Tuning Tomcat IIS Connectors worker.properties and server.xml

coldfusion Through my consulting practice, I've helped out a number of people with IIS/Tomcat connector issues over the years. Here are some general guidelines you can use to tune the worker.properties and server.xml files when connecting Tomcat / ColdFusion to IIS using the AJP protocol.

This entry was:

Fixinator and Foundeo Security Bundle

coldfusion I'm pleased to announce that Fixinator and the Foundeo CFML Continuous Security Bundle are both avaliable to purchase.

This entry was:

Running CFML on AWS Lambda with FuseLess Slides

coldfusion Here are the slides for my Running CFML on AWS Lambda with FuseLess talk. I gave this talk at Into The Box 2019 in Houston Texas last week.

Nolan Erck has posted his notes if you want to read through a summary. You also may enjoy reading his Recap of Into The Box 2019.

This entry was:

Updating Java on ColdFusion or Lucee

coldfusion As a ColdFusion user you are probably aware that your CFML is compiled into Java byte code and executed by the Java Virtual Machine (JVM). Just like your Operating System or ColdFusion server needs to be patched for security issues, so does your JVM.

This entry was:

ColdFusion returning empty response with server-error: true

coldfusion I see this issue catch a lot of people, and it got me today. If you have a file /api/test.cfm on ColdFusion 10 or greater it might not work due to ColdFusion's REST implementation controlling the /api or /rest URIs.

This entry was:

CFSummit 2016 Slides

coldfusion Here are my slides from the Adobe ColdFusion Summit 2016 conference in Las Vegas:

Bulletproof Your ColdFusion Server With The Lockdown Guide - this presentation was an overview of the ColdFusion Lockdown guide and gives some insights and tips.

This entry was:

Disable Flash Remoting on ColdFusion Servers

coldfusion Due to the recent security vulnerability ABSP15-20 / APSB15-21 in BlazeDS there has been increased interest in disabling flash remoting when not needed -- if you followed the lockdown guide for CF9, CF10, or CF11 you should already have it disabled.

This entry was:

IncompatibleClassChangeError after ColdFusion 11 Update 5

coldfusion If you use the Encrypt function in ColdFusion 11, you may experience an error that looks like this:

java.lang.IncompatibleClassChangeError: Expected static method coldfusion.runtime.CFPage.

This entry was:

Scope Injection in CFML

coldfusion Here is an interesting vulnerability that I have come across several times in real CFML code during code reviews, I have spoken about it at conferences but have never written about it. Since it doesn't really have a name, I call it Scope Injection, you'll see why in a minute.

This entry was:

Upload Files Directly to Amazon S3 using ColdFusion

coldfusion Here's a quick example showing how to upload a file directly to Amazon S3 (bypassing your server). The tricky part in getting this to work is that you don't want to allow anyone to upload a file anywhere on your S3.

This entry was:

SessionRotate solution for JEE Sessions

coldfusion As you may know the new ColdFusion 10 function SessionRotate works great if you are using ColdFusion sessions (CFID, CFTOKEN), but it doesn't actually rotate the session id or invalidate the underlying J2EE session if you are using JEE sessions.

This entry was:

False TemplateNotFoundException ColdFusion 9

coldfusion I was working on a server (CF9.0.2 Win2008 IIS7.5) installation today and ran into what I thought at first was an IIS connector issue.

This entry was:

ColdFusion defaults avoid flawed Random Number Generator

coldfusion I've been researching a very interesting security topic for the past few weeks related to the Snowden NSA leaks and even related to ColdFusion. Thankfully Adobe's default settings avoid the weakness.

This entry was:

New HackMyCF Features

coldfusion HackMyCF, my company's ColdFusion (and Railo too) server security scanner was recently updated with some cool new features for our paid subscribers.

This entry was:

CFDocs site now Open Source

coldfusion You may be aware that I've run a site for quick access to the CFML documentation since 2004 called cfdocs.org. My goal for this site has always been to get to the documentation you need as fast as possible.

This entry was:

Getting Size of Heap and Non Heap Memory in CFML

coldfusion java I was helping out a member of my CFUG with some questions about the JVM, and I wanted to point him to a way to see how big his PermGen is at runtime.

This entry was:

J2EE Sessions in CF10 Uses Secure Cookies

coldfusion This week I helped out a client resolve an issue due to a change in behavior from CF9 to CF10. CF10 automatically adds the secure flag to cookies when the request is over a secure HTTPS channel.

