewswire

WebTrends Corporation reported a 200% increase in revenues for the fourth quarter 1999: $7.4 million compared to $2.5 million for the same period last year. The company's strategic partnership with Allaire (and other venues) is listed as one of the contributing factors.

http://biz.yahoo.com/prnews/000124/or_webtren_1.htm
(This yahoo link may move or be down. They like doing that to their news.)

[Top]

New DevCenter for Spectra Launched

Allaire has announced the opening of a new site on Allaire.com focusing on Spectra, offering monthly features, technical articles, and tips as well as beta and security announcements.

For more information, visit http://www.allaire.com/Developer/spectrareferencedesk/.

[Top]

Conference 2000 Call for Topics

The last Allaire ColdFusion Developer Conference was a success, but some people complained that there were presenters or topics they had wished to see that were not covered. Well, this year you have a chance to vote in your favorite topics or presenters. Just participate in the brief on-line survey on Allaire's site, and help them shape the technical sessions for this conference. This is our chance as a community to give our input!

An added incentive: Participants in the survey get a chance to win a free conference pass (a $795 value) as thanks. For more information and to add yourself to the conference reminder e-mail, visit http://www.allaire.com/coldfusion.cfm?web_ID=1060.

[Top]

More News on February ColdFusion E-Commerce Conference

Last year's conference sponsored by TeraTech, Inc. and the MDCFUG netted 550 people, a respectable amount for a regional conference. This year, TeraTech has decided to focus on E-Commerce, and is holding attendance down to 110, so those interested might want to register early. The cost for the conference is $49 and includes materials. As Michael Smith, CEO of TeraTech, Inc., puts it, "Even if you factor in the cost of traveling to Maryland and a hotel room it is still a deal for two days of detailed real life CF E-commerce info!! :-)"

The seminar is presented by Adam Churvis of Productivity Enhancement Inc., publishers of the Database Blocks ColdFusion development tool. There is a detailed agenda and a schedule for the conference at http://www.teratech.com/cfconf2/DetailedAgenda.cfm. Mr. Churvis was the featured speaker at the last Atlanta CFUG meeting. He promises, "This one's going to be fast and furious; your brains will be smoking when you leave on the second day. Also, we will be remotely managing a co-located server live during the class to show what is necessary to setup and run a secure web server. Our many thanks to ComStar for providing the server and hosting for these seminars."

Online registration is at: http://www.teratech.com/cfconf2/.

[Top]

First National XML Conference Will Include ColdFusion Track

Pearl River, N.Y. (BUSINESS WIRE), Jan. 25, 2000

XML DevCon 2000 will be held June 25-28, 2000, at the New York Hilton in New York City. A four-day technical program focused on how to maximize XML for the enterprise, it is expected to attract more than 1,500 attendees from around the world. XML and Internet technology professionals can explore the exhibit floor or attend their choice of more than 20 sessions, including "Leveraging XML in ColdFusion Using WDDX ."

http://biz.yahoo.com/bw/000125/ny_sys_con_1.htm
(This yahoo link may move or be down. They like doing that to their news.)

[Top]

Catouzer Product Takes Off with a Little Help from ColdFusion

Vancouver, British Columbia--(BUSINESS WIRE)--Jan. 27, 2000- Catouzer, a leading ColdFusion web application development firm, announced the release of Synergy 2.0, the latest version of their flagship product Synergy. The product offers ColdFusion developers a "sophisticated framework to rapidly build secure web-based work environments." New features of version 2.0 include support of LDAP and NT Domain directories, enhanced reporting features and improved role and group management features for administrators.

http://businesswire.com/hightechlink

[Top]

CNET HomeSite 4.5 Tour Highlights Time-Saving Features

Look here for a rundown of HomeSite 4.5 features that, when used in combination, can save you time and effort:

CNET HomeSite 4.5 Tour

[Top]

