[Looking for Charlie's main web site?]

Configuring FusionReactor to show "real ip address" when behind a load balancer or other proxy

If your server is behind a load balancer or other sort of proxy, you may have noticed that when you view information about requests in FusionReactor, they all have the same (or nearly the same) IP address. This can be easily fixed, and I show you how in this post.

[....Continue Reading....]

Speaking at CFCamp 2019, for the 10th time!

Following on my recent announcement about speaking at CF Summit 2019, I am delighted to announce also that I've been selected to speak at CFCamp 2019, in Munich this October.

This will be my sixth year in a row presenting at this wonderful event, and my seventh year total. It will also be my 10th presentation there.

FWIW, half of those talks have been "sponsor" presentations on behalf of Intergral, the makers of FusionReactor, while the rest were not. And despite the title of my talk this year, "Comparing Monitoring Solutions for CF and Lucee", it is NOT an FR-sponsored talk. See the description below, for more.

[....Continue Reading....]

CF2020 to offer still-better deployment on Docker, cloud

There's great news coming regarding Adobe ColdFusion 2020, with regard to deployment of CF via Docker images and/or in the cloud.

Adobe's Director of Engineering for CF, Ashish Garg, recently held a wide-ranging interview with Michaela Light (on the CF Alive podcast) about the CF2020 roadmap. Ashish shared news of some substantial changes planned in the next release regarding modularity in the engine, the size of installers/containers, and their startup time, as well as matters like licensing of containers, logging within them, monitoring of them, and more.

[....Continue Reading....]

Come learn about getting started with CF Docker images at CF Summit 2019

Docker imageI'm terribly behind in announcing it, but I'm thrilled that I've been selected to speak again at Adobe CF Summit 2019, to be held in Vegas Oct 1 and 2 (with the pre-con on Sep 30). Both topics are on using Adobe's ColdFusion Docker images, and are designed for people who have not yet gotten into Docker at all, or for those familiar with Docker but not the Adobe CF images.

After sharing the talk titles and descriptions, first for the hour-long session and then for the day-long pre-conference session, I'll share a couple more thoughts, especially for those considering going to the conference, which I highly recommend.

[....Continue Reading....]

New Oracle JVM update released, July 16 2019

Just a heads-up for folks using CF, Lucee, and other Java-based apps and app servers: Oracle has released today a new JVM update, for Java 8 and 11. It's update 221 for Java 8 (1.8.0_221), and update 4 for Java 11 (11.0.4).

For some, that's all they need to know. For most, they will probably want to read on.

[....Continue Reading....]

Updates released today for CF2018, CF2016, and CF11

While word has been shared elsewhere about this today already, I wanted to share here also that there were updates released today for CF2018, CF2016, and CF11.

And I share a bit more here, for my readers.

[....Continue Reading....]

When you know you're doing the right thing: some representative comments from clients

For years I've had a "references" page on my site, where I'd post comments folks have shared in their emails back to me after our consulting engagements. I get their permission before posting, of course.

Well, I got a really nice one today, and I thought I'd share it here also, as it really does capture well what I strive to do in my work:

[....Continue Reading....]

CF updates temporarily missing. Get them here

If you've tried to get the update files for cf 2018, 2016, 11, or 10 in recent days, whether from the CF Admin "updates" page or the update technote pages, you've found the update jar files are missing and unavailable, due to a temporary problem. Here's how to get them in the meantime.

[....Continue Reading....]

"Charlie, we'd like to buy CF. Are you an Adobe reseller?"

I've had clients ask the above question over the years, including today. The short answer is "no", but I do have a recommendation of who you should consider buying CF from, at a discount, and with other benefits.

[....Continue Reading....]

CF security update (March 1 2019), part 2: further details, prevention, and more

This is my part 2 post which follows onto the Part 1, released the night of March 1, when the new CF updates were released as an emergency update. If you've not yet read that, do that first, to get some basic info and needed context for what follows.

And if you HAVE already read part 1, if it was before Saturday morning, do go back and reread it. I had added some important info that I thought shouldn't wait to Part 2, which I knew could take me a while. See especially the sections there, "A brief introduction to the vulnerability and the fix", "Should you be worried?", and "What if you can't apply the update immediately, and can't wait for part 2?".

And my apologies for the delay in getting part 2 out. For various reasons, including related to additional research work I'm doing on this exploit beyond CF, I was unable to post this then. Better late than never, I hope. Indeed, I had listed quite a lot in Part 1 that I hoped to cover in a part 2. I don't want to delay getting this out any later, so I will get done today what I can and post that, and carry over into a part 3 (or beyond) whatever remains. There are some natural breaks, fortunately. Thanks for your patience.

Following are what I cover here in Part 2:

  • More detail about the vulnerability and what was "fixed"
  • Wouldn't an antivirus package on the server detect this sort of trojan?
  • How to add further protection from it (especially if you may be unable to implement the update for some reason)
  • Considering running a security scan of your CFML code
  • Consider implementing a web application firewall
  • How to prevent execution of the files used in the attack, if they may already be on your server
  • Another benefit of applying the latest updates
  • What about Lucee?

[....Continue Reading....]

More Entries

Copyright ©2019 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting