Getting Support to Answer your Question the First Time

Posted on by
1

We’ve all been there, something has stumpped us or is simply out of our control and we need to contact support.  But how do you ensure that they will fix your problem or give you the correct answer with a bunch of back-and-forth, simple:

  1. When you email support, make sure you use a descriptive title.
    If I had a nickel for every email I’ve seen that simply has the title “Error” or “Help” I wouldn’t need to work anymore.  Make your title concise but descriptive for example: “ColdFusion Form Validation not Working”
    This gives technicians looking through their queues a good idea of what you need help with, giving you a higher chance of getting looked at first.
  2. Include any relevant information about your account (i.e. domain name, account numbers, etc)
    The idea here is to have the technician locate and identify your account as fast as possible.  Again, I’ve had to email a number of customers because I simply cannot locate there account with any of the information provided.
  3. Include as much information in your request as you can.  For example, sending in a DNS update is probably fine if you just put what DNS record and the new value.  But, something where you are getting errors, it helps to have the exact steps that got you to that error.  We do this everyday and have probably seen the same or similar message before and hopefully will be able to fix it fast if we know where to start.
  4. Be honest!  This last one is important, I once had a customer who accedentally ran rm -rf / on his Linux server, but canceled it very quickly when he realized what happend.  He was very upfront about what happened, and consequently, we were able to get things restored within an hour or so.  Whereas, if the customer had been evasive and just said “things are not working” who knows how long it could have taken to determine they deleted 1/4 of their file system.

ColdFusion Redirects

Posted on by
4

If you don’t have access to mod_rewrite or an isapi rewrite plugin, you may be forced to use some of the built in ColdFusion functions to force a redirect.  Today I had a customer who wanted to force all traffic through the www. portion of their domain.  Examples of doing this are below:
Application.cfc
You’ll want to do this on your onRequestStart function so it gets checked on every page

<cfif CGI.SERVER_NAME eq "domain.com">
<cfoutput>
<cflocation url="http://www.#cgi.HTTP_HOST##cgi.PATH_INFO#"
statuscode="301"
addtoken="no">
</cfoutput>
</cfif>

The benefit of this method is that it should work equally well with subdomains and URL parameters attached.
Application.cfm
You can use the same thing as above in an Application.cfm file, just put it by the top so its processed first.

ColdFusion Duplicate Application Names

Posted on by
Reply

I had to help a customer today that was having an issue where variables he set in his application.cfm in a sub-folder were not being set.  This was causing all kinds of issues, like the wrong DSN being used which caused issues on database updates.  Turns out he had a similar application.cfm in his admin folder, so I checked that out.  What I found was that the admin one had a name of “SiteNameAdmin” but the secure folder (which was having issues) was simply “SiteName” the exact same as the root of his site.  So, I changed the name and voila it worked perfectly.
More Reading
Ray Camden has a great blog post about this same issue:
http://www.coldfusionjedi.com/index.cfm/2007/4/12/Duplicate-Application-name-issue

ColdFusion Template Cache

Posted on by
2

This may seem obvious, but I always struggle to find the location where the class files are created by ColdFusion’s template cache.

[cf_root]wwwrootWEB-INFcfclasses

One thing I noticed is when you click the “Clear Template Cache” button in the ColdFusion Administrator it does not remove these files, you should be able to delete them manually and have no problems.  Remember that in production environements where you won’t have many code updates, turn Trusted Cache on.  The benefit being that ColdFusion will no longer check if the template being requested has changed.  If you do make code changes, then you’d need to either manually clear the cache or restart ColdFusion to get the change picked up.
Additional Reading:
Tangling with the Template Cache

dotDefender

Posted on by
1

With this second round of SQL injections hitting CF sits hard, I thought it was time to try some application level filtering.  So one of my co-workers suggested dotDefender.  I have to say, even though I’m only using the 30-day trial edition, that it is indeed a nice application.  They have version that sit between either IIS or Apache and allow you to configure rules to prevent myriad of vunerabilites.  Here’s a quick list of the categories they have for rules:

  • Paranoid
  • Encoding
  • Buffer Overflow
  • SQL Injection
  • Cross-Site Scripting
  • Cookie Manipulation
  • Path Traversal
  • Probing
  • Remote Command Execution
  • Windows Directories and Files
  • XML Schema
  • XPath Injection
  • XPath Cross Site Scripting.