Tech and Tags

What's New in the Tag Gallery

GSTracker
Monitors traffic to your web site. Generates text and graphical reports. These reports compare traffic with previous time periods.
CF_Secure 1.0.1
The best solution for login process and securing CFM templates. Managing everything in just one tag.
Digits to Hex
Converts an integer with value 0 - (2^31) - 1 to its equivalent hexadecimal string. Allows you to name the return variable.
CheckWriter
CFX_J tag that converts dollar amounts to English text. Accepts amounts between 0 and 999999999999999.99 . Amounts < 0 return -1. Syntax errors submitted to tag return -2.
Virtual Office
Functions: * BBS * Announcement System * Messaging System * Web FTP * User Profile System * Group Calendar * Internet Search * Project Manager * Web browser-based page builder
Internet Calendar Server V2.0
Multilingual, easily configurable, fully searchable events Calendar with support for unlimited categories as well as "Private" and "My Calendar" categories.
MSExcel Payment Function
This function is the Microsoft Payment Function in Excel. The output is the payment for per period.
CF_GlossarizeText
Make a glossary for your site. This tag replaces terms specified with a unique wrapper you choose with a JavaScript-enabled anchor tag.
CFX_PullPage
CFX_PullPage allows you to pull a remote page into the calling ColdFusion template and display it as if it resided locally.
Modified IEEditor and ImgSel
A modified version of HTMLEditor along with a script to repair problems with uploading images to the DHTML editor.
Regional date and time
This tag returns regional date and time in a datetime variable, no matter which part of the world you have hosted your site.

[Top]

ACCESS DENIED Error When Writing to File-Based Database (Access, FoxPro, etc) That ColdFusion is Accessing

Problem: You get an 'access denied' error when writing to a file-based database (Access, Foxpro, etc) that ColdFusion is accessing via a Datasource.

Solution: A workaround is posted on the Allaire site.

For more information, visit http://www.allaire.com/handlers/index.cfm?ID=14275.

[Top]

Cybercash Action='Batch-Commit' Does Not Work As Expected

Problem: An attempt to use the Cybercash tag with action="batch-commit" results in this error message:

Solution: Download the new Cybercash.DLL, available on the Allaire Site. For more information, and the download, see Article 14246.

[Top]

String Data Right Truncation Error When Submitting a Form

This article looks at the problem of truncated string data during submission of a form to a ColdFusion action page.

http://www.allaire.com/handlers/index.cfm?ID=14205

[Top]

Spectra Starter Series

Robert Crooks, an Allaire Spectra instructor, offers some basic insights into Spectra development with "Getting Started with Allaire Spectra," a new Allaire article. It covers the COAPI and the Webtop, content object creation, and object invocation.

http://www.allaire.com/coldfusion.cfm?web_ID=1070

[Top]

Transforming XML to Application Data Using WDDX

The Allaire Developers site offers an introduction to XML, providing an example of transforming XML data to application data using WDDX.

XML Introductory Article

[Top]

A Hands-On Servlet Tutorial

As part of the ongoing series of informative articles on the Allaire.com site, this tutorial looks at Java servlets, as served from a browser or from a CFML page.

Servlet Tutorial

[Top]

Cryptography Basics

The Allaire Developers site offers this basic primer in cryptography, with special attention to the Encrypt and Decrypt functions, the ToBase64 function, and the Hash function. The article examines the algorithms used by each function and explains how to use them.

Cryptography Basics

[Top]

Ejipt 1.2: Installation Instructions and FAQ

Allaire has posted these helpful articles for those wishing to get started with Ejipt: Installation Instructions For Windows
Installation Instructions For Solaris
Installation Instructions For Linux
Allaire Article 14270: Ejipt: Setting the Class Path
Ejipt FAQ

[Top]

Allaire Helps Siemens AG Group Synchronize the Munich Field Group

This case study looks at how ColdFusion is helping this major telecommunications service provider give its field personnel what they need to do their jobs right.