This entry was:

Learn about ColdFusion Security at cfObjective 2013

coldfusion For the past two-three months ColdFusion has been increasingly targeted by attackers, as many have found out the hard way. Because my company Foundeo Inc.

This entry was:

Session Loss and Session Fixation in ColdFusion

coldfusion I often find myself explaining how the session fixation security hotfix (APSB11-04) might cause session loss under certain circumstances, so I figured it was time for a blog entry explaining it.

This entry was:

Adobe Says Go Ahead and Upgrade your ColdFusion JVM

coldfusion java This probably flew under the radar to many but Adobe has recently updated one of their support docs on upgrading JVM in ColdFusion, they now clearly state that you can upgrade to the latest minor release of a supported jvm version in ColdFusion:

This entry was:

Announcing CFML Weekly Email

coldfusion I'm a huge fan of the weekly email newsletters: JavaScript Weekly and HTML5 Weekly from Peter Cooper. Keeping up with technology via blogs, twitter, etc is difficult to do, so getting sent an email summary of important or interesting things saves me a lot of time.

This entry was:

Minor bug in ColdFusion 10 Linux Startup Scripts

coldfusion linux Running ColdFusion 10 on Linux you might run into an issue when checking the server status, if your ColdFusion user account has a default shell of /sbin/nologin (this is how your account should be setup for security purposes). So for example when you run:


This entry was:

Understanding HashDos and postParameterLimit

coldfusion I received a question today about the postParameterLimit that was added to ColdFusion 8,9 by security hotfix APSB12-06 and exists in ColdFusion 10 by default (it is also configurable in the CF10 administrator).

This entry was:

ColdFusion 10 Security Enhancements Presentation

coldfusion I've given a couple presentations now on the security enhancements in ColdFusion 10. The most recent was today at the Adobe ColdFusion Developer 2012, but I've also given it two other times for a Carahsoft webinar, and for the Carahsoft ColdFusion 10 Preview event in Washington DC.

This entry was:

Speaking at ColdFusion Developer Week 2012

coldfusion Couldn't make it to cf.Objective() this year - no worries, Adobe is hosting the second annual ColdFusion Developer Week.

This entry was:

Speaking at ColdFusion Zeus Preview Event in DC

coldfusion I will be speaking at the Adobe / Carahsoft ColdFusion Zeus Sneak Preview Event on Wednesday March 28th at the Crystal Gateway Marriott in Washington DC. My topic is called Boost Security Using ColdFusion Zeus: Writing Secure CFML which will cover the new security enhancements in ColdFusion 10.

This entry was:

Setup ColdFusion 9.0.1 Fully Patched

coldfusion Adobe this week released a security hotfix for the HashDos vulnerability for ColdFusion versions 8.0 through 9.0.1. Today I was setting up a new secure ColdFusion instance for a client, and I though I'd document the steps needed to go from ColdFusion 9.0 to ColdFusion 9.0.

This entry was:

HashDOS and ColdFusion

coldfusion java Earlier this week at the 28C3 security conference in Berlin researchers presented on a denial of service (DOS) technique that several web application platforms (PHP, ASP.NET, Node.js, Tomcat, Java's HashMap/Hashtable etc) are vulnerable to, known as hashdos.

This entry was:

HackMyCF Updated for APSB11-29 Security Hotfix

coldfusion Adobe released a security hotfix APSB11-29 for ColdFusion 8 and 9 on Tuesday, which fixes two XSS (Cross Site Scripting) vulnerabilities (CVE-2011-2463 and CVE-2011-4368). One vulnerability exists in cfform and the other in RDS.

This entry was:

Adobe eSeminar on FuseGuard

coldfusion Adobe has asked me to do an online e-seminar: Protecting ColdFusion Applications with FuseGuard thursday November 3rd at 10am PT / 1pm ET.

If you're curious about FuseGuard and how it works please head over to Adobe.com and register now!

This entry was:

Determining Which Cumulative Hotfixes are Installed on ColdFusion

coldfusion It's not always obvious which Cumulative hotfixes are installed on a ColdFusion server. I'm pleased to announce that the paid subscriptions for HackMyCF now let you know which cumulative (non security) hotfixes you have installed, and which ones you don't.

This entry was:

Adding Two Factor Authentication to ColdFusion Administrator

coldfusion A few months back I was researching two/multi factor authentication solutions to employ to meet PCI compliance, I came across a somewhat new company called DuoSecurity.

