Upcoming CFML Conferences in April 2017

coldfusion I will be speaking at two conferences this month.

The conference is the Adobe CFSummit East also known as the Adobe ColdFusion Government Summit. It will be held on April 18-19, 2017 in Washington DC.

This entry was:

CFSummit 2016 Slides

coldfusion Here are my slides from the Adobe ColdFusion Summit 2016 conference in Las Vegas:

Bulletproof Your ColdFusion Server With The Lockdown Guide - this presentation was an overview of the ColdFusion Lockdown guide and gives some insights and tips.

This entry was:

Scope Injection in CFML

coldfusion Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it. Since it doesn't really have a name, I call it Scope Injection, you'll see why in a minute.

This entry was:

CFDocs site now Open Source

coldfusion You may be aware that I've run a site for quick access to the CFML documentation since 2004 called cfdocs.org. My goal for this site has always been to get to the documentation you need as fast as possible.

This entry was:

Getting Size of Heap and Non Heap Memory in CFML

coldfusion java I was helping out a member of my CFUG with some questions about the JVM, and I wanted to point him to a way to see how big his PermGen is at runtime.

This entry was:

Announcing CFML Weekly Email

coldfusion I'm a huge fan of the weekly email newsletters: JavaScript Weekly and HTML5 Weekly from Peter Cooper. Keeping up with technology via blogs, twitter, etc is difficult to do, so getting sent an email summary of important or interesting things saves me a lot of time.

This entry was:

Client Variable Cookie CFGLOBALS Includes Session Ids

coldfusion I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie.

This entry was:

Maximum Security CFML - cfObjective Slides

coldfusion What a great conference cf.Objective() was this year! The quality of presentations was really good and I think that is due both to the speakers and the content advisory board led by Bob Silverberg and including Barney Boisvert, Dan Wilson, Emily Christiansen, Jason Dean, Kurt Wiersma, Marc Esher.

This entry was:

Writing Secure CFML Slides from CFUnited 2010

coldfusion As promised I just published the slides for my Writing Secure CFML presentation at CFUnited 2010.

You can even watch a recording of the presentation brought to you by Tim Cunningham of CFMumboJumbo.com:

This entry was:

10 Ideas to Improve Security in ColdFusion 10

coldfusion I do a lot of work related to security in ColdFusion and I've been keeping a list of ideas and features that could make a future version of ColdFusion more secure.

This entry was:

Hands on ColdFusion Security Training

coldfusion One of the best ways to really learn about something, is to roll up your sleeves, get your hands dirty. This is especially true for learning about security, it can be difficult to fully understand how attacks work by just reading about it.

This entry was:

CFML on Google App Engine for Java

coldfusion java Yesterday I gained access to the Google App Engine for Java, early release program, and as any CFML developer would do, I tried getting a CFML server (both Railo and OpenBD) to run on it. I posted some of my experiences on twitter, unfortunately I was unsuccessful.

This entry was:

Implicit Structure Notation ColdFusion

coldfusion Implicit Structure Notation was added to ColdFusion 8, this allows you to create a struct on the fly in one line.

This entry was:


coldfusion If you haven't been using the cfqueryparam tag, chances are you had a baptism by fire this week. As you may have heard, lots of ColdFusion powered sites were targeted by hackers using SQL Injection this week.

This entry was:

Getting ColdFusion SQL Statements from SQL Server Trace

coldfusion databases Running a SQL Trace in the SQL Server Profiler can be a great way to track down performance problems in your ColdFusion application.

This entry was:

CFSCRIPT Cheatsheet

coldfusion Last year I put together a CFSCRIPT cheatsheet for my cheatsheet collection. I just realized today, I don't think I ever blogged about it. Let me know if you find it useful or if I am missing anything.

This entry was:

ColdFusion 8 Update 1 Fixes some Image Processing Quirks

coldfusion It was nice to see that two of the quirks that I talk about in my Image Processing in ColdFusion 8 presentation were fixed in ColdFusion 8, Update 1 - they are:

The cfimage tag and image functions now retain EXIF data after operating on an image.

This entry was:

10 Most Useful Image Functions in ColdFusion 8

coldfusion Last week when I gave my Image Manipulation with ColdFusion 8 presentation at the New York City ColdFusion Users Group, several people asked me to blog this slide.

This entry was:

Getting EXIF Metadata with ColdFusion 8

coldfusion One example that I've been meaning to post is how to get Image Metadata using the Exchangeable Image File Format or EXIF a using ColdFusion 8. It's actually quite simple, to get a list of all the EXIF tags simply use the ImageGetExifMetaData function.