Allaire Article: Case Study

[Top]

Allaire Tallies Popularity of Offerings on Developers' Exchange

This new on-line chart from Allaire shows the 50 most requested downloads on the Developers' Exchange, and the most recent additions to the exchange in order of popularity.

http://www.allaire.com/coldfusion.cfm?web_ID=1086

[Top]

Reviews

Book Review: Applied Cryptography: Protocols, Algorithms, and Source Code in C

Applied Cryptography : Protocols, Algorithms, and Source Code in C Author: Bruce Schneier
Review by Michael Dinowitz

Let me start by saying that I don't know a whole lot about cryptography. Originally, I didn't know anything, but once I started reading this book (I'm still not finished) I learned a lot. To be totally honest, I learned a lot on the first few pages. Bruce Schneier is one of those masters of their fields that can take a concept, lay it out for you and have you smack yourself because it looks so simple.

The spice of this book is that it goes over almost every crypto-system that's in use and explains where each one came from and what it does. Want to know how the Hash() function works? It's in there. Want to know what's behind CFEncode.exe (CFEncrypt.exe in version 4.01 and earlier)? It's in there (under DES). Want to write your own crypto extension in ColdFusion? This is a great starting point. Even if you just want to get a little more esoteric knowledge, this is a great book to have and read. I even gave a copy to Rain.Forrest.Puppy as a gift. :)

Applied Cryptography : Protocols, Algorithms, and Source Code in C

[Top]

Techniques

Crypto in ColdFusion

by Michael Dinowitz

I want to start this article with a word of thanks to Allaire. After writing this article a few months back, I told them about it during a conversation concerning functions. They mentioned that they would show it to their new documentation team. I didn't hear back from them, but last week found a great article on both crypto and the Hash function (Dec. 27, 1999 - Jan. 2, 2000 issue of FA). This article was great. The new documentation team really knows what they're doing and I'm impressed. The only thing they missed was the CFusion_Encrypt() and CFusion_Decrypt() functions. For that reason, I'm reposting my article with both more information and a better layout. Between this article and Allaire's, you should know a lot about how encryption is handled in ColdFusion.

A distinct difference exists between CF 4.0.x and 4.5 when it comes to cryptography (crypto) functions. Before we go into the specifics, lets examine the two types of crypto functions that exist and how they're used. The first set of crypto functions in ColdFusion are the older, but hidden CFusion_Encrypt()/CFusion_Decrypt(). These functions are used in the CFAdmin and they've been in existence since CF 3.0. The 'official' functions used in the general program are Encrypt()/Decrypt() , which have existed since CF 4.0.

CFusion_Encrypt()/CFusion_Decrypt()

Personally, I believe that these are the best of the encryption functions. The result is a long string of numbers twice the length of the original string. It's clean, efficient and easy to store. The only downside is that it's easier to crack with the right information. Rather than go into how to crack an encrypted block or how it's encrypted, I'm going to point you to the book review for Applied Cryptography in the review section of this issue.

A small disclaimer here. These functions are 'administrative' in ColdFusion and are not documented anywhere other than here. Allaire does not suggest using them and offers no support for their use.

Encrypt()/Decrypt()

These are the 'standard' crypto functions in ColdFusion. Where the above CFusion_Encrypt() function returns a string of a rather set length and composed only of numbers, the Encrypt() function returns a string of varying length and of varying characters. This is a strength and a weakness. Having more 'randomness' thrown in results in a stronger encrypted value. Unfortunately, the characters that can be returned may result in errors in a developer's code. Characters such as single quotes ('), spaces ( ) and pound signs (#) can cause problems in saving the values, outputting them, and even in some cases decrypting them. The reason for this is a mystery to me at the moment, but it is one I'll mention to Allaire.

Another issue with these functions is more of a version issue. In versions of ColdFusion before 4.5, extra characters were added to the encrypted value. These characters were removed when the decrypt() function was used, but the storage and comparison of these values were a problem. The 'extra' characters were one of four different sets of three characters each. If we assume an Encrypt() function that simply encrypts a single character, the following 4 results may be expected. The first 2 characters are the actual encrypted character while the last three are the 'extras': 

!4'X[ 
!4,LY 
!4$X$ 
!4.D@
This is a problem when comparing encrypted strings. The same source string may not encrypt to the same result.