While I don’t have all that much traffic, in the few hours I’ve had it installed I’ve seen 14 blocks based on my rules setup.  I’m not sure on the pricing as you must request a quote, but its working so far.

MS SQL WHERE, GROUP BY and ORDER BY on Datetime

Posted on by
5

I decided to implement login tracking for one of the personal applications I’m developing. Getting each users login time stamp into the database is the easy part, however building graphs and reports is a bit more difficult. This has to do with the way MS SQL stores dates, they always have a time stamp. If you don’t specify one when you insert your date it will add 12:00:00 AM for you, so searching for dates like this is easy. However, my login tracking actually inserts the time of login as well.
So, I wanted to create a graph that showed me how many total users had logged in over the past week. So, I started with some code like this:

<cfquery name="Getlastseven" datasource="#request.dsn#">
select left(login_date, 11) as date2, count(*) as Totals
from loginhistory
Where Login_Date >= '#Date7#'
AND login_date < '#CurrDate1#'
group by left(login_date, 11)
order by left(login_date, 11)
</cfquery>

where Date7 is the current date minus seven days and currdate1 is the current date plus one (to account for the way SQL Server handles times that are close to the next day). However, this gave me dates arranged alphabetically, so August came before July, not what I wanted.
So, to fix, I broke it out into a main query:

<cfquery name="GetLast" datasource="#request.dsn#">
select convert(varchar,login_date,101) as date2
from loginhistory
Where Login_Date >= '#Date7#'
AND login_date < '#CurrDate1#'
order by convert(varchar,login_date,101) ASC
</cfquery>

and a query of queries

<cfquery name="CountLogins" dbtype="query">
Select date2, count(*) as Totals
From getlast
Group By date2
</cfquery>

which does exactly what I want and now my cfchart isn’t ordered all weird.

ColdFusion SQL Injections

Posted on by
Reply

This post may be a little late for those of you in the ColdFusion world who may be dealing with an ongoing SQL injection attack. Believe my, I’ve delt with plenty of them this week, working for one of the most popular ColdFusion hosts will do that and I’m getting tired of doing DB restores because people are still not using cfqueryparm. I won’t go into a big to-do on using it, but thought it would be nice to gather all the recent blog posts about the recent injection attacks on ColdFusion servers and have one place to link to them all. If I missed your post, sorry just going by what Google Reader found from ColdFusionBloggers and the individual blogs I’ve subscribed to. You may also want to check out the Portcullis application on RIAForge for site wide protection.

8/12/2008: I started this post almost a month ago, and it seems that Slashdot has finally picked up on the SQL injection attacks.
There you have it in no particular order. There are a few posts from the same blog and I may clean this up later to be sorted by blog and date, but its really late and its been a long week of cleaning up databases from coders who know just enough ColdFusion to be dangerous.
Last Updated: 10/20/2008 8:30 PM

Using ColdFusion Scheduled Tasks

Posted on by
2

Why Use Scheduled Tasks?
They why in scheduled tasks always comes from an application’s requirements. There will be something that is required to happen on a regular basis, whether generating and emailing a weekly report or connecting to a remote server nightly to download a data set. These kinds of tasks would be difficult without having a built in task scheduler, you’d probably have to write a batch script and schedule it with Windows or use a cron job on Linux otherwise.

