Speaking at the ColdFusion Unconference

Just a quick post to announce that I'll be speaking about "Debugging ColdFusion Web Applications using Firebug and ColdFire" at the ColdFusion Unconference. If you're going to MAX this year and want to find out more about what Firebug and ColdFire can do for you, come check out my session.


I just posted ColdFire to RIAForge which fixes a couple of recently discovered bugs. For details check out the ColdFire site.

Cell Style Caching Issue With POIUtility

I've been using Ben Nadel's POIUtilty for a while now. I really like the custom tag library he has built for building Excel spreadsheets, particularly the way he has abstracted the POI cell formatting options out to CSS. Last week however, I ran into a strange issue while running the latest release on CFMX 7. Cell styles were not being properly applied and it seemed to be related to the CSS style caching functionality. What was even more strange was that the code ran fine on CF 8. Below are samples of the correctly styled spreadsheet genrated by CF 8 and the incorrectly formatted spreadsheet generated by CF 7.


ColdFire Update Released

I just released a new version of ColdFire over on the RIAForge site. This version is an update to both the Firefox extension and the coldfire.cfm ColdFusion debugging template. Below are the highlights for this release:


Basic Authentication With ColdFusion

Here is an Application.cfc which implements HTTP Basic Authentication:


CF Debug Copy for IE on RIAForge

Over the weekend I put CF Debug Copy for IE up on RIAForge. I hadn't posted this to RIAForge before because I had plans to investigate building the windows installer using WiX so that I could post the source along with the final .msi. Since it has been well over a year and I haven't got around to this I figured I might as well post the installer I built using Visual Studio.

CF Debug Copy for IE does the same thing as CF Debug Copy for Firefox, except it does it for IE. If you want more details check out this post or the RIAForge site.

CF Debug Copy for Firefox Update

I've updated my CF Debug Copy for Firefox extension to work with Firefox 3.0.x. You can get the latest version from RIAForge. If you want to know more about the extension check out this post or the RIAForge site.

Adobe ColdFusion Inconsistencies

I've run into a couple of ColdFusion quirks over the past few days that I thought I'd share. (I should note that these were observed on Adobe CF 8.)

SerializeJSON and Boolean Strings

If you try to serialize the strings "Yes","No","True" or "False" using SerializeJSON, ColdFusion will convert these strings to boolean values. (i.e. "Yes" becomes true, "False" becomes false). This is because ColdFusion is weakly typed and uses some pretty liberal implicit conversion rules when it comes to boolean evaluation. I see this as an issue for the purposes of searializing and deserializing JSON for two reasons. First, there is the potential to lose data. If you serialize the string "Yes" and then deserialize the JSON that ColdFusion generates you are left with true, which is obviously a totally different value than what you started with. Second, it is not really consistent behavior because SerialzeJSON does not convert 1 or 0 (also ColdFusion booleans) to the boolean values true and false. I think the better approach here would be to serialize all strings as strings and only serialize "real" boolean values as booleans.


The other inconsistency I ran into was with IsXML. If you pass something other than a string to IsXML the function throws an error. This is different than the documented behavior which states:


True, if the function parameter is a string that contains well-formed XML text; False, otherwise.

This is also different than the other CFML decision functions which simply return false if passed a function parameter they can't handle. (See IsXmlAttribute for example.)

I think the IsXML issue could definitely be consider a bug, and while the SerializeJSON issue is a little fuzzy, I've gone ahead and reported both as bugs.

ColdFire 1.2 Released

The new beta for Firebug was released over the weekend so I'm happy to say I'm releasing ColdFire 1.2 into the wild. Head over to the RIA Forge site to check it out.


Cross Site Request Forgery

Last week I attended a web application security workshop presented by the SANS Institute. While a majority of the content was a review for me, I did learn about one type of attack I was not familiar with, the Cross Site Request Forgery (CSRF) attack. This type of attack, also known as session riding, has been around for awhile and is really pretty simple.


More Entries

BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.