Here is an Application.cfc which implements HTTP Basic Authentication:

[More]

Over the weekend I put CF Debug Copy for IE up on RIAForge. I hadn't posted this to RIAForge before because I had plans to investigate building the windows installer using WiX so that I could post the source along with the final .msi. Since it has been well over a year and I haven't got around to this I figured I might as well post the installer I built using Visual Studio.

CF Debug Copy for IE does the same thing as CF Debug Copy for Firefox, except it does it for IE. If you want more details check out this post or the RIAForge site.

I've updated my CF Debug Copy for Firefox extension to work with Firefox 3.0.x. You can get the latest version from RIAForge. If you want to know more about the extension check out this post or the RIAForge site.

I've run into a couple of ColdFusion quirks over the past few days that I thought I'd share. (I should note that these were observed on Adobe CF 8.)

SerializeJSON and Boolean Strings

If you try to serialize the strings "Yes","No","True" or "False" using SerializeJSON, ColdFusion will convert these strings to boolean values. (i.e. "Yes" becomes true, "False" becomes false). This is because ColdFusion is weakly typed and uses some pretty liberal implicit conversion rules when it comes to boolean evaluation. I see this as an issue for the purposes of searializing and deserializing JSON for two reasons. First, there is the potential to lose data. If you serialize the string "Yes" and then deserialize the JSON that ColdFusion generates you are left with true, which is obviously a totally different value than what you started with. Second, it is not really consistent behavior because SerialzeJSON does not convert 1 or 0 (also ColdFusion booleans) to the boolean values true and false. I think the better approach here would be to serialize all strings as strings and only serialize "real" boolean values as booleans.

IsXML()

The other inconsistency I ran into was with IsXML. If you pass something other than a string to IsXML the function throws an error. This is different than the documented behavior which states:

Returns

True, if the function parameter is a string that contains well-formed XML text; False, otherwise.

This is also different than the other CFML decision functions which simply return false if passed a function parameter they can't handle. (See IsXmlAttribute for example.)

I think the IsXML issue could definitely be consider a bug, and while the SerializeJSON issue is a little fuzzy, I've gone ahead and reported both as bugs.

The new beta for Firebug was released over the weekend so I'm happy to say I'm releasing ColdFire 1.2 into the wild. Head over to the RIA Forge site to check it out.

[More]

Last week I attended a web application security workshop presented by the SANS Institute. While a majority of the content was a review for me, I did learn about one type of attack I was not familiar with, the Cross Site Request Forgery (CSRF) attack. This type of attack, also known as session riding, has been around for awhile and is really pretty simple.

[More]

Earlier in the week I blogged about the latest release of ColdFire and briefly mentioned the new request queue feature. I wanted to follow up with some details about this new feature, however in thinking about this blog post I realized that a more correct name would be the response queue, as the queue lists responses from the server which have ColdFire data. So, nevermind what it is called, what can it do?

[More]

I just put the next release of ColdFire up on the RIAForge site.

[More]

I just uploaded the first ColdFire 1.1 release to RIAForge! This is my first release as the new project manager for ColdFire, so I'm pretty excited.

[More]

Ray has just released ColdFire 1.004. This version doesn't really offer much in the way of new CF debugging features, but it does lay the groundwork for a new version which will work with Firefox 3. So what's changed?

[More]