Web socket security issue: risk assessment & findings
G'day:Yesterday I engaged in some unrepentant shock tactics, writing an article entitled "Security warning: stop using ColdFusion web sockets right now". This warning arose from my initial...
View ArticleColdFusion vs Query of Query: Dead Dates
G'day:Oh, it just gets better.ColdFusion (and, to be fair, Railo too) mess up dates when (de)serialising JSON too. This is on CF9.0.1 and Railo 4.1.Code:<cfscript>dates = queryNew("");...
View ArticleQuestion for y'all re ColdFusion interfaces
G'day:I can't work out what my opinion is on this.Have a look at this code:// IAdditionalOptional.cfcinterface { public numeric function f(required numeric x);}// AdditionalOptional.cfccomponent...
View ArticleWeb sockets security issue: status update
G'day:Just a quick one. There's been some feedback from Adobe regarding this web sockets security issue. As a comment against that article, Awdhesh says:We are working on it and the fix will be...
View ArticleClik here to view.
Adobe ColdFusion bug tracker: sigh
G'day:Â (Warning: this is just a frustrated grumble, and has little merit beyond allowing me to stomp my foot like a petulant school child). As mentioned in my previous article, "I've raised four bugs,...
View ArticleSerialisation woes resolved: "screw JSON"
G'day:(third one today... the other two were only wee ones, so hardly count).Right, so you might've read me wittering on about "ColdFusion vs JSON. How to make a developer cry". I needed to serialise...
View ArticleThere's always another bug...
G'day:Whilst playing with objectSave() and objectLoad() yesterday, I came across yet another bug in ColdFusion. It really does seem sometimes that if one attempts to do anything other than the...
View ArticleExample of serialising data using objectSave() and objectLoad()
G'day:Bloody hell: fifth one today. And I've got a sixth one to come (another bloody stupid ColdFusion bug... stay tuned...).My previous article described the mooted solution to our serialisation...
View ArticleDaft bug with objectSave() and XML
G'day:Ever have one of those days in which you spend most of your time fighting with ColdFusion, rather than getting your work done? Well if so, you're familiar with the last week of my life. And it...
View ArticleOfficial confirmation: Adobe is on the case regarding ColdFusion 10's web...
G'day:SSIA, really. But you know me: I can pad 14 words of information out to take 1400 words to say...This is in reference to the security holes that were discovered in ColdFusion 10's web sockets...
View ArticleReserved words? Or not? Make up yer mind
G'day:What a busy CFML day today (ed: it's now the following day... I didn't get this finished last night) has been. And it seems it just keeps on giving. Here's a quirky one that has bitten me on the...
View ArticleClik here to view.
Threads add weird methods into CFCs
G'day:This is a weird one. And not terribly interesting, but a blog is supposed to be a log of what I'm doing, and this is what I'm currently looking at.Here's some code:component { public void...
View ArticleRepro case for "contains" pseudo-reserved-word interfering with Mockbox
G'day:This is mostly for Brad Wood, but it might be of passable interest to others, so I'll plonk it here.Yesterday's article discussed how contains is kind of a reserved word, but kind of not in...
View ArticleResponse to comment (since redacted, it would seem) posted on the Adobe...
G'day:I headed over to the Adobe ColdFusion Blog where there's an article on these security holes in ColdFusion (via web sockets) to reply to an update Awdhesh made yesterday. But the comment is gone....
View ArticleRight... so JSON is being a pain in the arse again
G'day:You might have seen my Twitter status update earlier today, which went kinda like this:#ColdFusion.... JSON... AGAIN... AAAAAAAAAAAARRRRRRRRRRRRRGGGGGGGGGGGHHHHHHHH!!!!!!!The degree to which...
View ArticleJSON: just to confirm my expectations aren't off
G'day:I'm half-way across the Irish Sea at the moment (oh, now that I look out the window, I've actually just making landfall over Ireland), and sitting in a very cramped seat trying to write code on...
View ArticleREST requests don't seem to correctly use Application.cfc either
G'day:The emphasis in the title is an allusion to web socket requests also not respecting them. God knows what this article will read like. I headed to the pub to catch the last quarter of the Aussie v...
View ArticleQuick note: CFLib now accepting ColdFusion-10-specific UDFs
G'day:This should possibly have happened a while back, but I suspect no-one's mentioned it until recently, so nothing was done about it.When one submits a UDF to CFLib, one needs to specify which...
View ArticleEsoteric bug in argumentCollection handling
G'day:Here's some more shoddiness / stupidity in ColdFusion. And it's nothing to do with JSON or web sockets for a change.Consider this code:function firstFunction(){ writeDump(var=arguments,...
View ArticleWeird issue with Mockbox and interfaces
G'day:This is not gonna be a very well-realised article, as it's posing a question that I've not really been able to flesh out yet.We use MXUnit and Mockbox for our unit testing. One of our tests -...
View Article