This entry was:

ColdFusion 8 Image Manipulation Presentation Recording

coldfusion Last night I gave a presentation on Image Processing and Manipulation with ColdFusion 8 at the ColdFusion Online Meetup. The recording is now available.

Charlie Arehart, the host of the ColdFusion Meetup, has also posted it on his UGTV.

This entry was:

CFImage Presentation Outline

coldfusion I gave a presentation on ColdFusion 8's CFIMAGE tag, Image Functions, and Foundeo's CFImage Effects Component yesterday to the Albany, NY CFUG.

I have made the code samples & slides available online.

This entry was:

CFImage Effects Library for ColdFusion 8

coldfusion I have been very busy today launching the CFImage Effects Component for ColdFusion 8.

This entry was:

CFThread - Don't Abuse It

coldfusion I love the fact that you can now create threads with CFML in ColdFusion 8, however as Spiderman can tell you with great power comes great responsibility.

Using threads can increase the performance of your application, however using threads can also decrease performance.

This entry was:

Serializing CFC's in ColdFusion 8

coldfusion java One of the handy new features in ColdFusion 8 is that CFC's are now serializable. There isn't a whole lot of information about this new feature in the docs, but I did some playing around and it does appear that they have used Java's serialization API. This means that you can use java's java.io.

This entry was:

New StatusCode Attribute in CFLOCATION

coldfusion When ColdFusion 7 came out I did a series of blog entries on small often overlooked new features. Well ColdFusion 8 is now out, and I thought it would be a good idea to do the same.

One handy new feature in ColdFusion 8 is the statusCode attribute in the CFLOCATION tag.

This entry was:

Getting the Application Root Path in ColdFusion

coldfusion I wrote a handy function today that will return the server file system path of the acting Application.cfm file for a ColdFusion application. It works by working its way up the directory tree until it finds an Application.cfm file. If it doesn't find one it will throw an exception.

This entry was:

Application.cfm and AJAX

coldfusion I had someone email me with the following question today:

I'm developing a ColdFusion app with Prototype. Seems Ajax.updater wants to insert my application.cfm code into my div along with responseText. How can I stop this?

This question brought up two good points.

This entry was:

Reverse IP Address Lookup with ColdFusion + Java

coldfusion java I needed to do a reverse lookup on some IP addresses in a database today. I found that you can do this pretty easily with java, and just as easily with ColdFusion. Here it is:

<cfset inet_address = CreateObject("java", "java.net.

This entry was:

Top 10 Underrated Functions in ColdFusion

coldfusion I gave a presentation at my local CFUG yesterday called 10 Underrated Functions in ColdFusion, I plan on doing one for tags as well at some point. Here was my list of functions, in no particular order:

ValueList - Returns the contents of an entire query column in a string list.

This entry was:

What's New in BlueDragon 7?

coldfusion New Atlanta, just released Beta 1 of version 7 of thier BlueDragon CFML application server.

Below is a list of the new features - I think the IsNull function and null keyword will prove to be quite handy.

This entry was:

CFCHART Example - Pie Chart

coldfusion Here's a quick example of some coldfusion code to make a pie chart.

This entry was:

Advanced Date Parsing with ColdFusion

coldfusion Have you ever tried to parse a date that ColdFusion didn't recognize? It can be pretty tricky, and usually requires regular expressions.

Suppose you want to use DateFormat on an RFC-822 date. These dates are used by the HTTP protocol, and in RSS feeds.

This entry was:

CFDocs.org back up and running

coldfusion Several people have emailed to tell me that cfdocs.org was down. I have moved it to a different server, and it is now back up and running.

If it's still not working for you give the DNS some time to propagate.

This entry was:

Textile for ColdFusion

coldfusion A few weeks ago I mentioned that I had an open source project in the pipeline. Well I've been really busy so I haven't had a chance to release it until now...

I built a UDF for converting textile markup into HTML markup.

You can learn more about textile here.

This entry was:


coldfusion Here's my tip for the day. If you have a choice in using either the cfsilent tag, or cfsetting enablecfoutputonly="true" use cfsilent.

Here's why

Easier to type

Easier to read

The enablecfoutputonly gets very messy when used across cfincludes.

This entry was:

Null Java References in CF 6 vs 7

coldfusion java ColdFusion 7 appears to be much better at passing null values to a java object. ColdFusion 6 however likes to block you from doing it, even when you want to.

I am tring to work with a java API that requires me to pass a null value to a method.

This entry was:

AJAX Tutorial with Prototype

web Here's the AJAX prototype example that I used in my AJAX presentation today.

I wanted to give an example of a good use of AJAX, and at the same time keep it simple. So I thought a good example

would be to build a zip code verifier.

This entry was:

DNS Query with ColdFusion

coldfusion java It has been a while since I've posted one of these java + cfml tricks, so here's a neat one for ya'.

You can use the Java Naming and Directory Interface (JNDI) to perform a DNS query in ColdFusion.

This entry was:

Build a directory browser with ColdFusion

coldfusion Most web servers have directory browsing disabled, but sometimes you want it to work for certain directories. Most web servers also allow you to setup specific settings for your directories for instance you could do it with an .htaccess file on Apache.

This entry was:


books coldfusion CodeFetch is a clever little app that searches published books for code samples matching your search. So if you search for cfmail you will get code samples from several books on ColdFusion. You can then of course buy the books through amazon.

This entry was:

DateFormat, and TimeFormat mask shortcuts

coldfusion Did you know that there were some date/time mask shortcuts for the DateFormat, and TimeFormat functions? They were added in ColdFusion MX 6.0, and they flew under the radar for many. I have seen them in the docs when I lookup a mask, but I always forget about them.

This entry was:

The client variables debacle

coldfusion Nathan Strutz recently said that client variables are no good to use. From reading his entire post, he isn't saying that the concept is flawed, just the current implementation. He even suggests how they may could be improved.

This entry was:

How To Make a Tag Cloud

coldfusion web Jeffery Zeldman proclaims that tag clouds are the new mullets. However, as I'm sure you're aware some people just can't resist the mullet.

This entry was:

Auto-Linking Comments

coldfusion To avoid comment spam, my blog comments are displayed as plain text. However urls to other entries on my blog are often posted to in the comments. So I wrote a simple regular expression to create hyperlinks out of them:



This entry was:

Arrays VS Structures

coldfusion Array's and Structures (structures in CF are called hashtables, or associative arrays) are two very different data structures. There is some confusion about how arrays work in CF, and from what I can understand they are based on native java arrays.

This entry was:

Bad Error Message

coldfusion I recently did this:

<cfoutput query="#queryName#"> ... </cfoutput>

Can you spot the error?

I think that is probably a very common mistake - here's the error message you get in ColdFusion MX 6.

This entry was:

Regex to Replace Multiple Blank Lines with One

coldfusion web I'm working on a function to strip HTML, but preserve things like paragraph spacing. In removing HTML tags, sometimes you end up with lots of blank lines...

This entry was:


coldfusion web It is often stated that CFLOCATION does a client side redirect. This means that it sends back some HTTP headers telling your browser to request a different location. This is done with a 302 (Moved Temporarily) HTTP status code, and the Location header.

This entry was:

ParagraphFormat is not XHTML Safe

coldfusion I just noticed that the ParagraphFormat tag is not XHTML safe. It inserts unclosed <P> tags for line breaks. I posted a comment on the live docs about this, so hopefully they will add an optional argument to have it generate XHTML output.

This entry was:

CFFUNCTION and CFARGUMENT don't support new types in ColdFusion 7

coldfusion One thing I just realized today - that is a bummer, is that the new types supported by cfparam, and IsValid (eg integer, email, zipcode) in ColdFusion 7 are not supported by the returntype attribute in CFFUNCTION, and not supported in the type attribute of CFARGUMENT. Whats up with that?

This entry was:

Save your self some typing

coldfusion If you want to save yourself some typing, note that cf_sql_varchar is the default value for the cfsqltype attribute in the cfqueryparam tag.

So you can omit the cfsqltype attribute, if your type is cf_sql_varchar at the expense of some readability.

This entry was:

Thread Priority, and Yielding

coldfusion java Suppose you have a page that is only run by background processes, or a page that can take a lot of resources, but you don't want it to. Since ColdFusion MX is written in Java, you can access the thread object that your CFML request is running as.

This entry was:

6 Tags for ColdFusion beginners

coldfusion The ColdFusion Developers Journal has an article called: CF Six Pack by Greg Cerveny which lists 6 tags new developers should be using.

I pretty much agree with all the tags on the list, except for cfsetting, I think if your a newbie, just enable whitespace suppression in the CF admin.

This entry was:

CFIMAP Rocks - And so does IMAP

coldfusion web BlueDragon's CFIMAP tag is awesome! I use IMAP for my email, and because of that I tend to store a lot of mail, especially old mailing list messages. I was telling our linux dude, Steve, that I wanted a way to remove messages in certain folders that are older than, say 30 days.

This entry was:

Connection Failure with Yahoo Web Services and ColdFusion

coldfusion If you tried using the Yahoo Web Services with CFHTTP and your cfhttp.filecontent variable had the value: Connection Failure, or if you had throwonerror="true" and you got the error: Connection Failure: Status code unavailable it is due to an encoding issue.

This entry was:

Trackbacks working on my blog

web I hopefully have trackbacks working on my blog now. If you want to test the methods given in my trackbacks article you can trackback to this post.

Here's some code I use to check and see if my trackbacks was successful:

<cfset tbError = ReReplaceNoCase(cfhttp.filecontent, ".

This entry was:

Trackbacks with ColdFusion

coldfusion It's pretty simple to implement trackback pings with CFML, since trackbacks are simply just a HTTP form post to a specific url. The result is an XML file.

So do post a trackback to another blog, simply use CFHTTP:

<cfhttp url="http://the.trackback.

This entry was:

BlueDragon adds new Tags and Functions

coldfusion New Atlanta's CFML engine BlueDragon was just given an upgrade to version 6.2 last week. BlueDragon has added tags that are not supported by Macromedia ColdFusion since version 3 of their product.

This entry was:

REFind and ReReplace support \r \n and \t

coldfusion I noticed today that the regular expression functions in CF support the newline character \n Chr(10), carriage return \r Chr(13), and tab \t Chr(9).

This entry was:

Function to get Page Title from a URL

coldfusion I wrote a simple function today that grabs a url, and parses out the title of the page from the url:

This entry was:

Resetting your page output

coldfusion java I just figured out a simple way of resetting the output stream in a coldfusion template using the JspWriter obtained from the PageContext:

You won't see any content above the line below.

<cfset GetPageContext().getOut().

This entry was:


coldfusion After a long break in my series of the little enhancements in ColdFusion MX 7 (CFMX 7 Little Things), I am back today with another article, this time with the Hash function.

In versions of ColdFusion prior to 7, the Hash function used the MD5 algorithm to generate hash values.

This entry was:

Stopping HTTP Referer Spam with ColdFusion

coldfusion web I get a lot of hits from HTTP Referer spammers in my logs these days. If your not familiar with this type of spam, its pretty simple. Someone has a url that they want you to visit, so they write a spider to visit your site, but they put in their url as the HTTP referer.

This entry was:

Parsing Atom Dates (ISO8601) in ColdFusion

coldfusion Need to parse the dates in an Atom feed? Atom feeds use ISO 8601 formatted dates, something like this; 1994-11-05T08:15:30-05:00 with a UTC offset, or like this: 1994-11-05T13:15:30Z in GMT.

This entry was:

Strong Encryption Technote shows undocumented features

coldfusion Macromedia has just released a technote entitled: Strong Encryption in ColdFusion MX 7. It has lots of information useful to anyone planning to work with these features. In addition I noticed mention of two undocumented arguments in the Encrypt() and Decrypt() functions.

This entry was:

If-Modified-Since and CFML Part III

coldfusion Roger Benningfield pointed out to me that most clients use a value from a Last-Modified header as the value sent in the If-Modified-Since. So you will want to ensure that you are setting that header as well, if your planning on checking for If-Modified-Since.

This entry was:

If-Modified-Since and CFML Part II

coldfusion Now that you know how handle HTTP requests with the If-Modified-Since header in ColdFusion, lets take a look at how you might write a HTTP client using CFHTTP that sends If-Modified-Since headers:

This entry was:

Supporting If-Modified-Since HTTP header in CFML

coldfusion The If-Modified-Since header in the HTTP protocol allows user agents (typically RSS aggregators, or Spiders) to check and see if the content they are about to download has changed since their last visit.

This entry was:

CFTIMER - Little things in ColdFusion 7

coldfusion I am digging the new cftimer tag in ColdFusion MX 7.

In previous versions when you want to time how long something takes, you would do something like this:

<cfset tick = GetTickCount()>

run your code here...

This entry was:

cfdirectory adds recursive support - Little Things in CFMX 7

coldfusion I know I have written recursive custom tags, and functions (more than once) to solve this problem in the past, but now you can just add a simple recurse="true" to your cfdirectory tags in ColdFusion MX 7.0

<cfdirectory action="list" directory="#ExpandPath(".

