What I've been thinking about

I've been thinking a lot lately about Blue River Interactive's Mura Content Managent System (hence forth referred to as Mura CMS or just Mura), probably because I have been working a lot with it lately. I am in the process of converting a large, mostly static, web site to Mura, and I have been amazed by its power, versatility and ease-of-use. I have been especially pleased with how easy it is for me to make plugins for it.

While thinking about Mura, I have realized something important. Mura CMS is an incredible products with the potential to change the way that ColdFusion and CFML are viewed. And this needs to be recognized. It also has the potential to become a very popular, open source product used outside of the ColdFusion/CFML community.

[More]

Last week our benevolent dictator of the cf.O() Content Advisory Board (CAB) announced that the Call for Speakers and Topic Suggestion application is now open and ready for our submissions. I know I have started adding my suggestions already and have started voting as well. You should too.

As a member of the CAB I can tell you that this application was a HUGE part of the success that cf.O(0 saw last year in brining the attendees a fantastic line-up of sessions. It makes the planning process SOOOOOOOO smooth. Please, take the time to vote. You, the attendees of the conference, are the audience. We care about what you want to see. So if you want to have a hand in planning this stellar event, then get going.

From Bob's Blog:

The Topic Suggestion Survey and the Call for Speakers for next year's cf.Objective() are both now officially open. For more details please check out the announcement at the cf.Objective() site, or if you're keen to get started, visit the Engage app right now to suggest and vote on topics or to propose to speak.

I have been learning a lot about Mura the last couple of weeks while building my first Mura plugin, but I have also had a lot of frustration because some things work differently when you are developing for a front-end page vs. a back-end (admin) page.

In the Mura Developer Documentation it states:

The Event scope simply wraps the current request's event object which contains merged data from both the CFML FORM and URL scopes.

If then goes on to say that the following code should return values from those scopes.

So if I have a URL variable like ?test=123, then this code should return the value '123':

This seems to work fine on pages I create for Mura display objects for the front end of the website, but for pages in the admin area of the site, this method only produces [empty string].

[More]

Hey, in case you didn't notice, the call for speakers for the super-awesome-fantastic-amazing cf.Objective() conference is now open.

you can submit your proposals here:

http://engage.cfobjective.com/

Even if you don't submit a proposal, you should definitely come to cf.Objective(). It is best ColdFusion conference there is. And remember that cf.Objective isn't JUST for advanced/enterprise developers. cf.Objective() is also about becoming an advanced/enterprise developer. So even if you feel like cf.Objective() might be over your head, if you're an experienced developer who wants to take the next step in your learning, cf.Objective() is the place for you!

So get on it!

Last week I ran a contest for Veterans' Day to try to honor those men and women that defend the U.S. and keep it strong.

[More]

It's been a while since I gave something away. I like to give things away, it makes me feel like I am doing something good for our community and, hopefully, for the receiving person. Today, I also want to do something for our veterans.

To start, I would like to give away a copy of ColdFusion Builder 1.0 (Preferably to someone who does not have it already).

I think ColdFusion Builder is a fantastic product. I use it every day and I love it. I use it at work, I use it at home. I recommend it to everyone. For this giveaway, I'd like to know, briefly, what excites you about ColdFusion Builder. Leave me a comment that tells me one or more of the following:

[More]

Sorry for the wait. I was delayed getting back from MAX due to weather.

I just got back from Los Angeles and I really had a great time. I was honored to have been asked to speak on Securing ColdFusion Applications, and I think the presentation went very well.

The recordings are up on Adobe TV already (Awesome). You'll find my recording here: http://tv.adobe.com/watch/max-2010-develop/securing-coldfusion-applications/

[More]

I've been setting up our super-awesome new server this week and last night I ran into an issue that I thought I should blog about.

This is a Windows Server 2008 R2 64-bit machine with 8GB RAM and I am installing ColdFusion 9 running on Tomcat 6. And, as with everything Tomcat related, it was a pain in the ass and the documentation sucked.

To add Tomcat as a Windows service is pretty easy.

You just run:

For those that don't understand the notation above, CATALINA_HOME is the directory where Tomcat is. So in my case, we are going to N:\tomcat\bin and running service.bat.

This sets up Tomcat as a service, but by default it only gives it some tiny bit of memory to work with (256m or something, like it's 2002 again). So, of course, the moment I deployed a second instance of ColdFusion 9 on this container, I started getting "java.lang.OutOfMemoryError: PermGen space" errors.

[More]

So now that the hacker has discovered an XSS vulnerability in your site, what can he do with it? A JavaScript alert('XSS') seems pretty harmless, doesn't it?

Once a malicious user has discovered an XSS vulnerability in your web application, the sky is really the limit. The potential damage also goes beyond the scope of just your site and your users.

Here are a few examples of nefariousness that could be perpetrated via XSS in a website. A hacker could:

• use the credibility of your site to run a phishing scheme
• steal your users' passwords
• hijack your users' sessions
• try to launch an attack against the site administrator (you)
• redirect your users to another site (gambling, porn, Google, affiliate link, whatever)
• display inappropriate or mis-informative messages to your users
• Or anything else that could be done with client-side executable code

How would they do those things? It's actually quite simple.

[More]

Wow. Things have been busy and I have been neglecting my blog. I feel bad about that. My blog is so important to me, and things have been keeping me away.

I am a teacher at heart. I love to teach. That is why I blog, that is why I present at conferences, and that is why I am going to grad school. So the fact that I have been unable to blog for a while upsets me greatly. But I want to tell you a little bit about why. This is not about making excuses. This is about what is keeping me busy and what I am learning about. It will also motivate me to blog about these things, and that's the important part.

[More]