Which to use

Once you know the differences between the two groups of functions, you can decide which to use. I prefer the CFusion version of the functions, as I can always depend on the values being returned. The choice is expanded when you think of using the Hash() function as well. What to use all depends on the application you're writing and your personal preference. The only thing I ask is for you to know all the crypto options around.

CFusion_Decrypt

 (String, Key)

String

 (Required; accepts: String) String to be decrypted.

Key

 (Required; accepts: String) Key used to decrypt the String.
This function will take a string that has been encrypted with CFusion_Encrypt() and decrypt it using the key. This function will only decrypt strings that have first been encrypted by CFusion_Encrypt(). 
<CFSET Test1=CFusion_Decrypt('154507110711', 'test')>

<CFOUTPUT>
|#Test1#|<BR>
</CFOUTPUT>
Results:
|a test|
Data Type:
Category:
Version:
Related Functions:
String
Crypto
3.0
CFusion_Encrypt(), Decrypt()

CFusion_Encrypt

 (String, Key)

String

 (Required; accepts: String) String to be encrypted.

Key

 (Required; accepts: String) Encryption key used to encrypt the String.
This function will take a string and encrypt it using the key. This will result in a numeric string that will be twice the length of the source string. This process can be reversed using the CFusion_Decrypt() function. 
<CFSET Test1=CFusion_Encrypt('a test', 'test')>

<CFOUTPUT>
|#Test1#|<BR>
</CFOUTPUT>
Results:
|154507110711|
Data Type:
Category:
Version:
Related Functions:
String
Crypto
3.0
CFusion_Decrypt(), Encrypt()

Decrypt

 (String, Key)

String

 (Required; accepts: String) String to be decrypted.

Key

 (Required; accepts: String) Key used to decrypt the String.
This function will take a string that has been encrypted with Encrypt() and decrypt it using the key. This function will only decrypt strings that have first been encrypted by Encrypt(). If you look below to the encrypt function, you'll see that the result of the encryption is a string that contains a space as well as a single quote. This causes a problem with the decrypt in some cases. For this reason, the example will include the Encrypt() function to set the string as well as the Decrypt() function to decrypt it. 
<CFSET String=Encrypt('a test', 'test')>
<CFSET Test1=Decrypt(string, 'test')>

<CFOUTPUT>
|#Test1#|<BR>
</CFOUTPUT>
Results:
|a test|
Data Type:
Category:
Version:
Related Functions:
String
Crypto
4.0
Encrypt, CFusion_Decrypt

Encrypt

 (String, Key)

String

 (Required; accepts: String) String to be encrypted.

Key

 (Required; accepts: String) Encryption key used to encrypt the String.
This function will take a string and encrypt it using the key. This will result in a numeric string that will be twice the length of the source string. This process can be reversed using the Decrypt() function. Note that the results of this function will differ based on the version of ColdFusion you are using. Versions of ColdFusion earlier than 4.5 added one of 4 different sets of 3 characters to the end of an encrypted string. The 4 sets were: 
'X[ 
,LY 
$X$ 
.D@
This behavior was removed in ColdFusion 4.5. The string that results from this function will be between 1.5 and 2.5 times the length of the original string. In addition, result string can contain special characters including spaces ( ), single quotes (') and pound signs(#), all of which can cause problems in many cases. 
<CFSET Test1=Encrypt('a test', 'test')>

<CFOUTPUT>
|#Test1#|<BR>
</CFOUTPUT>
Results:
|&<$R9K&V' |
Data Type:
Category:
Version:
Related Functions:
String
Crypto
4.0
Decrypt(), CFusion_Encrypt()

[Top]

This is an opt-in magazine. To join, leave or change subscription mode, please visit the signup page. All content of this magazine is copyright Fusion Authority, Inc. It may not be reproduced without permission.