This entry was:

ColdFusion Developer Week at Adobe.com

coldfusion This week (September 12-16 2011) is ColdFusion Developer Week over at Adobe.

This entry was:

Client Variable Cookie CFGLOBALS Includes Session Ids

coldfusion I was recently conducting a CFML security review for a client and realized that when you have client variables set to use Cookies, the session ID's (eg CFIDE and CFTOKEN) are included in the CFGLOBALS cookie.

This entry was:

Maximum Security CFML - cfObjective Slides

coldfusion What a great conference cf.Objective() was this year! The quality of presentations was really good and I think that is due both to the speakers and the content advisory board led by Bob Silverberg and including Barney Boisvert, Dan Wilson, Emily Christiansen, Jason Dean, Kurt Wiersma, Marc Esher.

This entry was:

ColdFusion Lockdown Series - Multiple Partitions

coldfusion One of the most frequent questions I get about the Adobe ColdFusion 9 Lockdown Whitepaper is:

Why do you suggest using 3 partitions when installing ColdFusion?

This entry was:

ColdFusion's Builtin Enterprise Security API

coldfusion One of the nice side effects to installing the latest ColdFusion security hotfix is that ColdFusion 8 and ColdFusion 9 now both include the jar files for the OWASP ESAPI or Enterprise Security API.

This entry was:

Recent ColdFusion Security Hotfix Updated Today

coldfusion Adobe has updated the security hotfix that was released last month (February 2011) APSB11-04. The technote states that all users should re-apply the hotfix:

Adobe has received a few issues with the Security Hot fix released on February 8, 2011.

This entry was:

Sponsoring and Speaking at cf.Objective() 2011

coldfusion I'm happy to announce that my company Foundeo will be sponsoring the cf.Objective() conference in Minneapolis MN May 12-14 2011!

Foundeo will be showing off FuseGuard Firewall for ColdFusion and our Hack My CF Server Security Scanner.

This entry was:

Changing the ColdFusion CFIDE Scripts Location

coldfusion One of the things that the HackMyCF ColdFusion server security scanner looks for, is if the /CFIDE/scripts/ (for CF11 and below) or /cf_scripts/scripts/ (for CF2016+) folders is in it's default location.

This entry was:

Troubleshooting ColdFusion 9 .NET Integration Issues

coldfusion I recently helped a client get .NET integration working on their 64 bit ColdFusion 9 multiserver installation. There seams to be some quirks with multi-instance installs when using .NET integration in ColdFusion (when you create a new instance, you may not get all the files you need for .

This entry was:

Path Traversal Vulnerability Security Hotfix for ColdFusion Released

coldfusion Adobe released a security hotfix for a path traversal vulnerability in ColdFusion administrator (CVE-2010-2861, APSB10-18). On the Adobe security bulletin page it lists affected software versions: ColdFusion 8.0, 8.0.1, 9.0, 9.0.1 and earlier versions for Windows, Macintosh and UNIX.

This entry was:

Using AntiSamy with ColdFusion

coldfusion How do you protect your code from Cross Site Scripting (XSS) when your business requirements state that the user must be able to input HTML? This can be a difficult problem to solve and XSS is very difficult to filter against because there are hundreds of attack vectors.

This entry was:

Writing Secure CFML Slides from CFUnited 2010

coldfusion As promised I just published the slides for my Writing Secure CFML presentation at CFUnited 2010.

You can even watch a recording of the presentation brought to you by Tim Cunningham of CFMumboJumbo.com:

This entry was:

Locking Down ColdFusion Presentation Slides

coldfusion The slides for my 2010 CFUnited presentation Locking Down ColdFusion are now available. The presentation is based on the ColDFusion 9 Lockdown Guide whitepaper that I wrote for Adobe. It covers various techniques to make your ColdFusion installation more secure.

This entry was:

Using jQuery UI Autocomplete with Hidden ID's

coldfusion The new autocomplete widget in jQuery UI 1.8 is a nice addition. While it works great for basic purposes working with ID / value pairs is not so nice out of the box.

This entry was:

10 Ideas to Improve Security in ColdFusion 10

coldfusion I do a lot of work related to security in ColdFusion and I've been keeping a list of ideas and features that could make a future version of ColdFusion more secure.

This entry was:

CFMeetup Thursday: Intro to FuseGuard and Web Application Firewalls

coldfusion I will be presenting at the ColdFusion Meetup online user group this Thursday (June 17th) at Noon Eastern Time. The topic: Introduction to FuseGuard and Web Application Firewalls.

