ColdFusion Software Development Company ColdFusion Software Development Company

Archive for the ‘ColdFusion’ Category

Using Custom Tags for Migration from Older Versions to ColdFusion 2023

When working on migration projects to ColdFusion 2023, one of the most common updates is to bulk replace instances of ‘cf_sql_int’ with ‘cf_sql_integer’. In some projects, data validation for variables may have been overlooked, such as using float data or commas in numeric values.

To address these issues comprehensively, we can employ custom tags like ‘cf_query’ and ‘cf_queryparam’ to handle required conversions and data validation. An excellent reference for this approach is Adam Cameron’s 2012 article on ‘Custom tags: nesting’: https://blog.adamcameron.me/2012/11/custom-tags-nesting.html

Below is a code snippet inspired by Cameron’s work, specifically focusing on modifying the ‘cf_queryparam’ custom tags:

<cfscript>

// if we’re here, we’ve got a legit queryparam tag

if (thisTag.executionMode == “START”){

    include “helpers.cfm”;    // this just abstracts out some mocked functionality to keep this file to-the-point

    validateParam(attributes);    // (UDF) will raise an exception if everything ain’t legit for this param

    // the query tag will have worked out which DB we’re dealing with, so get a DB-specific object to help “translate” the param from CF-speak to JDBC-speak

    dbConnector = getBaseTagData(“cf_query”).dbConnector;

    jdbcParam = dbConnector.createJdbcParam(attributes);    // (UDF)

    // CFASSOCIATE is not as granular as it could be, so get rid of ALL the attributes and just pop back in the one we actually want to give back to the calling code

    attributes = jdbcParam;          

                if (attributes.CFSQLTYPE == “CF_SQL_INT”){

                                attributes.CFSQLTYPE = “CF_SQL_INTEGER”;

                }

                if (attributes.CFSQLTYPE == “CF_SQL_INTEGER”){

                                attributes.VALUE = int(ReReplaceNoCase(attributes.VALUE,”[^0-9.]”,””,”ALL”));

                }

    cfassociate(basetag=”cf_query”, datacollection=”queryparams”);    // (UDF)

    // put in a parameter placeholder in place of the tag

    writeOutput(“?”);

}

// there is no closing tag, so no “ELSE”

</cfscript>

We use this code to update deprecated ‘queryparm’ value:

                if (attributes.CFSQLTYPE == “CF_SQL_INT”){

                                attributes.CFSQLTYPE = “CF_SQL_INTEGER”;

                }

This is for data manipulation/validation:

                if (attributes.CFSQLTYPE == “CF_SQL_INTEGER”){

                                attributes.VALUE = int(ReReplaceNoCase(attributes.VALUE,”[^0-9.]”,””,”ALL”));

                }

This solution can be extended to handle other data issues or conversions before executing database queries or even creating custom ‘queryparam’ types.

Dealing with Deprecated tags.

In my recent work on migrating older projects to ColdFusion 2023, I encountered the need to recreate the functionality of the deprecated CFMENU tag. Although I hadn’t used CFMENU before, adapting to the new environment prompted me to develop a solution using custom tags.I propose creating two custom tags to replicate the required functionality. Let’s refer to Adobe’s documentation for CFMENU as an example:  https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-m-o/cfmenu.html

We need to create 2 Custom tags:

Menu.cfm: <cfsetting enablecfoutputonly=”Yes”>

<cfoutput>

<cfif (THISTAG.ExecutionMode EQ “Start”)>

<style>

ul##nav, ul##nav ul.subnav {

    padding:0;     margin: 0; }

ul##nav li, ul##nav ul.subnav li {

    list-style-type: none;

    display: inline-block;

}

ul##nav li a, ul##nav li ul.subnav li a {

    text-decoration: none;

    color: ##000;

    background: <cfif isdefined(“Attributes.bgcolor”)>#Attributes.bgcolor#<cfelse>##ADD8E6</cfif>;

    padding: 5px;          

    display:inline-block;

    width: 150px;

  font: helvetica

   size:<cfif isdefined(“Attributes.fontSize”)>#Attributes.fontSize#<cfelse>14px</cfif> }

ul##nav li {

    position: relative;

    clear: both;

}

ul##nav li ul.subnav {

    display:none;

    position: absolute;

    left: 0;

    width: 150px;

    background: ##ADD8E6; } ul##nav li:hover ul.subnav {

    display:block;

}

ul##nav li a:hover {

    color: ##000; } ul##nav li ul.subnav a:hover {      color: ##000; }

</style>

                <ul id=”nav”>

</cfif>

<cfif (THISTAG.ExecutionMode EQ “End”)>

                </li></ul>

</cfif>

 </cfoutput>

<cfsetting enablecfoutputonly=”No”>

  Menuitem.cfm:

<cfsetting enablecfoutputonly=”Yes”><cfparam name = “Caller.oldstatus” default = “false”>

<cfoutput>

<cfif (THISTAG.ExecutionMode EQ “Start”)>

<cfif findnocase(‘CF_MENUITEM,CF_MENUITEM’,GetBaseTagList()) and not Caller.oldstatus>

<cfset Caller.status = true>

<cfset Caller.oldstatus = true>

<cfelse>

<cfset Caller.status = false>

</cfif>

</cfif>

<cfif (THISTAG.ExecutionMode EQ “Start”)>

<cfif Caller.status>

<ul class=”subnav”>

</cfif>

<cfif not Caller.status and not Caller.oldstatus></li></cfif><li><a href=”<cfif isdefined(“Attributes.href”)>#Attributes.href#<cfelse>##</cfif>”> #Attributes.display#</a>

</cfif>

 <cfif (THISTAG.ExecutionMode EQ “End”) and len(THISTAG.GeneratedContent)>

                </ul></li>

</cfif>

</cfoutput>

<cfsetting enablecfoutputonly=”No”>

I utilized the Caller scope to manage nested CF_MENUITEM custom tags. With these two custom tags, you can seamlessly replace CFMENU with CF_MENU and CFMENUITEM with CF_MENUITEM as per the Adobe documentation example. While I haven’t incorporated all possible attributes, it’s straightforward to add any additional ones you may require.

If you have questions or need further assistance with this, feel free to reach out to me. I’m here to help.

 

Dealing with reserved words after Migration to ColdFusion 2023.

Last time, most of my work involved migrating sites from pretty old versions of ColdFusion, mainly versions 9 or 10, to ColdFusion 2023. Despite the fact that the sites were created by different developers, the task was relatively straightforward. In most cases, we simply needed to correct ‘cfsql’ types in ‘cfqueryparam’. For instance, we could perform a bulk replace to change ‘cf_sql_int’ to ‘cf_sql_integer’.

The process becomes more complicated when dealing with issues related to reserved words, especially when they are related to the framework’s code. One of the projects utilized the ColdSpring framework, which employed the variable name ‘abstract.’

To address this issue, I made a few targeted corrections in two framework files: DefaultXmlBeanFactory.cfc and BeanDefinition.cfc

DefaultXmlBeanFactory.cfc and BeanDefinition.cfc

DefaultXmlBeanFactory.cfc

Change:

<cfset var abstract = false /> to <cfset var abstract_23 = false />

And

<!— look for abstract flag, and parent bean def —>

<cfif StructKeyExists(beanAttributes,’abstract’)>

                <cfset abstract = beanAttributes.abstract />

<cfelse>

                <cfset abstract = false />

</cfif>

To

<!— look for abstract flag, and parent bean def —>

<cfif StructKeyExists(beanAttributes,’abstract_23′)>

                <cfset abstract_23 = beanAttributes.abstract_23 />

<cfelse>

                <cfset abstract_23 = false />

</cfif>

And

<!— call function to create bean definition and add to store —>

<cfif not structKeyExists(beanAttributes, “factory-bean”)>

                <cfset createBeanDefinition(beanAttributes.id,

                class,

                beanChildren,

                isSingleton,

                false,

                lazyInit,

                initMethod,

                factoryBean,

                factoryMethod,

                autowire,

                factoryPostProcessor,

                beanPostProcessor,

                abstract,

                parent) />

<cfelse>

<cfset createBeanDefinition(beanAttributes.id,

                “”,

                beanChildren,

                isSingleton,

                false,

                lazyInit,

                initMethod,

                factoryBean,

                factoryMethod,

                autowire,

                false,

                false,

                abstract,

                parent) />

</cfif>

to

<!— call function to create bean definition and add to store —>

<cfif not structKeyExists(beanAttributes, “factory-bean”)>

<cfset createBeanDefinition(beanAttributes.id,

                class,

                beanChildren,

                isSingleton,

                false,

                lazyInit,

                initMethod,

                factoryBean,

                factoryMethod,

                autowire,

                factoryPostProcessor,

                beanPostProcessor,

                abstract_23,

                parent) />

<cfelse>

<cfset createBeanDefinition(beanAttributes.id,

                “”,

                beanChildren,

                isSingleton,

                false,

                lazyInit,

                initMethod,

                factoryBean,

                factoryMethod,

                autowire,

                false,

                false,

                abstract_23,

                parent) />

</cfif>

in loadBeanDefinitions functions.

BeanDefinition.cfc

Update functions:

<cffunction name=”isAbstract” access=”public” output=”false” returntype=”boolean”

                hint=”Returns the ‘abstract’ flag for the bean definition”>

                <cfreturn variables.instanceData.abstract_23 />

</cffunction>

<cffunction name=”setAbstract” access=”public” output=”false” returntype=”void” 

                hint=”I set the ‘abstract’ flag for the bean definition”>

                <cfargument name=”abstract_23″ type=”boolean” required=”true”/>

                <cfset variables.instanceData.abstract_23 = arguments.abstract_23 />

</cffunction>

Probably you will need to update some other files, but in my case, it was enough to resolve all errors. It is very important, to not update the functions’ names.

In any case it’s a good idea to follow the variable names conventions to avoid usage of current or future reserved names.

Troubleshooting Undelivered Emails After Migrating to ColdFusion 2023

Recently, during the migration of one of our sites to ColdFusion 2023, an unexpected error cropped up, causing around 30% of bulk emails to go undelivered. When attempting to resend these emails, a peculiar pattern emerged – the same percentage of undelivered emails persisted, but with different recipients.

In our ColdFusion server, we meticulously configured mail server settings. However, for our transactional emails, we leverage MailSender, which operates through its own SMTP server and can seamlessly integrate with the cfmail tag:

<cfmail from=”SENDER” to=”RECIPIENT” subject=”bulk transactional email”

server=”smtp.mailersend.net”

port=”587″

useTLS=”yes”

username=”username”

password=”password”

Email Body

</cfmail>

Interestingly, there were no issues when using the default SMTP server or when sending individual emails via MailerSend.

Yet, a perplexing error, “com.sun.mail.smtp.SMTPSendFailedException: [EOF],” surfaced when using MailSender for bulk emails.

A quick search led to suggestions recommending a ColdFusion reinstallation, which I wanted to avoid if possible.

Undeterred, I delved deeper into the issue, exploring potential solutions without resorting to a ColdFusion or Java update. Experimenting with the Mail settings in the ColdFusion admin panel, I discovered that unchecking the recommended ‘Maintain connection to mail server’ setting miraculously resolved the problem.

This experience underscores the importance of exploring various avenues when troubleshooting technical glitches, as solutions might emerge from unexpected quarters. If you’ve encountered a similar issue, give this adjustment a try before considering more drastic measures like a full reinstallation.

How to Restore DataSource credentials on ColdFusion 9

I know that some sites still use old versions of ColdFusion, for example, ColdFusion 9. However, through my experience helping clients, it’s surprising to find that the actual number of sites running on ColdFusion is so massive.

Adobe hasn’t supported this version of ColdFusion since 12/31/2014 and those sites are usually hosted on the old versions of Windows. And Microsoft doesn’t support it too.

It generates a lot of security problems- we can’t use the newer version of Java, etc.

Adobe provides very clear migration instructions, for example: https://helpx.adobe.com/pdf/coldfusion2016-migration-guide.pdf. And most cases we can migrate sites with small code updates or without any code change.

In many cases, we are not able to make a migration. We need to copy scripts to the new hosting, setup DataSources etc.

And because we deal with very old sites often created by another developer we can have a situation when nobody has a database password.

But, if we know the ColdFusion admin password and datasource name we can retrieve all information:

<h1>ColdFusion Datasources</h1>

<cfset version=createobject(“java”,”coldfusion.server.ServiceFactory”).LicenseService.getMajorVersion()>

<cfset form. version =variables. version >

<cfif NOT isdefined(“form.adminpassword”) or (isdefined(“form.adminpassword”) AND NOT len(form.adminpassword))  or (isdefined(“form.dsn”) AND NOT len(form.dsn))>

    <cfif (isdefined(“form.adminpassword”) AND NOT len(form.adminpassword)) or  (isdefined(“form.dsn”) AND NOT len(form.dsn))>

        <font color=”#FF0000?>The password and Datasource Name cannot be empty!</font>

    <cfelse>

        <br>

    </cfif>

    <form action=”<cfoutput>#cgi.script_name#</cfoutput>” method=”post”>

        Enter the CF Admin Password: <input type=”password” name=”adminPassword”><br />

                                Enter the Datasource Name: <input type=”text” name=”dsn”><input type=”submit” value=”Submit”>

    </form><cfabort>

<cfelse>

    <cfset adminauth=createObject(‘component’,’CFIDE.adminapi.administrator’).login(‘#form.adminpassword#’)>

    <cfif NOT adminauth>

        <font color=”#FF0000?>The password was incorrect!</font><br>

        <form action=”<cfoutput>#cgi.script_name#</cfoutput>” method=”post”>

            Enter the CF Admin Password: <input type=”password” name=”adminPassword”><input type=”submit” value=”Submit”>

        </form><cfabort>

    </cfif>

</cfif>

<cfif isdefined(“form.adminpassword”) and isdefined(“form.dsn”)>

    <cfoutput>ColdFusion Verion: #variables.version#<br><br></cfoutput>

    <cfif isDefined(“variables.version”) AND variables. version LTE 9>

        <!— Create datasource object —>

        <cfset variables.datasourceObject=createobject(“java”,”coldfusion.server.ServiceFactory”).getDatasourceService().getDatasources()>

<table border=”1? cellpadding=”5? cellspacing=”0?>

            <tr bgcolor=”c0c0c0?>

                <th>Datasource</th>

                <th>UserName</th>

                <th>Password</th>

                                                                <th>Type</th>

                                                                <th>Database</th>

                                                                <th>Host</th>

            </tr>

            <cfset variables.datasource = form.dsn>

            <cfif len(variables.datasourceObject[variables.datasource][“password”])>

                <cfset variables.database =”>

                <cfset variables.host=”>

                 <cfset variables.username = variables.datasourceObject[variables.datasource][“username”]>

                <cfset variables.driver = variables.datasourceObject[variables.datasource][“driver”]>

                <cftry>

                      <cfset variables.database = variables.datasourceObject[variables.datasource].urlmap.CONNECTIONPROPS.database>

                      <cfset variables.host = variables.datasourceObject[variables.datasource].urlmap.CONNECTIONPROPS.host>

                       <cfcatch type=”any”>

                      </cfcatch>

                </cftry>

                <cfset variables.decryptedPassword = Decrypt(variables.datasourceObject[variables.datasource][“password”],generate3DesKey(“0yJ!@1$r8p0L@r1$6yJ!@1rj”),”DESede”,”Base64?)>

                <!— Output datasource information —>

                <cfoutput>

                <tr>

                    <td>#variables.datasource#</td>

                    <td>#variables.username#</td>

                    <td>#variables.decryptedPassword#</td>

                    <td>#variables.driver#</td>

                    <td>#variables.database#</td>

                    <td>#variables.host#</td>

                </tr>

                </cfoutput>

            </cfif>
        </table>

    </cfif>

</cfif>

If you have questions or need help with this, don’t hesitate to reach out to me and I’ll be happy to assist.

Zoom API on ColdFusion

Summary

In the modern world it’s hard to create a good product without integrating it with third party services. One of the most popular services in the business world today is Zoom. I’d like to share some of the experience my team and I have had working with the Zoom API. Hope you enjoy the read and its helpful!

1.    Zoom APP Creation

To work with the Zoom API, we can choose between OAuth and JWT (JSON web token) Zoom APP. Both provide a high level of security.

You can find more details on the Zoom docs pages: https://marketplace.zoom.us/docs/guides/build as well Build an App instructions.

In this example we will use JWT APP (JWT are an open, industry standard RFC 7519 method for representing claims securely between two parties).

Process of APP creation described on Zoom doc page: https://marketplace.zoom.us/docs/guides/build/jwt-app.

On this stage it allows us to get API Key and API Secret values.

<cfset jwtZoomAPISecret = “‘MY API Secret”>     

<cfset jwtZoomAPIKey = “‘MY API Key”>

2.    Generate an Access Token

We can download required library from JWT site: https://jwt.io/libraries or Github: https://github.com/jcberquist/jwt-cfml

function getZoomToken() {

                                var jwtObj = jwt(jwtZoomAPISecret);

                                var adjustedDate = DateAdd(“n”,”15?,Now());

                                var tokenExpiration = adjustedDate.getTime();

                                var payload = {

                                                                ‘iss’ = jwtZoomAPIkey,

                                                                ‘exp’ = tokenExpiration

                                                };

                                var thetoken = jwtObj.encode(payload);

                                return thetoken;

                }

3.    Create a Meeting on Zoom using Zoom API

We need to use the previously generated token to Create a Meeting, as well as for other API integration.

We provided an example for Scheduled meeting, you can check Zoom documentation (https://marketplace.zoom.us/docs/api-reference/zoom-api/meetings/meetingcreate) for other options.

<cfcomponent>

                <cfset variables.APIServerURL = “https://api.zoom.us/v2/”>

                <cffunction name=”init” output=”false” returntype=”Zoom”>

                                 <cfargument name=”theToken” type=”string”>

                                 <cfset variables.thetoken = arguments.thetoken>

                                 <cfreturn this>

                </cffunction>

<cffunction name=”createMeeting” access=”public” returntype=”any”>

                                <cfargument name=”topic” type=”string” required=”yes”>

                                <cfargument name=”start_time” type=”string” required=”yes”>

                                <cfargument name=”schedule_for” type=”string” required=”yes”>

                                <cfargument name=”password” type=”string” required=”yes”>

                                <cfargument name=”type” type=”numeric” default=”2?> //Scheduled Meeting

                                <cfargument name=”duration” type=”numeric” default=”30?>

                                <cfargument name=”timezone” type=”string” default=”America/New_York”>

                                <cfargument name=”agenda” type=”string” default=””>

                                <cfargument name=”registrants_email_notification” type=”boolean” default=”no”>

                                <cfsavecontent variable=”messagedata”>

                                                <cfoutput>

                                                {

                                                                “topic”: “#arguments.topic#”,

                                                                “type”: “#arguments.type#”,

                                                                “start_time”: “#arguments.start_time#”,

                                                                “duration”: “#arguments.duration#”,

                                                                “schedule_for”: “#arguments.schedule_for#”,

                                                                “timezone”: “#arguments.timezone#”,

                                                                “password”: “#arguments.password#”,

                                                                “agenda”: “#arguments.agenda#”,

                                                                “registrants_email_notification”: “#arguments.registrants_email_notification#”

                                                                }

                                                }

                                                </cfoutput>

                                </cfsavecontent>

                                <cfhttp url=”#APIServerURL#users/me/meetings” method=”post”>

                                                <cfhttpparam type=”HEADER” name=”Content-Type” value=”application/json”>

                                                <cfhttpparam type=”HEADER” name=”Authorization” value=”Bearer #variables.theToken#”>

                                                <cfhttpparam type=”BODY” value=”#messagedata#”>

                                </cfhttp>

                                <cfset myResult = deserializeJSON(cfhttp.FileContent)>

                                <cfif cfhttp.statusCode contains “201”>

                                                <cfreturn myResult>

                                <cfelse>

                                                <cfreturn false>

                                </cfif>

                </cffunction>

</cfcomponent>

4.    Get Zoom Meetings

We can use another endpoint to get list of all meetings.

<cfcomponent>

                <cfset variables.APIServerURL = “https://api.zoom.us/v2/”>

                <cffunction name=”init” output=”false” returntype=”Zoom”>

                                 <cfargument name=”theToken” type=”string”>

                                 <cfset variables.thetoken = arguments.thetoken>

                                 <cfreturn this>

                </cffunction>

<cffunction name=”getMeetings” access=”public” returntype=”any”>

                                <cfhttp url=”#APIServerURL#users/me/meetings” method=”get”>

                                                <cfhttpparam type=”HEADER” name=”Content-Type” value=”application/json”>

                                                <cfhttpparam type=”HEADER” name=”Authorization” value=”Bearer #variables.theToken#”>

                                </cfhttp>

                                <cfset myResult = deserializeJSON(cfhttp.FileContent)>

                                <cfif cfhttp.statusCode contains “200”>

                                                <cfreturn myResult>

                                <cfelse>

                                                <cfreturn false>

                                </cfif>

                </cffunction>

</cfcomponent>

5.    Delete Zoom Meetings

We can play with the Zoom API endpoints like list, update, delete a meeting. All we need to do is follow their guidelines on using specific endpoints. For example, we can delete a meeting by sending a DELETE request to the API endpoint. To this endpoint, you need to pass your meeting id as shown below.

<cfcomponent>

                <cfset variables.APIServerURL = “https://api.zoom.us/v2/”>

                <cffunction name=”init” output=”false” returntype=”Zoom”>

                                 <cfargument name=”theToken” type=”string”>

                                 <cfset variables.thetoken = arguments.thetoken>

                                 <cfreturn this>

                </cffunction>

                <cffunction name=”deleteMeeting” access=”public” returntype=”any”>

                                <cfargument name=”meetingId” type=”string” required=”yes”>

                                <cfhttp url=”#APIServerURL#meetings/#meetingId#” method=”delete”>

                                                <cfhttpparam type=”HEADER” name=”Content-Type” value=”application/json”>

                                                <cfhttpparam type=”HEADER” name=”Authorization” value=”Bearer #variables.theToken#”>

                                </cfhttp>

                                <cfif cfhttp.statusCode contains “204”>

                                                <cfreturn true>

                                <cfelse>

                                                <cfset myResult = deserializeJSON(cfhttp.FileContent)>

                                                <cfreturn myResult >

                                </cfif>

                </cffunction>

</cfcomponent>

Of course, this is just a small part of possible integrations. For example, if you have a multiple users in your account we can use Users endpoint https://marketplace.zoom.us/docs/api-reference/zoom-api/users/ to manage users. In the case we can reuse provided examples, we only need to replace ‘users/me/’ from provided examples with ‘users/[Actual User ID]/’

Integrating an eBay API for ColdFusion eCommerce

Like most owners of ColdFusion eCommerce Websites, you‘ve likely considered leveraging different platforms for selling online – and you would be wise to do so. Whether it be eBay, or Amazon, your ColdFusion Website can double – or tripletransactions if you have your website tuned correctly.

Integrating an eBay API for a ColdFusion Website brings many advantages. In addition to accomplishing the main objective of increasing business growth, it also centralizes and unclutters your CMS. Your back-end transactions, including eBay sales, will all be in one place. Utilizing just the one ColdFusion Website, as opposed to others without the eBay API, will significantly decrease additional work, allowing you to spend more time on what matters most: productivity. Inventory control becomes unnecessarily time-consuming when you have multi transactions on multi platforms. An eBay API will have your ColdFusion system control items directly on the eBay marketplace panel, so there’s no need to login elsewhere. Also, eBay listing updates can be performed automatically, so you don’t have to monitor them every time you sell an item.

We’ve witnessed the immediate, positive outcomes from ColdFusion websites and it’s an utter mystery why more companies aren’t taking this route.  If you have any questions about ColdFusion, or if you want a ColdFusion developer to integrate your Website with an eBay API, please contact us; we are only an email, an inquiry, or a phone call away.

Walmart marketplace API written in ColdFusion

Walmart recently released its own Marketplace, in an effort monetize on their brand and why not – to create competition for Amazon, JET, or eBay. The Walmart Marketplace API allows merchants which register to become a partner, and is written in ColdFusion. Yes the versatile Adobe ColdFusion platform will be the launchpad for retailers, merchants, and sellers that want to exchange goods via the Walmart Marketplace.

The Walmart Marketplace API is comprised of, and can be broken down into two groups. The first being the Walmart Item API and the second one is the Walmart Transaction API. Based on the documentation there are a few steps that need to be taken before the code is well integrated and certified, so that you can move to production.

In other words, Sellers and Merchants that wish to use the Walmart Marketplace will need to integrate the ColdFusion based API with their Websites and Systems. If you need more information on integrating this product, or would like to consult with our ColdFusion Team – visit our Website – and we would be glad to help.

ColdFusion 10 and 11 hotfix from Adobe addresses XML parser flaw

A recent hotfix was released by Adobe in order to protect ColdFusion users from a number of flaws

Security updates were released to address vulnerabilities in ColdFusion versions 10 and 11. According to the Adobe Security Bulletin the hotfix includes an updated version of BlazeDS and addresses potential data leak (information disclosure) glitches.

Adobe recommends ColdFusion customers to update their systems and provides technotes for each version. Our Technicians would be more than happy to assist you and help you in case you need to apply ColdFusion updates.

Apparently an unrestricted XML parser may allow for external XML entities processing when parsing such document. The flaw may be exploited by unauthenticated remote hackers. The flaw can allow various attacks including: reading arbitrary, listing web/system directories, SSRF attacks / unauthorized access to restricted services running on the localhost as well as within the victim’s server network; SMB relay attacks; and temporary file uploads which may be used by attackers in combination with LFI vulnerabilities to supply malicious code. Attackers can also read critical ColdFusion configuration files such as neo-security.xml, password.properties, and neo-datasource.xml. They can read ColdFusion password hashes including the management console, database credentials, and gain access to a weakly protected ColdFusion system.

ColdFusion migration to Lucee is perfectly viable

Adobe’s ColdFusion is a powerful and very productive language, designed to be a RAD (Rapid Application Development) tool. It is essentially a big Java tag library with success in vertical markets and well accepted by Mid-to-Enterprise level Organizations. Though an excellent and versatile language, licensing costs have sometimes turned owners and developers to other options, especially in the wake of the new wave of open source platforms.

Here comes Lucee, offering an open source solution to the developers’ dreams. Not only is it free, but also it performs well, is stable, and is updated reasonably frequently. Lucee is compatible with contemporary ColdFusion script and tag language variants, also providing configurable support for legacy ColdFusion. The core features of Lucee provide easy to learn tags for everything from database queries to sending dynamic email messages to scripting connections with ftp and Amazon s3 storage. Almost anything you can do with ColdFusion, you can do with Lucee.

Our Team has extensive experience with the platforms, therefore if you need a transition from ColdFusion to Lucee, we are here to help. Just send us a request or call us and our Specialists will assist you!

HAVE A QUESTION?

We would love to help.
Give us a call:

(718) 793-2828

Get a free project estimate:

Recent Comments
    Archives