newschuyl

ImageCrop: The rectangular crop area must not be outside the image

Fri, 13 Aug 2010 11:28:00-0400

Today I was resizing and cropping some images with ColdFusion when I ran into the following issue. After resizing the image using ImageScaleToFit(), ImageCrop() would throw an error stating that "The rectangular crop area must not be outside the image." I was able to confirm that the crop area was not outside of the image, so I was a little perplexed. Then I found the following listed as a known JAI bug: [More]

WebSockets with ColdFusion

Wed, 28 Jul 2010 21:47:00-0400

Today I released a ColdFusion WebSocket Gateway on RIAForge and Github. The name pretty much says it all. It is a event gateway for messaging between ColdFusion and conforming clients via the WebSocket protocol. The gateway is based on Nathan Rajlich's Java-WebSocket server implementation, which I updated to support both WebSocket draft 75 and draft 76 clients. For more info on how to install and use this gateway see the Github wiki page. [More]

OpenID4CF Updated To Fix Potential Security Issue

Sun, 18 Jul 2010 13:36:00-0400

Last week I gave a 30 minute introduction to OpenID at our monthly developer tech talk lunch. Soon after the talk my co-worker Tim Allen sent me this article on a recently discovered security vulnerability in most open source OpenID implementations. I was particularly interested because I maintain OpenID4CF, which is based on the OpenID4Java library. So I did a little more research into the issue and asked about it on the OpenID4Java mailing list. As it turns out OpenID4Java is potentially vulnerable to this attack, but a user on the list was able to give some advice on how to patch the library based on a fix committed to JOpenID. Now I don't really know how exploitable this vulnerability is, but given how simple the fix was I went ahead and patched the fork of OpenID4Java I package for OpenID4CF and posted it to RIAForge. Hopefully OpenID4Java will be patched shortly, but in the meantime you can use the version I include with OpenID4CF if you want to protect against this potential vulnerability.

Listening for CFTREE data loaded events

Fri, 28 May 2010 08:50:00-0400

Last week Ray Camden asked if it was possible to listen for data loaded events with CFTREE. I had done some work with CFTREE in the past and I knew something like this should be possible. After some quick investigation I put together a quick and dirty example to show how you could be notified when new nodes are loaded for a tree. [More]

Adobe ColdFusion Anthology

Fri, 30 Apr 2010 12:12:00-0400

Just a quick post to let people know that the Adobe ColdFusion Anthology was released today by Apress. The book has tons of excellent content from the Fusion Authority Quarterly Update, including my article "Web Services and Complex Types."

OpenID And ColdFusion

Fri, 16 Apr 2010 12:46:00-0400

Recently I wanted to investigate building an OpenID identity provider in ColdFusion. While there are a few OpenID consumer libraries out there, I didn't really find any ColdFusion implementations for an OpenID server. Plus, given that OpenID is an authentication protocol there are heightened security considerations, so I wanted something that was well tested and widely used. This lead me to the OpenID4Java project. Looking at the documentation and source for the project there appeared to be pretty straight forward implementations for both an OpenID provider and consumer via the ServerManager and ConsumerManager classes so I began to port the sample JSP applications over to ColdFusion. That is were my problems began. [More]

CF No Debug 1.3

Thu, 04 Mar 2010 15:50:00-0400

The CF No Debug Firefox extension has been updated to work with Firefox 3.6. You can get the latest from RIAForge.

AMF Explorer 0.6

Mon, 01 Mar 2010 21:34:00-0400

This evening I released AMF Explorer 0.6. This version adds a custom binary cache that should fix issues some users were seeing with AMF response deserialization. I'm still waiting for AMO public approval, so if you are using AMF Explorer you will need to manually update the add-on from the AMO site. Please be sure to report any issues to the AMF Explorer bug tracker at RIAForge. Thanks.

AMF Explorer 0.5

Tue, 23 Feb 2010 12:52:00-0400

I've released a few updates to AMF Explorer over the last week or so. Improvements include support for small messages, better formatting, and better error messages. You can get the latest from the AMO site. Unfortunately automatic updates are not enabled because AMF Explorer has yet to go public. If you are using AMF Explorer please consider taking the time to register and review the add-on on the AMO site as this will help with the AMO review process. Once the add-on is public it will be easier to find and install as it will not be marked as experimental and automatic updates will be enabled. Thanks!

Vote Now

Thu, 18 Feb 2010 20:35:00-0400

If you use, or would like to use, Firebug or ColdFire please consider voting for my CFUnited topic: Debugging ColdFusion Web Applications With Firebug and ColdFire. Using practical debugging examples, the presentation covers many of the core features Firebug and ColdFire. I also try hit some of the lesser know features for those more experienced with these Firefox add-ons.

Announcing AMF Explorer

Wed, 17 Feb 2010 11:30:00-0400

Back in late 2008 the nsITraceableChannel interface was added to the Mozilla browser allowing extension developers to intercept incoming HTTP responses. At that time I pondered the possibility of adding AMF support to Firebug, however life got in the way and I never really had time to fully explore what it would take to do this. That is until now. Today I'm happy to announce that I'm finally releasing AMF Explorer. [More]

CF Debug Copy for Firefox Update

Wed, 27 Jan 2010 21:40:00-0400

Just a quick post to let people know my CF Debug Copy for Firefox extension has been updated to work with Firefox 3.6. You can download the latest from RIAForge.

New ColdFire 1.5 Beta

Mon, 25 Jan 2010 21:42:00-0400

I've posted a new ColdFire beta to RIAForge which works with recently released Firefox 3.6 and Firebug 1.5. I'm labeling this a beta because I discovered a ColdFusion 9 compatibility issue in my testing for this release. It appears ColdFusion's built in AJAX libraries have been updated slightly so the "Enable CFAJAX Debugging" feature does not currently work with CF 9. I'll work on updating this feature in the next couple of weeks. (Unfortunately the AJAX libraries shipped with CF are minimized and obfuscated so working with them is not as easy as it could be.) Because of the beta status of this release I've included both the ColdFire 1.4 and ColdFire 1.5 releases in the current RIAForge download. As always, if you have any issues please report them on the RIAForge project site.

Interesting IE 302 Redirection Issue

Fri, 15 Jan 2010 10:51:00-0400

Yesterday I helped a coworker track down an interesting issue with 302 URL redirection in IE that I thought I'd share. Here is a brief run down of what my co-worker was observing:

Users would log into a courseware application, setting a single sign-on cookie. For the purposes of this description lets say the URLwas https://sitea.domain.com.
Users would then link out to a related application covered by the single sign-on. Lets say the URL for this related application was https://siteb.domain.com/appa.
When users clicked the link in Internet Explorer, instead of being logged in to the related application users were being redirected back to a non existent page in the courseware application, https://sitea.domain.com/appa/index.cfm.

What was interesting about this was that everything worked fine in Firefox, only IE seemed to be having this problem. Realizing the issue probably had something to do with the handling of the SSO in the linked-to application I fired up a proxy (ServiceCapture in this case) to watch the login process. Here is what I saw:

When users clicked the "link" in the courseware application they were actually being forwarded to the target application via a 302 HTTP header: HTTP/1.1 302 Found Location: https://siteb.domain.com/appa/
That redirection was immediately followed by another 302 redirection: HTTP/1.1 302 Found Location: /appa/index.cfm

Looking at the code of the linked-to application I could see that after logging in, which happens automatically on the first visit if the user has the appropriate SSO cookie, the application redirected users back to the home page using a relative URL. The issue was that IE was was calculating this relative URL using the base URL of the original request, https://sitea.domain.com in this example, and not taking into consideration the intermediate redirection to https://siteb.domain.com/appa. Firefox seemed to do a "better" of job of keeping track of which base URL to use for calculating relative URLs. I say "better" because Firefox's behavior seems to make more sense to me. So there you have it, another reason to love IE.

CFBuilder DocShare Support

Mon, 07 Dec 2009 21:40:00-0400

A few weeks ago Terry Ryan released his Instant Code Review ColdFusion Builder Extension. I realize that the point of the extension was to get people to think of creative uses of CF Builder extensions, but I couldn't help but think that there are much better ways of collaborating using the Eclipse platform, specifically the Eclipse Communication Framework (ECF) DocShare plug-in. Unfortunately ColdFusion Builder's CFML Editor doesn't support the plug-in out of the box. Fortunately the DocShare plug-in developers did the Eclipse thing and made it easy to extend the plug-in to support other editors. So I put together an Eclipse plug-in that adds DocShare support to the CFBuilder CFML editor. You can check out the CFBuilder DocShare Support plug-in at RIAForge. A few notes about the plug-in. First, you will need to install ECF, including the DocShare plugin. For update URLs for your version of Eclipse see the ECF site. Second, my plug-in just enables the "Share This Editor With..." context menu item in the CF Builder CFML editor, the actual editor sharing is implemented via the ECF DocShare plug-in. For more info on the DocShare plug-in and its use see the DocShare Plugin site. Finally, I've had I've had hit and miss luck with the DocShare plugin, so be sure you have a backup of the file you plan to work on in shared editor. Enjoy!