This entry was:

Is your ColdFusion Administrator Actually Public?

coldfusion Every so often I get an email back from someone who ran HackMyCF.com saying something like this:

Your scanner says our ColdFusion Administrator is publicly accessible, but I don't think that's true.

This entry was:

HackMyCF.com Now Detects BlazeDS Vulnerability

coldfusion I've just finished updating the HackMyCF.com ColdFusion security scanner to detect the BlaseDS Vulnerability APSB10-05 announced in February 2010. As you hopefully know, this vulnerability also effects ColdFusion 7-9, because it has BlaseDS installed by default.

This entry was:

OutOfMemoryError - GC overhead limit exceeded

java Someone asked me recently about the following exception on their ColdFusion server:


This entry was:

Last Day to win Free ColdFusion Security Training

coldfusion As you may have heard, Jason Dean and I are teaching a cf.Objective() pre-conference one-day hands on ColdFusion security training class. We are giving away a seat to the class, and today March 23rd is the last day to enter (you must enter by 5pm Eastern Time), you can enter once per day.

This entry was:

Cache Template in Request Setting Explained

coldfusion One of the new features added to ColdFusion 9 is the Cache Template in Request setting located on the Server Settings > Caching page of the ColdFusion Administrator. The setting was recently featured in the ColdFusion 9 Performance Brief showing a 50x boost when enabled.

This entry was:

What Version of Java is ColdFusion Using?

coldfusion java Here's a one liner CFML script to show what version of Java your ColdFusion server is running:

<cfoutput>#CreateObject("java", "java.lang.System").getProperty("java.

This entry was:

ColdFusion 9 Performance Brief from Adobe

coldfusion Adobe has posted a ColdFusion 9 Performance Brief, outlining several performance improvements over ColdFusion 7 and 8. The brief reports a 40% performance improvement over ColdFusion 8, and a 500% improvement over ColdFusion 7, running CanvasWiki.

This entry was:

J2EE Session Cookies on ColdFusion / JRun

coldfusion java As you are probably aware ColdFusion allows you to use the integrated J2EE sessions that are provided as part of the J2EE server (by enabling the Use J2EE session variables setting in ColdFusion Administrator).

This entry was:

Hands on ColdFusion Security Training

coldfusion One of the best ways to really learn about something, is to roll up your sleeves, get your hands dirty. This is especially true for learning about security, it can be difficult to fully understand how attacks work by just reading about it.

This entry was:

ColdFusion 9 Solr Vulnerability - Are you at Risk?

coldfusion Adobe just released a security bulletin APSB10-04 for ColdFusion 9. If you have the Solr Search Service running on a ColdFusion 9 server it binds the Solr Web Service to port 8983 on all IP addresses. Adobe has also released a Technote describing how to fix the issue.

This entry was:

CFLogin Security Considerations

coldfusion If you use the cflogin tag to manage authentication you should consider setting loginstorage="session" in your Application.cfc or Application.cfm file for better security.

This entry was:

ColdFusion SOAP Web Services and onRequestStart

coldfusion I knew there are some issues with using onRequest in your Application.cfc and web services, but I didn't think there were any issues with onRequestStart and ColdFusion 8 SOAP web services.

Today while working on one of my clients web services I started getting the error org.xml.sax.

This entry was:

FuseGuard Released - Protects your ColdFusion Apps

coldfusion I am happy to announce today the release of FuseGuard Web Application Firewall for ColdFusion!

FuseGuard 2.

This entry was:

Howto Require SSL for ColdFusion Administrator

coldfusion A good security practice is to require SSL for ColdFusion administrator access (an even better practice is to limit access to localhost). This should only take less than five minutes on either Apache or IIS.

This entry was:

You May Need to Reapply CF Security Hotfix CVE-2009-1877

coldfusion Back in August Adobe released a series of ColdFusion security Hotfixes in security bulletin APSB09-12. One of the vulnerabilities that was supposed to be fixed was a Cross Site Scripting vulnerability that I found and reported to Adobe, known as CVE-2009-1877.

This entry was:

ColdFusion Server Security Scanner

coldfusion My company Foundeo Inc. released a new free web service today called HackMyCF that allows you to scan your ColdFusion server to detect the absence of recent ColdFusion security hotfixes as well as other security problems.

This entry was:

Prefix Serialized JSON in ColdFusion

coldfusion When ColdFusion 8 added the ability to return data from remote functions formatted with JSON they also added some settings that allow you to put a prefix on the JSON string.

This entry was:

FCKeditor Access Denied

coldfusion I have a client using the standalone FCKEditor on his server (not the one in /CFIDE/ it is located at /FCKeditor/), but after installing the security hotfix for ColdFusion 8's builtin FCKeditor, the file manager for uploading and inserting images stopped working.

This entry was:

Adobe MAX: Building JEE Portlets with ColdFusion 9

coldfusion Adobe has posted the recording of my Adobe MAX presentation Building JEE Portlets with ColdFusion 9. Overall it was a great conference and I was happy to be a part of it. I was also happy to cover the topic of Portlets in ColdFusion 9, since it hasn't gotten much publicity as a new feature.

This entry was:

ColdFusion wsconfig Hotfix CVE-2009-1876 is for Apache Only

coldfusion There has been some confusion over the ColdFusion web server connector (wsconfig.jar) hotfix CVE-2009-1876 which is part of Adobe Security Bulletin APSB09-12.

Whether or not this hotfix is required on IIS has been a question posed by many.

This entry was:

ColdFusion Security Hotfixes Released

coldfusion Adobe posted several critical hotfixes for ColdFusion and JRun yesterday in Security Bulletin APSB09-12.

I discovered one of the XSS vulnerabilities, and I will post details about it soon. In the mean time, please patch your servers.

This entry was:

Creating a Derby Datasource with ColdFusion Admin API

coldfusion databases I am working on some example code for some CFUG managers who are demoing our ColdFusion WAF product at their groups. I wanted the demo to be very easy to setup, so I decided to use Apache Derby for the database, since it is embedded with CF8.

This entry was:

How CFThread Can Help OR Hurt Performance

coldfusion I am working on a performance analysis for a client, some page requests need to do a cfhttp call, I had the thought to use cfthread for the http call, so that other processing could happen in parallel.

This entry was:

Hotfix for CF8 FCKeditor Vulnerability Released

coldfusion Adobe has just released a security hotfix for the FCKeditor vulnerability in Coldfusion 8.

Also of Note, Adobe's Terry Ryan posted a blog entry today detailing How to report a ColdFusion Security Issue to Adobe.

This entry was:

Hardening ColdFusion - cfObjective 2009 Presentation Slides

coldfusion I've been meaning to post the slides the presentation I gave at cf.

This entry was:

Risks of FCKeditor Vulnerability in CF8

coldfusion I've had a chance to look at the FCKeditor code a little bit in order to determine what the risks actually are of this vulnerability.

This entry was:

ColdFusion 8 FCKeditor Vulnerability

coldfusion There have been a few stories about a vulnerability in FCKeditor that is bundled with ColdFusion 8, first on SANS and now on The Register.

The FCKeditor ColdFusion connector isn't enabled on all CF installations, I think if you installed a fresh 8.0.

This entry was:

Devnet Article on Securing CF From SQL Injection

coldfusion I was just reading through this article on Adobe Devnet titled

Secure your ColdFusion application against SQL injection attacks, and I have a few issues with the article.

This entry was:

ColdFusion ListFind Example

coldfusion The ListFind and ListFindNoCase functions are very handy in ColdFusion.

The ListFind function takes up to 3 arguments:

ListFind(list, value, [delimiter])

The default delimiter for all list functions in ColdFusion is a comma.

This entry was:

Implicit Structure Notation ColdFusion

coldfusion Implicit Structure Notation was added to ColdFusion 8, this allows you to create a struct on the fly in one line.

This entry was:


coldfusion If you haven't been using the cfqueryparam tag, chances are you had a baptism by fire this week. As you may have heard, lots of ColdFusion powered sites were targeted by hackers using SQL Injection this week.

This entry was:

Google Code Search for ColdFusion

coldfusion Google's code search engine has been updated with an outline view that shows hierarchy of Java, C, C++, C#, Python, JavaScript and Pascal source files.

This entry was:

Getting ColdFusion SQL Statements from SQL Server Trace

coldfusion databases Running a SQL Trace in the SQL Server Profiler can be a great way to track down performance problems in your ColdFusion application.

This entry was:

CFSCRIPT Cheatsheet

coldfusion Last year I put together a CFSCRIPT cheatsheet for my cheatsheet collection. I just realized today, I don't think I ever blogged about it. Let me know if you find it useful or if I am missing anything.

This entry was:

ColdFusion 8 Update 1 Fixes some Image Processing Quirks

coldfusion It was nice to see that two of the quirks that I talk about in my Image Processing in ColdFusion 8 presentation were fixed in ColdFusion 8, Update 1 - they are:

The cfimage tag and image functions now retain EXIF data after operating on an image.

This entry was:

10 Most Useful Image Functions in ColdFusion 8

coldfusion Last week when I gave my Image Manipulation with ColdFusion 8 presentation at the New York City ColdFusion Users Group, several people asked me to blog this slide.

This entry was:

Foundeo's 2007 End of the Year Sale

coldfusion Foundeo is holding a special promotion through the rest of 2007. We have bundled Foundeo's popular Image Effects Component for ColdFusion 8 along with the full source of our Simple Feed Parser for ColdFusion for $49.99 (you save $139!).

This entry was:

ColdFusion 8 Image Manipulation Presentation Recording

coldfusion Last night I gave a presentation on Image Processing and Manipulation with ColdFusion 8 at the ColdFusion Online Meetup. The recording is now available.

Charlie Arehart, the host of the ColdFusion Meetup, has also posted it on his UGTV.

This entry was:

Online ColdFusion Manual

coldfusion Webucator, a web development training company has posted their ColdFusion training manual online. It currently covers ColdFusion 7, and will be updated to Cover ColdFusion 8 within the next few months.

Looks like a great resource to send folks to that are new to ColdFusion.

This entry was:

CFImage Effects Library for ColdFusion 8

coldfusion I have been very busy today launching the CFImage Effects Component for ColdFusion 8.

This entry was:

CFThread - Don't Abuse It

coldfusion I love the fact that you can now create threads with CFML in ColdFusion 8, however as Spiderman can tell you with great power comes great responsibility.

Using threads can increase the performance of your application, however using threads can also decrease performance.

This entry was:

Serializing CFC's in ColdFusion 8

coldfusion java One of the handy new features in ColdFusion 8 is that CFC's are now serializable. There isn't a whole lot of information about this new feature in the docs, but I did some playing around and it does appear that they have used Java's serialization API. This means that you can use java's java.io.

This entry was:

ColdFusion 8 Security Whitepaper

coldfusion Adobe has published a whitepaper called: ColdFusion 8 Product Security Briefing, which outlines the results of an independent security audit from Information Risk Management Plc.

This entry was:

ColdFusion Security Presentation Slides

coldfusion I want to thank everyone who attended my sessions at CFUnited this year. I was particularly amazed by the turnout for Building Secure CFML Applications. Here are the slides for the presentation.

This entry was:

Announcing Web Application Firewall for ColdFusion

coldfusion I'm proud to announce a Web Application Firewall for ColdFusion, a new product that I have been working on. This product detects malicious requests (such as SQL Injection, Cross Site Scripting, etc) and then logs, filters, or blocks the request.

This entry was:

RSS Presentation Code and Slides

coldfusion Several people have asked me for the code samples and slides from my RSS presentation at the CFUnited conference (Working with RSS in ColdFusion). As promised, the slides and code examples are now up online.

This entry was:

Getting the Application Root Path in ColdFusion

coldfusion I wrote a handy function today that will return the server file system path of the acting Application.cfm file for a ColdFusion application. It works by working its way up the directory tree until it finds an Application.cfm file. If it doesn't find one it will throw an exception.

This entry was:

Application.cfm and AJAX

coldfusion I had someone email me with the following question today:

I'm developing a ColdFusion app with Prototype. Seems Ajax.updater wants to insert my application.cfm code into my div along with responseText. How can I stop this?

This question brought up two good points.

This entry was:

Finding the Last Modified Date on a File

coldfusion This question came up on my local CFUG mailing list yesterday:

how can I get the time last updated of the two

documents? I know you can do this with uploaded files using


This entry was:

Top 10 Underrated Functions in ColdFusion

coldfusion I gave a presentation at my local CFUG yesterday called 10 Underrated Functions in ColdFusion, I plan on doing one for tags as well at some point. Here was my list of functions, in no particular order:

ValueList - Returns the contents of an entire query column in a string list.

This entry was:

New Icons for Adobe's Next Product Line

coldfusion misc Adobe's new lineup of icons for the upcoming products including ColdFusion 8 (Scorpio), Adobe Photoshop CS3, etc. have been made public by John Nack, and they are generated quite a bit of reaction both good and bad.

Here's the new icon for ColdFusion 8.

This entry was:

Trick or Treat - Web 2.0 Goodies for ColdFusion

coldfusion I am happy to announce the latest creation from foundeo: fusionKit.

fusionKit is a CD full of some handy ColdFusion components and UDF's. It is a similar concept to the DRK's that Macromedia used to sell, but is it's 100% ColdFusion.

