ColdFusion-Talk Roundup#6
by Kay Smoljak
Noteworthy threads from the famous ColdFusion-Talk (CF-Talk) List on House of Fusion for the Week of May 3 - 10, 2008
Creating asynchronous processes (May 4, 2008)
Richard White was wondering if an asynchronous call would be the best solution to avoid timeouts on a long-running, data-intensive process. Dave Watts explained how the CFTHREAD tag in ColdFusion 8 could create this process, or alternatively, that it could be done using an event gateway on ColdFusion 7 Enterprise, or a scheduled task on any previous version of ColdFusion.
CFSELECT validation (May 5, 2008)
Thread: Validation of a select Menu using <cfselect>
John Cowie was having trouble getting the validation method on a CFSELECT form element to fire. Philip Molaro suggested modifying the default JavaScript function to check not only that an option was selected, but that the selected option did not have a blank value. Heather Harkins showed a workaround that overwrote the default method, which could be used on shared hosting or by those who were otherwise unable to modify the built in JavaScript. Dave Watts pointed out that any developer, regardless of whether they have access to the CFIDE folder or not, can use the SCRIPTSRC attribute of CFFORM in order to specify an alternative location for the CFFORM JavaScript files, and implement Philip's suggestion.
Preventing URL tampering (May 6, 2008)
Thread: Preventing user from changing ID number in URL
Bruce Sorge was looking for a way to prevent users from changing the ID passed in the URL in order to view data they weren't authorized to see. A number of solutions were suggested, including Alan Rother's idea of using a UUID for the ID number to make it unlikely that the user would find another record simply by changing the ID. However as a number of ColdFusion-Talk subscribers pointed out, security by obscurity is not effective at all, and the only safe way to prevent a user from seeing another user's data is to check their login to ensure they have permission before loading any page.
Reading the end of a file (May 8, 2008)
Thread: ColdFusion 8: Reading a file from the end instead of the beginning?
Andy Matthews was looking for a quick way to parse the very last value in a log file. Kym Kovan suggested reading the lines into a list and using the list functions to access the last element. List subscriber "cfSearching"
provided a potential Java-based solution. Michael Dawson pointed out the TAIL command built into *nix and Windows-based operating systems to read from the end of files, showing that ColdFusion is not always the solution for every problem!
Cross-server sessions (May 8, 2008)
Thread: Session variables across servers
Scott Stewart was looking for a way to use a shared login for two separate web sites, on different servers, and was hoping that J2EE session variables would allow this. Brad Wood explained how this would be possible by using an identical CFAPPLICATION tag on both servers, and passing the CFID and CFTOKEN values between them. Dave Watts pointed out that cookies could not be shared between different domains, regardless of whether J2EE sessions were being used or not.
Reversing an array (May 8, 2008)
Thread: ColdFusion 8: Reversing arrays?
Andy Matthews was under the impression that in ColdFusion 6 and 7, it was possible to reverse an array using the Reverse() function. Dominic Watson and Adrian Lynch both confirmed that Andy was mistaken; the Reverse() function was only for strings. Barney Boisvert supplied a Java function which would reverse an array, and pointed out a sort function which might also be of interest.
Kay is an all-round web developer who has been developing with ColdFusion since 2000. She runs Clever Starfish with her partner Dave and several very demanding cats, and sits on the committee of the Australian Web Industry Association. She is a regular writer for Fusion Authority and the Fusion Authority Quarterly Update, and a ColdFusion blogger on Sitepoint.com.