Scheduling Through the ColdFusion Administrator

The ColdFusion Administrator provides a decent interface to create your scheduled tasks from, you can see an overview of the screen above. Below is an overview of what each option does:

  • Task Name: something to easily identify the scheduled task.
  • Duration: this allows you to set a start and end date for a task. All tasks require a start date, leaving the end date blank will allow your task to run forever (depending on the Frequency chosen).
  • Frequency: allows you to choose how often in your duration this task should run.
    • One-Time: pretty obvious, ColdFusion will only run your task once on the day and time provided.
    • Recurring: allows you to select daily, weekly, or monthly recurrence at a specific time.
    • Daily Every: if you need a task to run every hour or every five minutes, this is your ticket. NOTE: the Start Time is when during the day your want you task to begin and the end time is when you want it to stop. If you do not provide a stop time, the task will run from your start time until midnight. If you want something to run all day, set the start time to the first occourence after 12 am.
  • URL: the URL of the page you want run.
  • User Name: if your URL is protected with http authentication provide the user name here.
  • Password: if your URL is protected with http authentication provide the password for the user entered above.
  • Timeout (sec): this is a pretty powerful field, if you have some database updates that run each night, but you know they will take longer than your default page timeout, you can extend the timeout for this task by entering the override in seconds.
  • Proxy Server: used if you want this task to be run from another IP address that is running proxy software.
  • Publish: allows you to save any output from the task to a file.
  • File: if your checked Publish you’ll need to provide a file name to write to.
  • Resolve URL: this is related to the Publish option, if any links are created in the output document, you can have ColdFusion create absolute links so the file can be viewed offline and still link correctly.

That’s pretty much it for the Administrator screen, however here are some notes from LiveDocs on weekly and monthly scheduling (pretty powerful/smart stuff):

If you schedule a job to run monthly on any date in the range 28-31, the scheduler does the following:

    • If
      you schedule a monthly job to run on the last day of a month, the
      scheduled job will run on the last day of each month. For example, if
      you schedule a monthly job to start on January 31, it will run on
      January 31, February 28 or 29, March 31, April 30, and so on.
    • If you schedule a monthly job to run on the 29th or 30th
      of the month, the job will run on the specified day of each month for
      30 or 31-day months, and the last day of February. For example, if you
      schedule a monthly job to start on January 30, the job will run on
      January 30, February 28 or 29, March 30, April 30, and so on.

Using the cfschedule Tag
Some great news for everyone on a shared server, or who just doesn’t have access to the Administrator for some bureaucratic reasons you can use the cfschedule tag to do everything the Administrator can. Rather than recreate what LiveDocs already has, go give them a read and come back.
Ok, so how exactly do you use this tag. You would create a page that does one of the five actions available (delete, update, run, pause, resume). If you are creating a new task, you need to use the update action and run your page once. This will setup the initial task and you should be good from there on. Remember you are scheduling a URL, not specific code to run. I have seen some newer developers try to embed code between their cfschedule tags, this will never work.
There will be a follow-up post sometime this weekend with some examples of tasks to schedule and their corresponding cfschedule tags and what the ColdFusion Administrator looks like later.

Name Change

Posted on by
1

Since the original domain name (uglywhips.com) didn’t acurately reflect
the content of this page, I have registered a new domain
(cfexecute.com) and I am in the process of redirecting uglywhips.com in
a decent way for search engines. For the time being, both domains will
work, but uglywhips will eventually be directed either to a parking
page or nothing.

Flash Remoting Trip Up

Posted on by
Reply

I was helping a customer with a Flash Remoting problem where they were using the gateway provided by our ColdFusion server. What was happening is this customer was using NetServices.setDefaultGatewayUrl("http://www.customerdomain.com/flashservices/gateway"); as his gateway. He had noted that the remoting was working on 80% of people’s computers, well I could never get it working. That was until I threw the www. onto the URL of the site.
It turns out that the Flash gateway things of www and non-www as two separate domains, so if you’re using one or the other for a gateway make sure you have some way of forcing your users to the proper domain. Either with a redirect, or by hard coding a link in your site.