You are here: Home > CFML
Tag Archives: CFML

The OpenBD release wrapup

by on December 9, 2008 in CFML, Razuna

So, after 6 month of hard work (but it was always fun), the OpenBD team released Version 1.0 of OpenBD. Actually, it should have been labeled as Version 10, instead of 1.0, but the team wanted to make it clear that this is a fresh start, a new beginning, a “Yes, we can” statement to the CFML community.

For all those who always wanted a free and open source solution for their CFML deployment, there isn’t really any excuse anymore to not just download OpenBD and take it for a drive. You will see, that your code will run with almost no modification. There are a couple of very neat features built in. The OpenBD Blog has already covered this in length, so I am just pointing out the really cool ones here:

Amazon Services in CFML code
Are you working with any Amazon Services (AWS) like S3 or SimpleDB? If not, you really should, because it was never so cheap and easy to store files and/or store records in the cloud. Now, within OpenBD (and because we are “Cloud freaks”) and we like to “eat our own dog food” we made it very easy to work with S3 and SimpleDB in CFML.

For example to store a file in S3 you issue 2 lines of code like;

imgFile = FileReadBinary(‘e:\\tmp\\22.jpg’);
FileWrite(‘s3://[accesskey]@[secret]/mybucket/22.jpg’, imgFile );

That’s it, nothing else. Really cool.

MemCache
If you are in the business of scalability you will love that OpenBD supports the popular MemCache module. Scaling out to many requests and setting this up is now no $9000 business anymore and right here, right now for you to use.

Admin Console
All right, true, this is not a feature per se. Some have even argued that a CFML server without an Admin console is not even worth looking at (guys you never worked with Linux, right and then probably only in Gnome…). So for all those people and also for those that like to work with config files and don’t need a GUI for it, you will be happy to see that Matt Woodward has put in a lot of work and energy to create a Admin Console for OpenBD (It comes bundled with the OpenBD download).

I have to say that I love it. It simple works, does what you expect from it and you won’t have to restart OpenBD anymore after any changes. Matt has many more ideas for the Admin console and I have to say that I am impressed and look so much forward to the future.

More about the new tags and the rest of OpenBD features can be found at the OpenBD Wiki.

But apart from all features you know what gets me more excited with the whole OpenBD Open Source project? The incredible support that you receive from the OpenBD team (no, not me and I am not talking about or praising myself), I mean the great (and FAST support) you will get on the OpenBD public talklist. You support a bug or request to the team and mostly within hours you will get a reply form the core developers or from any member of the team. If it is really a bug, the core team will mostly fix it within 24 hours.

If you have a project or a solution and you always wanted to open source it but could not do so because your main engine (CFML that is, what else?) whas not open sourced you have no excuse anymore then to download OpenBD now and start building that next cool web application. Just as we have done with our very own open source Digital Asset Management Razuna; all build with OpenBD!

Comments { 19 }

Infoweek security issues

by on September 23, 2008 in Uncategorized

Today, while I was surfing the website of InfoWeek, a leading IT magazines in Switzerland, in order to change my email subscription I was granted with the following error message:

At first I am happy to see that they are using CFML as their choice of deplyoment, but when looking at the above code I saw some poor coding techniques at work.

First off, one should never use the “*” for getting back all the columns of the database. This is slowing the database server down and is a poor man coding style. In todays tool environment there is no excuse for using the “*” anymore (I am talking for production use here).

The next thing is that the variable “MailAdress” is not scoped and far worse is subject to the famous SQL Injection, because the developers neglected the <cfqueryparam> tag. Sure enough, I was able to log in to my account with adding the variable to the URL. If I wanted to, I could even see and alter some other email addresses.

The solution to the above is so simply, one wonders why developers still chose to neglect it. With a simple;

<cfqueryparam cfsqltype=”cf_sql_varchar” value=”#post.MailAdress#”>

the variable is scoped and secured against SQL Injection code at the same time.

As long as I see applications like this on the web (believe me I see a couple of these things in a week) I am sure my company has enough to do :-) …..and yes I did call them and told them the error, but it looks like they are not in a hurry to fix it.

Comments { 47 }

Test the OpenBD Installer

by on September 19, 2008 in CFML

Jordan Michaels, a OpenBD Steering Committee member, is inviting everyone to test out the OpenBD installer he has made. To quote him;

Many many folks have been asking for a setup that’s very similar to how CF7/CF8/BDJX are set up in that the J2EE engine is “in the background” and Apache simply processes site CFM files. This installer is hopefully a step in that direction.

For anyone who’s interested in this, I’ve got a “alpha” version of a CentOS5/RHEL5 installer here:

http://clubwheat.viviotech.net/openbd_rhel5.sh

This installer sets up isolated instances of Sun’s JRE, OpenBD, and Tomcat, specifically for the purpose of processing CFML templates.

It is meant to be run from the command-line as the root user. So…

# sh openbd_rhel5.sh

This set up configures tomcat to make OpenBD the default processor for all CFML files regardless of their host name or what directory they originate from.

There is one caveat, you will need to update the “[OpenBD InstallDir]/tomcat/server.xml” file with a new “<Host>” entry for each web site that you have listed as an Apache VirtualHost. I am in the process of writing up some documentation that will explain this in great detail, but for now, a simple host entry with just the site URL (IE:www.mysite.com) and the directory that files are coming from is all the tomcat <Host> entry will need.

I will be writing documentation, and updating the installer to be more multi-system compatible as time allows. Please let me know your experiences, and (if you dare) feel free to offer patches!

With this setup, Jordan made it possible that there is no need for a individual “bluedragon” and “WEB-INF” directory for each web application. Be sure to join the OpenBD-Discussion group and give Jordan as much feedback as possible.

Comments { 6 }

SixSigns redesign and a new open source project coming

by on September 1, 2008 in Uncategorized

We just finished a small redesign of our company website over at http://www.sixsigns.com. The new design shows upfront the projects we engage in, of course most prominent we feature Razuna, our open source digital asset management system and our other projects.

Speaking of projects, we will shortly announce a new open source projects. We are not there to announce it just yet, but wanted to let the community know that there will be a additional open source project to the growing numbers of open source applications on CFML. We will keep you posted on the project as soon as possible.

Comments { 14 }
Older posts
Newer posts