A brief hiatus today from from the PCI Compliance series to issue a quick public service announcement. I was installing my free copy of SeeFusion today that I netted in the recent give-away WebApper had. Since the target machine was CF7 on a OpenSuse Linux with the JVM upgraded to 1.4.2_11, it was a "manual" install. Pretty easy-- copy a few jar files and edit a few configs. The problem was, SeeFusion wasn't able to connect to my debugging port to capture stack traces and I couldn't figure out why.

[More]

As a web developer you have your share of demons you have to face. If your company processes credit cards, chances are your yearly PCI DSS compliance scan is one of those demons. I thought I would do a short series on a few security items I tightened down as a result of our last PCI scan. This is by no means a comprehensive list of everything needed to pass a PCI scan. If you want to know that and have time to read a 74 page PDF you can get a copy of the Spec at www.pcisecuritystandards.org.

[More]

I jogged down the stairs, one arm over my head, as I pulled my coat on a sleeve at a time. Fishing the car keys out of my pocket with one hand, I leaned over my computer to tap in my E-mail password with the other. "Wow, 41 unread messages in the CF-Talk folder," I thought. "There must be a hot new topic on the list today." With a click I watched the new thread flow in.

"Why i fear ColdFusion is on its last legs"

"Oh Geez," I sighed, "Please not with this again!" There wasn't time to read all that right then. I'd have to catch up on this one later in the day when my absorption rate was higher.

[More]

I found an interesting little bug in the BlogCFC implementation of ColdFISH today. ColdFISH is a ColdFusion code formatting component that is instantiated once and cached as a singleton in the application scope in BlogCFC. The problem is, ColdFISH looks like it wasn't intended to be used as a singleton. It makes use of the variables scope to store the Java StringBuffer class it uses to gather up your formatted code as well as a number of other variables used to parse the code it is formatting. This means when two or more people hit a BlogCFC entry with larger code samples, race conditions exists.

[More]

Our friends at Webapper are giving away free copies of SeeFusion (an awesome ColdFusion server monitoring tool) to the first 100 200 people to take their survey on ColdFusion consulting. Go check out here:

http://www.webapper.com/blog/index.php/2009/11/25/coldfusion-survey/

UPDATE: Webapper is now going to give away SeeFusion to the first 200 people to take their survey. Can't beat that!

Well, now that ColdFusion 9 is officially out the door (it's still hard to believe), have you thought about what you want to ask Santa for CF10? We're going to double digits, baby-- so it'd better be good! Yeah, I know-- who do I think I am? Honestly, I still feel like a kid after Christmas with enough new toys to keep me busy for a while. Even so, I can't help but wonder what's in store. Once again, I have found clues in Adobe's own words via the latest version of the ColdFusion Evangelism Kit.

[More]

Tags like CFHTMLHead, CFAjaxProxy, and CFAjaxImport don't output their content into the regular ColdFusion output buffer. Instead they put their contents into a special header buffer which is dumped into the beginning of the output right before the request is sent back to the client. But what if you want control over where their output goes? CFSaveContent doesn't work on these bad boys. And even worse, <cfcontent reset="yes"> doesn't get rid of their output. The other day I got bit when trying to return the HTML of a rendered view via a proxy in ColdBox as a JSON string. The JavaScript output of the CFAjaxProxy tag was being appended to the beginning of the response and causing the result to not be valid JSON.

[More]

I've never kept too quiet about my affection for SeeFusion as a ColdFusion monitoring tool. I use it for debugging, performance monitoring, and basic metrics gathering. Here's an old note on the JDBC URL wrappers that I found myself digging up last week. I don't even think you can find this nugget on the official SeeFusion site.

[More]

I think the bane of development planning can be those conversations where you personify your framework and start debating about what a service should "know", whose "job" a particular operation is, or what the handler should "care" about. This is one of those sort of questions, but I'll keep it brief since I'm more interested in your opinions than my ramblings.

[More]