Stillnet Studios

After installing Open Blue Dragon on Tomcat and hooking it up to Apache, I did some poking around and found I was able to pull up my bluedragon.xml configuration file directly in my browser. Now, this may not happen in all configurations (there are many ways to setup a J2EE web application), but it my case, running through Apache and having copied Blue Dragon’s WEB-INF directory to my webroot, I was able to browse this file. In case you didn’t know, all OpenBD’s settings are stored in a single xml file (which I find very convenient, by the way).

It didn’t work when going directly through Tomcat, i.e. browsing on port 8080 would not pull it up, I think Tomcat is smart enough to know not to serve files from the WEB-INF directory. But browsing through Apache on port 80 bypasses Tomcat for anything thats not a .cfm or .cfc file, so it would happily return the xml file. Datasource passwords are stored encrypted but the administrator password is clear text. Its easy to lock this down, just add this to your Apache config file:

<Location "/WEB-INF/">
deny from all
</Location>

A while back I had to implement a captcha on a client’s site. The site owner wanted a simple small captcha (that ruled out reCAPTCHA). We decided to try the new captcha features of ColdFusion8. What you may not realize is that the new captcha feature does not provide the whole captcha system, instead it merely can create captcha images. Its up to you how you implement your captcha system.

Before I get to far just let me state for the record that I hate captchas and will be happy when they are looked upon like we look at the <blink> tag now. So you don’t need to leave comments telling me how I shouldn’t be using a captcha in the first place. The client specifically wanted this feature at this point in time.

I’ve seen some approaches that place the clear text value of the captcha in a hidden field. Then when the form is submitted they compare that value against what the user had typed in. I don’t feel this way is very secure. It will stop simple bots, but you need to guard against more than just that. Sometimes spammers code their bots to work against a specific site. If they find your hidden clear text captcha value, they will easily grab it and use it to submit your form. If this is a simple contact form then you might not have much to worry about, but if its a “send to a friend” feature - watch out, those are high value targets.

Encrypting the hidden value doesn’t help much either. That adds one more step to what the spammer needs to do. They will have to manually read one of your captcha images - then they have the clear text and encrypted values to your captcha system. Now they can just submit that encrypted/plain text pair over and over again to your form.
Read the rest of this entry »

I came across a web hosting company that not only offers Railo 3.1 but has a free 60 day trial. So if you wanted to give Railo a whirl on something other than your own local machine, here is a simple way to do it. The free trial account comes with 100mb of space and 1GB of transfer, and a MySQL database so it seems pretty usable. You’ll have PHP and Ruby on Rails enabled in your account, too.

If you didn’t know, Railo has a separate Server administrator and one or more Web Administrators. This means Railo is ideally suited for CFML hosting since you get your very own administrator where you can setup datasources, mappings, etc.

The site is http://alurium.com

The Founder is Peter Amiri, here is his blog http://blog.amiri.net and on twitter: @peteramiri

Peter told me that you don’t need a credit card for the free trial, either.

If you’ve ran into this error when consuming a web service in Open BlueDragon, this may help you. Here is what my error looked like:
Read the rest of this entry »

When trying to create a Verity collection on a freshly setup ColdFusion8 installation today I received this error:

Unable to create collection MyCollection.
An error occurred while creating the collection: com.verity.api.administration.ConfigurationException: Failed to retrieve style path. (-6044)

Turns out the Verity installation did not complete correctly. I could tell by looking in the {cf-root}/verity/verity-install.log file. This problem is fixed by simply uninstalling and reinstalling verity.

In the {cf-root}/verity directory you’ll find a script named uninstall-verity.sh (on linux) or uninstall-verity.bat (on windows). Just run that and then run the install-verity.* file and you should be back in business.

I was installing ColdFusion 7.02 on a client’s CentOS 5.2 Linux server the other day and received an error when running the installer. Note that this OS is NOT supported by Adobe for this version of ColdFusion. This is a fairly old version of CF being installed on a pretty current version of CentOS. The error was:

[root@server tmp]# ./coldfusion-702-linux.bin
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
awk: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
dirname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/bin/ls: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory
basename: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
dirname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
basename: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
Launching installer
grep: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/tmp/install.dir.3348/Linux/resource/jre/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory

There is a hard coded value in the installer thats causing things to get messed up. Fixing this is fairly easy, you can modify the installer like this:

cp coldfusion-702-linux.bin coldfusion-702-linux.bin.backup
cat coldfusion-702-linux.bin.backup | sed "s/export LD_ASSUME/#xport LD_ASSUME/" > coldfusion-702-linux.bin

That comments out the offending line in all places in the installation script.

More discussion on this here:
http://www.billmitchell.org/coldfusion/centos5/mx7_apache.php
http://www.talkingtree.com/blog/index.cfm/2006/12/6/Running-ColdFusion-MX-7-on-Fedora-Core-6-Linux

You will probably run into more issues installing CF7 on this version of CentOS but it can be done. I also had to upgrade the connector to work with Apache 2.2 (when CF7 came out the connector was designed to run on Apache 2.0). The Adobe KB article that discusses this is here: http://kb.adobe.com/selfservice/viewContent.do?externalId=8001e97&sliceId=1. Their example didn’t quite work for me because its defaulting to the version of Java thats on your OS, which won’t work unless its a Sun 1.4.2x version. So I just used the JRE that is bundled with ColdFusion to install the new connector:

/opt/coldfusionmx7/runtime/jre/bin/java -Dtrace.ci=1 -jar ../../runtime/lib/wsconfig.jar \
        -server coldfusion \
    -ws apache \
        -dir /etc/httpd/conf \
        -bin /usr/sbin/httpd \
        -script /etc/rc.d/init.d/httpd \
        -coldfusion -v

I thought that was the last hurdle but when we tried to log in to the ColdFusion administrator we got an error about “The Graphing service is not available”. The message in the log file was “Unable to initialize Graphing service: java.lang.UnsatisfiedLinkError: /opt/coldfusionmx7/runtime/jre/lib/i386/libawt.so: libXp.so.6: cannot open shared object file: No such file or directory”. This was fixed by installing the libXp library:

yum install libXp

Sometimes when writing JavaScript I need to have something run as soon as the page has finished loading. This is usually done by placing a call to the function in the body’s onload attribute like:

<body onload="myFunc()">

But this is not always possible. For example by the time you get to your logic that decides it necessary to call a function onload, the header may have already been displayed by a cfinclude or by your framework.

You could use JavaScript to set the onload event, like

window.onload = myFunc;

But what if there was already something in the onload attribute of the body tag? The above code will reset whatever was there. But here is a nice snippet of code that will add functions to the onload event. I can’t take credit for it, and I don’t remember exactly where I found it but its been quite useful to me. It works in all the popular browsers.

function addLoadEvent(func) {
	var oldonload = window.onload;
	if (typeof window.onload != 'function') {
		window.onload = func;
	} else {
		window.onload = function() {
			if (oldonload) {
				oldonload();
			}
			func();
		}
	}
} 

Then you can add as many functions as you want to be called when the page loads. Note you do not use parenthesis when specifying the function names - you aren’t calling then, just referencing them.

addLoadEvent(myFunc);
addLoadEvent(myFunc2);
addLoadEvent(yetAnotherFunction);

If you ever need to access the document object inside one of your iframes, this nice snippet of code works out the cross browser issues and returns the document object.

<script language="JavaScript">
var myiframe = (document.getElementById('YourFrameID').contentWindow.document)
		? document.getElementById('YourFrameID').contentWindow.document
		: document.getElementById('YourFrameID');
</script>

Note that you can only do this if the iframe src is from the same domain as your main page. If you are loading up an iframe of yahoo.com on your whatever.com site, you won’t be able to access it with JavaScript.

Often when I’m doing this, I have the need to do something when the iframe finishes loading. I use this code to do that:
Read the rest of this entry »

If you’ve installed Railo or OpenBD on Tomcat on Windows, you may have run into an issue where the times are off by 30 minutes or more. This issue will crop up in the timestamps displayed in Tomcat log files, as well as in your ColdFusion date values. ( #now()# for example).

This was very odd to me, I’ve encountered issues where time is off by +/- 1 hour many times before, due to daylight savings or timezone values, but never have I seen it off by half an hour.

But dumping out GetTimeZoneInfo() definitely shows that it is a timezone issue. Here is the output of GetTimeZoneInfo() on BlueDragon:

You can see the UTC offset is 4 hours and 30 minutes. Which is not correct for me - I’m in Central timezone, and we are currently in daylight savings, so my offset should be -5 hours. Hence my times being off by +30 minutes. BlueDragon isn’t showing us which timezone it actually thinks we are in, but we can get that by reaching down into Java:

<cfset tzobj = CreateObject("java","java.util.TimeZone")>
I think I am in this timezone: #tzobj.getDefault().getID()#

This displays: I think I am in this timezone: America/Caracas

A quick Google search shows me that America/Caracas does indeed have a -4:30 GMT offset. I had forgotten that not all locations have an offset of whole hours, some do include a 30 minute offset (it would be confusing to live there!)

Here is the output from GetTimeZoneInfo() on Railo:

The Railo output includes the timezone name, and we can see Railo thinks its in the America/Caracas timezone, too. So this tells me its definitely a Tomcat/JVM issue, and not just an issue with BlueDragon.

Google tells me there are several issues that can cause Java to not be able to correctly detect the timezone of the system its running on. None of them look like they have an easy fix. It is odd that the JVM got set to America/Caracas. Its supposed to set itself to GMT if it can’t detect the timezone. If someone has some more insight into this I’d like to hear it.
Read the rest of this entry »

The other day I had a need to be creating dates in a SQL Server SQL statement, made from a few different text fields. I could not find a function to create a date from these, so I wrote one (with the help of our in house SQL guru).
Read the rest of this entry »