WebSockets with ColdFusion

Today I released a ColdFusion WebSocket Gateway on RIAForge and Github. The name pretty much says it all. It is a event gateway for messaging between ColdFusion and conforming clients via the WebSocket protocol. The gateway is based on Nathan Rajlich's Java-WebSocket server implementation, which I updated to support both WebSocket draft 75 and draft 76 clients. For more info on how to install and use this gateway see the Github wiki page.


OpenID4CF Updated To Fix Potential Security Issue

Last week I gave a 30 minute introduction to OpenID at our monthly developer tech talk lunch. Soon after the talk my co-worker Tim Allen sent me this article on a recently discovered security vulnerability in most open source OpenID implementations.

I was particularly interested because I maintain OpenID4CF, which is based on the OpenID4Java library. So I did a little more research into the issue and asked about it on the OpenID4Java mailing list. As it turns out OpenID4Java is potentially vulnerable to this attack, but a user on the list was able to give some advice on how to patch the library based on a fix committed to JOpenID.

Now I don't really know how exploitable this vulnerability is, but given how simple the fix was I went ahead and patched the fork of OpenID4Java I package for OpenID4CF and posted it to RIAForge. Hopefully OpenID4Java will be patched shortly, but in the meantime you can use the version I include with OpenID4CF if you want to protect against this potential vulnerability.

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.