[Looking for Charlie's main web site?]

Updates for Dreamweaver, HomeSite, CF Studio for ColdFusion 8, 9, or 10

If you may still be using Dreamweaver or HomeSite+ (or its older brother, HomeSite, or its older uncle, ColdFusion Studio), you may find that the tag insight, tag help, tag completion, and other features are not recognizing newer ColdFusion tags and functions, if perhaps you have updated to later versions of ColdFusion since installing those editors.

Well here's good news, that I find many don't seem to know: you don't need to put up with a lack of support for tags and functions for more recent CF versions!

(If as a reader of this entry, you'd want to make sure people know about still other editor/IDE alternatives, I will address that briefly also before we're through.)

[....Continue Reading....]

Some hidden gems in ColdFusion Builder 2.0.1 for those who edit via FTP

Let me say this up front: I realize that some folks may well decry my pointing this out (hold that thought). But in the spirit of my tradition of pointing out "hidden gems" in things related to CF and CFBuilder, those who may edit files via FTP will want to know that there are some enhancements for that support in CF Builder 2.0.1, now in public beta.

Among the "other enhancements" mentioned at the bottom of the "New Features Notes" (PDF), note a few related to FTP:

  • New Upload On Save option on the FTP connector dialog box to upload a file by way of FTP when saved locally
  • Use shortcuts to perform Synchronize and Upload (Ctrl+Alt+W U)/Download (Ctrl+Alt+W D) simultaneously
  • Take advantage of the shortcut for Synchronize (Ctrl+Alt+W Y)

Those may be big news for some, which might be easily missed, and which are not likely to be pointed out in most posts on what's new in CFB 2.0.1. And some would even intentionally leave them out, so I'm "takin' one for the community" here by pointing these out. :-)

Why some may decry these features

[....Continue Reading....]

Sending HTTP headers in a CFHTTP request? Name them correctly

If you ever try to use CFHTTPPARAM (inside a CFHTTP) to set HTTP headers for the request you're calling, be aware that you need to be careful to specify the name of the headers as they're known in the HTTP specification. Don't be misled by what you see in a CFML dump of the CGI scope.

(This is a reprisal and update of an old blog entry I'd done back in 2003, on a blog site that will soon no longer exist. I'll be reprising a few such blog entries in coming days/weeks, to keep them around for posterity [and to save some having to dig for them in the archive.org site] since often the info offered then may be just as valuable now. I hope that in time these new versions would come up if people do searches that would have found the old entry.)

So, about these http headers, while CFML exposes them in a dump of the CGI scope, such as the user-agent field which shows up as cgi.http_user_agent, the issue is that you would not use that name, nor even "user_agent", when specifying it in a CFHTTPPARAM. The proper way to pass the user agent in a CFHTTPPARAM would be as follows:

[....Continue Reading....]

I'm speaking on the CFMeetup this week: "Getting Started with Multiple Instances in CF"

If you didn't notice in my regular announcement of who's on the Online ColdFusion Meetup this week, I am in fact presenting in the noon (EDT) slot, this Thursday, on "Getting Started with Multiple Instances in CF".

You may think, "what's new about that?" Well, nothing. I've just had people ask for more beginner/intermediate and more admin-related talks. This seemed to fit the bill for both. Here's the (detailed) description (to make sure the right audience shows up).

Introducing the Adobe ColdFusion Extensions for Eclipse

Have you wondered about using or trying out the "multiple instance" feature of CF (technically the "multiserver" installation option). Available in its current form since CF 7, many developers and shops still have not adopted it, perhaps because they don't understand its benefits, or maybe they tried it and got confused about the options during installation/configuration. Or maybe they assume it's only about creating clusters/load balancing and/or replication: it's not and can be valuable for many other reasons.

In this talk, veteran CF troubleshooter Charlie Arehart will introduce the topic, presuming you have no prior experience with it. (Note that while it's a feature of CF Enterprise, you can also use it with the free Developer edition, and he'll explain why you may want to.)

What we will (and will not) cover:

We'll address things from the ground up, starting with what the feature is, how it's evolved, and why you should use it in development and/or production. Charlie will demonstrate an installation from scratch, talking about the various choices presented, and proceeding to add another instance and how to demonstrate successful setup. He'll also show connecting the new instance(s) to an external web server and share tips about that.

Along the way Charlie will address such other practical concerns as how to share admin settings among the instances, whether and how to share jvm.config settings, how to find the various logs for each instance, why to be careful about scheduled tasks, how you can monitor the instances, and more. He'll also offer some recommendations that could vary depending on your setup, such why you might want to use the cfusion instance only for creating instances, when/why you may be able to stop and disable the cfusion and admin instances, why you may/may not want to consider sandbox security, and more.

We will not have time to discuss or demonstrate clustering, load balancing, and replication, but can mention it only briefly. If that may be what you'd want to hear more about, please know this is not the talk for that. Perhaps a later talk.

But you will be pointed to many resources available for you to further investigate more on all the things we discuss (with a warning to be careful about older resources which describe an older but still-supported approach to multiple instances, from the CF 6.1 timeframe.)

So were you surprised that the "simple" subject actually has a lot more nuance than meets the eye? You can RSVP for the event, as well as get a link to create an entry in your calendar and more, at the Meetup event page.

Note that you can also certainly just show up on the day at the Connect room.

Finally, again, there will be a 6pm (EDT) talk as well, Mike Henke on "Leveraging Eclipse for ColdFusion Development". For more on these, and all CF Meetups, see my blog category of CFMeetup announcements about them.

Hope to see some of you Thursday at noon.

PS Speaking of CFML development via Eclipse, I'll have yet another announcement about something that may interest many, separately.

New "ColdFusion 8 developer security guidelines" at Adobe DevCenter

I haven't seen much mention of this elsewhere, but I happened upon a new 47-page whitepaper called "ColdFusion 8 developer security guidelines", by Erick Lee, Ian Melven, and Sarge Sargent. It's listed in the Adobe Security DevCenter, which shows it having been posted as of today.

Like other whitepapers that have been put together by Adobe, Macromedia, Allaire, and others, this one offers overviews of key concerns along with proposed best practices.

Is it complete? Does it really need to be?

As with any such document, there will be debate among some readers about whether the practices are always really the "best". It's inevitable. But let's give credit that the authors do try to give a rather brief round up of the features, their options, and the impact of choices.

Just as Ben's famous CF "Certification Study Guide" is a quick summary of key things in CFML (and no substitute for the complete ColdFusion documentation or the WACK books), so too would I argue that this guide is a quick summary of important points to consider. Readers would do well to understand the issues completely, both in terms of the generic concerns they raise and the specifics of CFML features and options. For that, the docs and other books would be great resources.

Still, many readers won't have time for that, so despite the fact that some may pick it apart, it will serve a large percent of the community who might otherwise have no knowledge of the concerns and configuration features. For that, we should thank the authors.

Its sections

The document is divided into the following sections: Authentication, Authorization, CFCs, Session Management, Data validation and interpreter injection, Ajax, PDF integration, .NET integration, HTTP, FTP, Error handling and logging, File System, Cryptography, Configuration, Maintance and References.

Earlier editions, and what's updated in the CF8 guide?

While the guide does focus on CF8, there is another version of the document for those running CF7, the "ColdFusion 7 developer security guidelines". It, too, is by 2 of the 3 authors of the other whitepaper, Erick Lee and Sarge Sargent. It's only 33 pages, and it too is listed at the Adobe DevNet Security Developer Center, where it show it having been updated as of Oct 2007.

You might think that the CF8 guide is updated only to refer to things new in CF8, but in fact I find some things in the CF8 guide that are not in the CF7 guide, but are not new for CF7. Perhaps they decided to expand the CF8 guide in ways that they didn't push back down into the CF7 guide (understandable if time was limited). That means that CF7 developers may want to read the later guide, though they'd have to ignore features that are indeed new to CF8.

For instance, I found a discussion of the trusted cache feature only in the CF8 guide (more on that below). I didn't do a careful comparison of what's different.

BTW, I'll add that I found references in searches both on the Adobe site and Google to a version of the security guidelines at a URL that no longer works. Since I couldn't access it, I was unable to determine how this CF7 version was updated (or if it was simply renamed, to distinguish it from the new CF8 version. Perhaps the authors can comment here if they read this entry.)

Where to offer feedback?

That last comment brings up a concern I have with the whitepapers offered on the Adobe site (and the articles offered on the Developer Center, as well, of which I've been an author recently.) There's no place for folks to leave feedback. It would be nice for there to be a place to have discussions about the things written in such whitepapers or articles. (The Devnet articles do offer a feedback link, but it's one way, not an open discussion.)

I'm sure some will want to comment on or trade best practices regarding the topics in this paper. Also, I'd like to share at least one error I found: in the discussion of the trusted cache feature, it's described as, "Enable Trusted cache in production environments. When enabled, ColdFusion will only server requested templates held in its memory cache. This provides performance gains but also prevents ColdFusion from running hacked or invalid templates."

Yikes. I wonder who wrote that (and who missed it during any review).That's not the purpose of trusted cache at all. It's about whether the server should look to disk to see if a template, once compiled and loaded into memory, has changed on disk. The server always only serves (not the typo, too, "will only server") pages held in its memory cache. Using trusted cache is certainly a performance gain, but I really have no idea what the reference is to "hacked or invalid templates". That makes me think the person writing this has a very wrong idea about the feature. But I'm not meaning to rip the guidelines. As I said earlier, I'm sure that many will find them very useful, and since folks rarely read the docs, it's a nice way to condense into 40+ pages some key points. I'll let others comment here about any other concerns they have. At least it will serve as one place to have such discussion. If there's a better place, I'll welcome people pointing to that.

Charlie Arehart offers new per-minute phone-based support service

Ever felt stumped trying to solve a CF problem? You've tried everything? Searched the web? Asked on forums and lists, and you're still stuck? Or maybe you're just pressed for time.

Maybe you've wished you could hire someone with more experience but can't justify a high hourly rate. Of course, with so many web tools available to share a desktop, travel need no longer be a significant issue. Sometimes, it could help to simply have someone "look over your shoulder" via the web to resolve a problem.

Recognizing all those challenges, I've created a new service that I'm tentatively calling "AskCharlie", to be able to offer just such assistance.

Via buttons on my site or an 888 number you call, you can arrange to speak with me by phone (and optionally join me in a shared desktop session) to solve some knotty problem.

Best of all, it's very low cost and at a per minute rate (first-time callers can use a 10 minutes free option, and everyone gets a money-back guarantee). That and more are explained on my site:


There you can learn more about why I did it, how it works, how the remote desktop sharing assistance works (no problem with firewalls, for instance), and more.

I'd welcome your thoughts on what you think of the idea.

Using DWMX? Wish you had CF Studio or HomeSite+? You do, for free!

Though I've been trying to spread this word for years, I still find people don't realize it. If you were a fan of CF Studio, while it's no longer available, you will find that HomeSite+ is effectively the same tool. And it's FREE--as long as you have a license for Dreamweaver MX or Studio MX.

You can't download it, nor can you buy it. (You can by HomeSite, but that's not the same as HomeSite+.) You'll find HS+ as an installer file on the DWMX CD, but not on the installer menu (though that's been addressed finally in DWMX 8).

For more details, see an article I did for Fusion Authority back in 2004 (which points at yet another article I did in the CFDJ in 2003:


BlogCFC was created by Raymond Camden. This blog is running version 5.005. (Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting