Coder's Revolution

Do you want a revolution?

Category Filtering: 'CF'

My First Experience With DataBoss Dynamic ORM Administrator

ColdBox, ColdFusion, ColdFusion Builder, ORM

With the release of DataBoss 1.3 today, I thought I'd share a quick story about my recent first project diving into DataBoss.  Full disclosure: DataBoss is a commercial product and I work for the company that makes it.  None the less, I thought it was pretty freaking useful so I thought I'd throw out this quick post.

For those of you who don't know what the heck DataBoss is-- it's a Dynamic ORM Administrator.  Basically, it can scaffold out CRUD (Create, Read, Update, Delete) screens for pretty much any database structure and it's all based on ColdFusion ORM.  It runs on Adobe ColdFusion as well as Railo and the minimum to get it running is to create ORM entity CFCs, drop them in your models folder and reload ORM via the interface.  It will pick up your entities, read all the relationships, and create all the screens necessary to manage the data in your database complete with formatting, validation, rich text editors, date dropdowns, etc.

So, the recent project I got assigned was for a company that does development services.  They had a project they had been working on for one of their clients that involved a nicely-normalized database of about 20 tables that supported a multi-lingual ordering and reservation system.  They had the front end system built out with ColdFusion but the problem was the deadline was getting very close and they weren't going to have to time build the backend of the system that allowed all the products, descriptions, and companies to be configured.  They needed to have a backend over to their client in a matter of days to start entering data, but there simply wasn't enough time to build one from scratch.

Enter DataBoss.  I was tasked with setting up a data-entry app they could use to manage their database until they had time to finish the backend.  The database that had already been built was well-structured and contained many examples of one-to-many, many-to-one, and many-to-many relationships.  I was given a backup of the data structure and a diagram that showed all the foreign key relationships.  Using Adobe's CFC Generator for ColdFusion Builder, I selected the tables via the RDS datasource view and stubbed out all the ORM entities in script.  Don't try to use the CF Builder plugin to create relationships.  It's horrible and you'll be sorry.  For just stubbing out the entities and the properties, it's pretty good though and saves a lot of time.

DataBoss is packaged as a portable ColdBox module which means you can drop it into an existing ColdBox app, or just deploy it as a small standalone app.  I chose the latter and dropped my ORM entities in the /model folder.  After adding my datasource name to Application.cfc and changing dbCreate to "none" the app sprang to life and displayed a list of all my entities in a drop down.  There's settings in a JSON file to control pagination as well as the internationalization of the DataBoss app itself.  DataBoss already comes bundled with German translations which was nice since this project was for a German company.  

At this point, I went through and configured all the relationships and added metadata to each entity and property that controlled how it displayed on the screen, what kind of validation it applied, and what form controls to display for each field.  After a bit of tweaking, we had really nice CRUD screens fleshed out that even used 24-hour clock and dd/mm/yyyy date formats to match the local standard.  I enabled the Basic HTTP Auth built into DataBoss, and it was ready to deploy publicly!  All in all, we had the entire admin finished and ready to deliver to the customer in just a few days.

I was pretty pleased with how easy it was to get working, and was a major saver for them to get the edit screens to their customer in time.  And now, they can use those ORM entities for future development on the application.  DataBoss Standalone is only 99 bucks which isn't bad considering the time it can save you.  Think about using it for that old legacy database you have no edit screens for, or to help you create your next database.  You can also download a trial to play around if you want.

Product Site:



Modern JVM Languages and ColdFusion Venn Diagram



Mainstream News About ColdFusion Venn Diagram

ColdFusion, Security


Know Python? Help ColdFusion Get Proper Script Highlighting On GitHub

ColdFusion, General, GitHub

It's bothered me for a while, that GitHub and Gist don't have proper syntax highlighting for full-script CFCs like this one.  

They handle tags fine, and even do script inside of a <cfscript> tag, but just leave full script components as black text all the way down the page.

 ColdFusion has allowed all-script components since version 9 which was released 5 years ago.  I always just assumed that GitHub was aware of the problem and someone somewhere was hard at work resolving it.  Silly Me.

GitHub uses this Ruby library to determine what language a while is written in:

Which in turn uses this Ruby wrapper to spin up the syntax highlighter:

But that library is just a proxy to this Python library that actually does the color coding:

It looks like there's already a ticket from 2012 to add support and Ben Riordan took a whack at it last year with no luck.  So I've forked the Pygments library, but know nothing of Python so I'm asking anyone who does to help me get this figured out.  Since script already works inside <cfscript> tags, it sounds like all the pieces are there-- we just need to properly identify script components and use the correct highlighter for them. Comment here or shoot me an E-mail if you'd like to help!


Who's Had More Vulns- PHP, Java, or ColdFusion?

ColdFusion, General, Security, Technology

I get tired of people on complaining about ColdFusion as a technology choice because it's "so insecure".   I regularly am told that it has more holes, more vulnerabilities, and a worse track record than other platforms. That's why I compiled this quick chart showing the number of Common Vulnerabilities and Exposures (CVE) by year for CF as well as PHP and Java (as reported by which are two of the most-used languages on the web.  I also threw in Apache Tomcat for comparison since it completes in the web space and CF10 actually runs on a version of it.


Click to enlarge

So to break this down, the red line riding out on top with a huge spike in 2007, that's PHP.  The purple line coming out of the backfield for a solid lead (?) at the end is Java.  The yellow line is Tomcat who still manages 10-15 vulns a year (and the only one to go LOWER than CF.  And that green line on the bottom with the lowest number of vulns every year, and nothing even reported until 2006- that would be CF.

So, sure-- there's a lot more info than just the counts on the chart.  My point also isn't that PHP or Java are bad-- I'm just trying to make the point that oft-used technologies are targeted by crackers and nobody is perfect.  And according to this data, CF is doing way better than several of the main techs out there.  It should also be noted that CF, Java, and PHP were all created the same year-- 1995, so don't give me any of this "old" crap either.  (Tomcat was created in 1999)




CFML, Meet For Live Code Sharing

ColdBox, ColdFusion, GitHub, Railo, Runnable

You may have seen be tweeting about this week.  I've spent a decent amount of time figuring out how their platform works and getting CFML (Railo) running on it.  Basically, is,, and all mashed up and super cool.  In short, the platform lets developers post any code samples they want for any database/language/framework up on the Internet so other developers can come along and not only read their code, but run it right there in the browser.  It doesn't stop there, other developers and fiddle with the original code and run the new version right there on the site to figure out how it works.  

It's all possible with, a cool virtualization platform I just learned about, and Runnable has the whole thing running on top of Amazons EC2.  Basically, each code sample is an entire Linux VM with whatever installed on it that the publisher wanted to set up.  The template of this VM is stored and every time a visitor comes to the site and wants to check out that code sample, a dedicated VM is spun up in seconds just for that user. allows them to simultaneously service hundreds of users because it shares overlapping resources between the VMs so they're very lightweight and come online in seconds.

And since each user gets their own isolated playground, there's no sandbox security to worry about.  In fact, each code page has an emulated bash shell with root privileges at the bottom of the page!  Any local changes made by the visitors of the site, are discarded after they close their browser and the session times out.  The code samples aren't limited to a single file of code-- publishers can create tutorials to demo entire frameworks, with multiple files. Need a database?  Install one.  Need Tomcat? Install it.

So, speaking of Tomcat-- this is where ColdFusion comes in.  Runnable's Twitter account popped into a recent conversation and urged us to get CFML setup, so i took the task and ran with it.  Due to some issue with the Railo installer which they're looking at, I installed Tomcat 7 with apt-get and deployed Railo 4.1 as a WAR file in the root context.  The Runnable guys were super helpful.  They exchanged several E-mails with me and even chatted on Skype for an hour last week answering questions, tweaking my setup, and writing down suggestions.  

I published a proof-of-concept Runnable called CFML Templating With Tags and then a more involved followup called Use WireBox To Create Objects In ColdBox.  I've also created a new GitHub organization called cf-runnable to store all my tutorials.  Feel free to send me pull requests, or ask to collaborate and store your CFML runnables there as well.  Now, what's really, REALLY cool about Runnable is anyone can clone one of my tutorials, make it their own, and re-publish it under their name.  That means no one else has to reinvent the wheel to start putting cool code up on Runnable-- I've already figured a lot of it out and you can springboard off of what I've done, or dive in fresh yourself.

So this is the intro to a blog series I'm going to do how how I got Runnable working with CFML, what little speedbumps I've hit, and how I've been integrating with GitHub to version and host my code.  I have a lot of ideas for Runnable- both improvements for them (like beefier descriptions, and embeddable runnables) and ColdBox-themed tutorials I want to create to let people play around with simple examples and how-to's.  Stay tuned!


Coder's Revolution Is Now Running ContentBox CMS

ColdBox, ColdFusion, ContentBox, General

I am proud to have finally brought my blog into the new age my converting from BlogCFC which served me well for many years to ContentBox Modular CMS.  Other than a few case-sensitivity glitches moving my database from a Windows backup to my Linux server, it went very well.  Contentbox has a built-in BlogCFC converter which is very nice and pulled across all my content, categories, comments, users, etc in just a minute or so.  I also wrote a simple open source module for ContentBox which will support the old BlogCFC-style links to entries, pages, and RSS feeds so old links will still work.  I am using Computer Know How's Bootswatch Theme.

 Both the URL compatibility module and the Bootswatch theme are available on ForgeBox and can be installed directly from the ContentBox admin with the click of a button.  This is part of why ContentBox is so advanced and extensible.  Hopefully I'll blog a bit more now that I've got all the new ContentBox features.  I know I still need to do some cleanup on the code formatting in some of my entries.  If you see any broken links for functionality, please let me know so I can take a look and fix it.


My cf.Objective() 2014 Submissions & VOTE!

CFObjective, ColdFusion, Railo
Everyone seemed to be tweeting out their cf.Objective() 2014 submissions today so I figured I would as well. However, not being able to fit much in 140 characters, I figured I would stick it in a quick blog entry. Firstly, I like the open voting format this year. it seemed to work well for CF Summit and I didn't hear a single complaint about the content there. After a slow start, I see a good number of additional topics have flowed into the board this last week or so. I've submitted 3 topics of my own for consideration on the cf.Objective() 2014 Trello board. They are thusly:

What do you want in ColdBox?

CacheBox, ColdBox, ColdFusion, LogBox, WireBox
Team ColdBox is working on putting together a list of features for our 4.0 release. Before we finalize anything, we'd like to hear from you. Please give us your wishlist for the ColdBox Platform and what you'd like to see us work on. There's always items like documentation and additional screen casts, etc but let's focus specifically on what development items we can do to make ColdBox faster, easier, smarter, and flexible for YOU. No suggestion is too big or small. ColdBox Platform
  • Core MVC
  • WireBox
  • LogBox
  • CacheBox
  • MockBox
I started a thread on the official ColdBox mailing list>, but I also want to open up comments for people not in the Google Group. Please leave a comment with your thoughts and suggestions.

CBDW Featured Session: MultiLingual (i18N) Solutions in ColdBox Platform

ColdBox, ColdBox Developer Week, ColdFusion
There's only 1 week left before ColdBox Developer Week and the featured session this week is "MultiLingual (i18N) Solutions in ColdBox Platform" by Oğuz Demirkapı on July 24th. Read more about this featured session on the ColdBox Blog.