This entry was:

ColdFusion Search Engine Using Google Coop

coldfusion I went ahead and started a ColdFusion search engine with Google Coop.

This entry was:

What's New in BlueDragon 7?

coldfusion New Atlanta, just released Beta 1 of version 7 of thier BlueDragon CFML application server.

Below is a list of the new features - I think the IsNull function and null keyword will prove to be quite handy.

This entry was:

Adobe Has a del.icio.us Account

coldfusion Thanks Rich at the basement for pointing out that Adobe has a del.icio.us account.

This entry was:

CFCHART Example - Pie Chart

coldfusion Here's a quick example of some coldfusion code to make a pie chart.

This entry was:

Floor Function in ColdFusion is Int

coldfusion Those of you coming from programming languages that have a floor function, may be hard pressed to find it in ColdFusion - that's because it's called Int.

The Int function will take in a floating point number chop off the decimal part, leaving you with just the integer part.

This entry was:

CFDocs.org back up and running

coldfusion Several people have emailed to tell me that cfdocs.org was down. I have moved it to a different server, and it is now back up and running.

If it's still not working for you give the DNS some time to propagate.

This entry was:

ColdFusion on the TIOBE index

coldfusion My brother sent me a link to the TIOBE index which has ColdFusion at #13 (up from #26 last year). According to the site:

The TIOBE Programming Community index gives an indication of the popularity of programming languages.

This entry was:

Textile for ColdFusion

coldfusion A few weeks ago I mentioned that I had an open source project in the pipeline. Well I've been really busy so I haven't had a chance to release it until now...

I built a UDF for converting textile markup into HTML markup.

You can learn more about textile here.

This entry was:


coldfusion Here's my tip for the day. If you have a choice in using either the cfsilent tag, or cfsetting enablecfoutputonly="true" use cfsilent.

Here's why

Easier to type

Easier to read

The enablecfoutputonly gets very messy when used across cfincludes.

This entry was:

Jobs: ColdFusion vs Ruby

coldfusion misc The Ruby programming language is getting a lot of interest these days, thanks to the Ruby on Rails framework developed by 37 Signals' David Heinemeier Hansson.

This entry was:

ColdFusion debate on digg

coldfusion I was surprised to find that my AJAX zip code example made it on digg today. I was wondering why I was getting so many blog comments today...

Anyways since I used ColdFusion in this example you will find some debate on ColdFusion in the comments on digg.

This entry was:

Null Java References in CF 6 vs 7

coldfusion java ColdFusion 7 appears to be much better at passing null values to a java object. ColdFusion 6 however likes to block you from doing it, even when you want to.

I am tring to work with a java API that requires me to pass a null value to a method.

This entry was:

ColdFusion Tagging Library

coldfusion Kunal Anand sent me an email to let me know about his tagging engine for coldfusion - check it out.

This entry was:

Get Wheelin!

coldfusion Rob Cameron has just released version 0.1 of ColdFusion on Wheels a MVC framework for ColdFusion, and inspired by Ruby on Rails.

There's no better way to get started than to check out his 8 min. video tutorial. And if your new to Ruby on Rails check out their 15 min video.

This entry was:

DNS Query with ColdFusion

coldfusion java It has been a while since I've posted one of these java + cfml tricks, so here's a neat one for ya'.

You can use the Java Naming and Directory Interface (JNDI) to perform a DNS query in ColdFusion.

This entry was:

Want additional DB or OS support in ColdFusion?

coldfusion Are you burnin' for built-in PostgreSQL support in Macromedia ColdFusion (BlueDragon already has this)? How about FreeBSD? Debian Linux Support? Fedora Support? Additional J2EE servers? 64-Bit Operating systems?

Then go and take the ColdFusion vendor support survey.

This entry was:

Build a directory browser with ColdFusion

coldfusion Most web servers have directory browsing disabled, but sometimes you want it to work for certain directories. Most web servers also allow you to setup specific settings for your directories for instance you could do it with an .htaccess file on Apache.

This entry was:

RDS Security Problems?

coldfusion Erki Esken posted a comment on Ben Forta's blog asking if the source to the RDS plugin for Eclipse would be released. Forta's response was:

"But, my gut feel is that it would not be a good idea to fully expose the source for RDS as that may create potential security problems.

