It occurred to me this morning that ScriptProtect can be a handy feature for globally catching a few forms of SQL Injection Attacks

WARNING - just like its inability to protect against all forms of XSS attacks this solution DOES NOT protect you from all SQL Injection attacks.

ColdFusion MX 7 has a new feature that lets you "lets you protect one or more variable scopes from cross site scripting (XSS) attacks". It can be turned on in the cfapplication tag using the scriptProtect attribute, or in the ColdFusion Administrator as a global setting.

I was just looking at the Linux system requirements for ColdFusion MX 7. For supported linux operating systems, it lists:

Red Hat Enterprise Linux AS & ES 2.1 or 3.0

SuSE Linux Enterprise Server 8.x

TurboLinux 8 Server (Japanese only)

In 6.

One thing I just realized today - that is a bummer, is that the new types supported by cfparam, and IsValid (eg integer, email, zipcode) in ColdFusion 7 are not supported by the returntype attribute in CFFUNCTION, and not supported in the type attribute of CFARGUMENT. Whats up with that?

After a long break in my series of the little enhancements in ColdFusion MX 7 (CFMX 7 Little Things), I am back today with another article, this time with the Hash function.

In versions of ColdFusion prior to 7, the Hash function used the MD5 algorithm to generate hash values.

Ben Forta's ColdFusion MX 7 books are now available for pre-order from Amazon.

Macromedia has just released a technote entitled: Strong Encryption in ColdFusion MX 7. It has lots of information useful to anyone planning to work with these features. In addition I noticed mention of two undocumented arguments in the Encrypt() and Decrypt() functions.

I am digging the new cftimer tag in ColdFusion MX 7.

In previous versions when you want to time how long something takes, you would do something like this:

<cfset tick = GetTickCount()>

run your code here...

I know I have written recursive custom tags, and functions (more than once) to solve this problem in the past, but now you can just add a simple recurse="true" to your cfdirectory tags in ColdFusion MX 7.0

<cfdirectory action="list" directory="#ExpandPath(".

ColdFusion MX 7 added a new function called IsValid. The IsValid function performs data validation just like the CFPARAM tag, and supports all the new data types in cfparam (see my previous post) as well.

ColdFusion MX 7 adds strong encryption support to the Encrypt and Decrypt functions. In addition to the legacy algorithm used in Encrypt, and Decrypt - ColdFusion MX 7 now makes it incredibly easy to use AES, Blowfish, DES, and Triple DES encryption.

ColdFusion MX 7 is packed with lots of little new features, that are, well killer! I am starting a series on my blog called Little Things that Kill that will expose some of these killer new features and subtle improvements. And yes, the name is inspired by Bush (the band).

If your installing CFMX 7 on Mac OS X and getting hung up on "Starting Graphing..." then you need to add a property to your JVM Arguments. Add -Djava.awt.headless=true in your JMC Server - Settings - JVM Settings - VM Arguments.

I have added support for new functions and tags in ColdFusion MX 7.0 to the cfdocs.org site, as well as multiple version support. So now if you want cfdocs.