This entry was:

IsValid - CFMX 7 Little Things

coldfusion ColdFusion MX 7 added a new function called IsValid. The IsValid function performs data validation just like the CFPARAM tag, and supports all the new data types in cfparam (see my previous post) as well.

This entry was:

ColdFusion 7 Strong Encryption

coldfusion ColdFusion MX 7 adds strong encryption support to the Encrypt and Decrypt functions. In addition to the legacy algorithm used in Encrypt, and Decrypt - ColdFusion MX 7 now makes it incredibly easy to use AES, Blowfish, DES, and Triple DES encryption.

This entry was:

CFPARAM - New Features in CFMX 7

coldfusion ColdFusion MX 7 is packed with lots of little new features, that are, well killer! I am starting a series on my blog called Little Things that Kill that will expose some of these killer new features and subtle improvements. And yes, the name is inspired by Bush (the band).

This entry was:

MySQL Popular among ColdFusion Developers

databases After 163 votes, I've decided it's time to retire my poll: "What Database server do you use?

This entry was:

XPath Tool

coldfusion I wrote a web based XPath tool in ColdFusion. The tool will allow you to perform an XPath query on a XML document, it then highlights the results and also dumps the XmlElement returned from the XPath query.

This entry was:

Bookmarklets and Search Plugins for javadocs.org

coldfusion java Many people have been posting bookmarklets for searching javadocs.org, and some have asked about a Mozilla/Firefox search plugin. So I though I would create a bookmarklets, and mozilla search plugins page.

This page has bookmarklets that work in IE, Mozilla, FireFox, and Safari.

This entry was:

Parsing RSS 1.0 with ColdFusion MX

coldfusion Well thanks to Sean Corfield I understand why I was having issues with namespaces when trying to parse RSS 1.0 with XPath.

If you have a document with namespaces such as RSS 1.

This entry was:

RSS and XPath

coldfusion I came across a handy reference article on xml.com today that gives XPath queries for RSS and Atom feeds. Just last week I was attempting to parse a RSS 1.0 feed in CFMX using the XMLSearch function. I'm running into problems however due to the name spaces in RSS 1.

This entry was:

Checking your JDBC Driver Version

coldfusion Macromedia recently updated their JDBC driver technote, but I wasn't sure if I already had the 3.3 driver installed (since they may have just updated the text in the technote).

This entry was:

New Service - cfdocs.org - Fast access to CF docs

coldfusion I just launched a new service at cfdocs.org - the site allows you to type in a ColdFusion function name or tag name directly in the url to goto the documentation, for example: http://cfdocs.org/cfchart will take you to the Macromedia Live documentation for cfchart. This is equivalent to the way php.

This entry was:

Regular Expressions with ColdFusion - a Howto Guide

coldfusion Regular Expressions are a powerful tool for both developers and computer users alike. Regular Expressions were originally developed on Unix systems and used in programs like Perl, sed, and grep.

This entry was:

Determining the size of objects in memory

coldfusion java Someone asked for a method to find out how much memory their cached queries, and components are using on the cf-talk mailing list today. In CFMX and in java there are no build in methods for determining the size of an object.

This entry was:

Client Variables unnecessary overhead?

coldfusion databases I was curious to know how much overhead client variables incur in an application.

This entry was:

Parsing RSS with CFMX

coldfusion I came up with a code sample to parse RSS with CFMX today based on a question about CFMX XML functions on my local CFUG mailing list. It should do ok with RSS 2.0, and 0.91, and also well formed RSS 0.92. It won't work with RSS 1.0.

This entry was:

Turning a JDBC Result set into a ColdFusion query

coldfusion databases Recent discussion on the CFCDev mailing list (at cfczone.org) shows how to return a ColdFusion query object from a Java class using a JDBC result set (java.sql.ResultSet). The solution posed by both Brandon Purcell, and I was to pass your JDBC result set in to the constructor of the coldfusion.sql.

This entry was:

How to make ColdFusion MX go to sleep

coldfusion Many people have had the need for a ColdFusion page to sleep, typically between iterations of a loop. There is a tag called CFX_Sleep in the Tag Gallery, but in ColdFusion MX you don't need a CFX tag to make the current processing thread sleep using the static sleep method on the java.lang.

This entry was:

CFC's - private works like protected

coldfusion I noticed yesterday that when you use access="private" in a CFC function, inherited CFC's also have access to this function.

In object oriented languages such as Java, C++, or C# this type of access is known as "protected" access.

This entry was:


did you hack my cf?