This entry was:

Cheat Sheet Roundup - Over 30 Cheatsheets for developers

apple coldfusion databases java linux web Lets face it, unless you have a photographic memory, no developer can remember all the different functions, options, tags, etc. that exist. Documentation can be cumbersome at times, thats why I like cheat sheets.

This entry was:


books coldfusion CodeFetch is a clever little app that searches published books for code samples matching your search. So if you search for cfmail you will get code samples from several books on ColdFusion. You can then of course buy the books through amazon.

This entry was:

ColdFusion Jobs

coldfusion The indeed job search engine has a pretty cool feature that you can add to your site, called job rolls. So for instance if you have a coldfusion site, and want to list coldfusion jobs then, you can paste in a job roll for coldfusion jobs:

Jobs from Indeed

This entry was:

Dynamic Java Class Loading with ColdFusion

coldfusion java Doug Hughes has posted a very clever technique for allowing you to run Java classes without adding them to your classpath. This means that people who build ColdFusion apps that include java classes can make them super easy to install.

This entry was:

40% use RDS

coldfusion I am retiring my poll Do you use RDS? after 129 responses, 51 people said Yes (about 40%), and 78 people said no (about 60%).

New poll coming up.

This entry was:

Critics skeptical of Fusion in a Jar

coldfusion An EE Times Article about two Purdue researchers attempting to create Cold Fusion:

But hard-headed physicists have grown wary of "fusion in a jar" experiments.

Don't they know that Macromedia has already done this? cfusion.

This entry was:

CF on Rails

coldfusion web I have noticed two CFML developers have made the switch to Ruby On Rails (a Rapid Web Application Development Framework for the Ruby programming language).

This entry was:

New Poll: Do you use RDS?

coldfusion I have added a new blog poll titled Do You Use RDS? I'm just curious how many people use it. There are lots of reasons not to use it, but I think its still pretty popular.

Here's why some people might use it:

Easy way to edit files on a remote server.

This entry was:

The client variables debacle

coldfusion Nathan Strutz recently said that client variables are no good to use. From reading his entire post, he isn't saying that the concept is flawed, just the current implementation. He even suggests how they may could be improved.

This entry was:

Macromedia Example Applications

coldfusion web Looking for example applications built with Macromedia products? I found this list of Macromedia sample applications

in the del.icio.us side bar on cfmx.org.

There are Flex, Flash, ColdFusion, and Dreamweaver example apps there.

This entry was:


coldfusion I have owned the domain cfmx.org for a while now, and I have had a lot of ideas for what I can do with it. But I wanted to start using it, so I whipped up a ColdFusion only aggregator portal a few weeks ago.

This entry was:

Installing multiple versions of CFMX on JRun

coldfusion I like to setup my development machine with different versions ColdFusion, but all with the same web root. I setup a server for each instance, so I can use the same url on different ports (eg CFMX 6 on port 8600, CFMX 7 on port 8700, etc).

This entry was:

Parsing RSS 1.0 with ColdFusion MX

coldfusion Well thanks to Sean Corfield I understand why I was having issues with namespaces when trying to parse RSS 1.0 with XPath.

If you have a document with namespaces such as RSS 1.

This entry was:

RSS and XPath

coldfusion I came across a handy reference article on xml.com today that gives XPath queries for RSS and Atom feeds. Just last week I was attempting to parse a RSS 1.0 feed in CFMX using the XMLSearch function. I'm running into problems however due to the name spaces in RSS 1.

This entry was:

Using Java Web Services with CFMX

coldfusion java JWS files are nothing more than a Java class with a .jws extension. But when placed on a web server with Axis installed (such as ColdFusion MX), you can expose that class as a web service. This works just like CFC's do in ColdFusion. Here's an example JWS we will call CaseService.

This entry was:

Regular Expressions with ColdFusion - a Howto Guide

coldfusion Regular Expressions are a powerful tool for both developers and computer users alike. Regular Expressions were originally developed on Unix systems and used in programs like Perl, sed, and grep.

This entry was:

Batch Files to Restart Services on Windows

coldfusion I wrote some batch files today for restarting services on windows. The bat files can be used to restart ColdFusion MX or IIS services on Windows NT/2000/XP.

Batch File to restart ColdFusion MX

@echo off

REM - File: cfmxrestart.

This entry was:

CFC's - private works like protected

coldfusion I noticed yesterday that when you use access="private" in a CFC function, inherited CFC's also have access to this function.

In object oriented languages such as Java, C++, or C# this type of access is known as "protected" access.

This entry was: