Are you keeping up on whatever updates are available for the CF version you're running (2018, 2016, or so on)? And how about updating the Java/JVM that CF uses? You should be, for security as well as bug fix reasons. And what about the web server connector (wsconfig)?

Ever since CF10, the mechanism to update CF has been a single-click operation in the CF Admin--or at least, that's how it's supposed to be. But sometimes things go amiss, and you can be left with CF not coming up, or the admin not opening, or something in your app failing to work right which you may not notice for even days or weeks.

And the same is true when it comes to updating the Java/JVM that CF uses: there are several things you can easily do "wrong" that will have CF not starting. And even if you do it "right", there may be something amiss (because you missed an important step) that might not bite you for some days--when someone tries to make an https call out of CF. And you may wonder, "what version of Java can I use with my version of CF?"

The good news is that there are answers and a few key best practices to follow in updating CF, the JVM, and wsconfig, which if followed can ensure that each is a quick and painless task. In this session, veteran CF troubleshooter Charlie Arehart will walk through all this, based on his decade-plus experience in helping people troubleshoot such problems daily. The session will apply both to those using the Admin or command line for such update mechanisms.

Have you wondered about using or trying out the "multiple instance" feature of CF (technically the "multiserver" installation option). Available in its current form since CF 7, many developers and shops still have not adopted it, perhaps because they don't understand its benefits, or maybe they tried it and got confused about the options during installation/configuration. Or maybe they assume it's only about creating clusters/load balancing and/or replication: it's not and can be valuable for many other reasons. In this talk, veteran CF troubleshooter Charlie Arehart will introduce the topic, presuming you have no prior experience with it. (Note that while it's a feature of CF Enterprise, you can also use it with the free Developer edition, and he'll explain why you may want to.) What we will (and will not) cover: We'll address things from the ground up, starting with what the feature is, how it's evolved, and why you should use it in development and/or production. Charlie will demonstrate an installation from scratch, talking about the various choices presented, and proceeding to add another instance and how to demonstrate successful setup. He'll also show connecting the new instance(s) to an external web server and share tips about that. Along the way Charlie will address such other practical concerns as how to share admin settings among the instances, whether and how to share jvm.config settings, how to find the various logs for each instance, why to be careful about scheduled tasks, how you can monitor the instances, and more. He'll also offer some recommendations that could vary depending on your setup, such why you might want to use the cfusion instance only for creating instances, when/why you may be able to stop and disable the cfusion and admin instances, why you may/may not want to consider sandbox security, and more. We will not have time to discuss or demonstrate clustering, load balancing, and replication, but can mention it only briefly. If that may be what you'd want to hear more about, please know this is not the talk for that. Perhaps a later talk. But you will be pointed to many resources available for you to further investigate more on all the things we discuss (with a warning to be careful about older resources which describe an older but still-supported approach to multiple instances, from the CF 6.1 timeframe.)

Are you using the RDS-enabled features in Eclipse, Dreamweaver, or HomeSite+? If not, you could be missing out on a lot of increased productivity, from the query building tools it enables, to the component browsing tools, to enabling file access across the web, and more. Perhaps it's been disabled on your server, or people may argue that it's insecure. If you could be shown how it could be secured, might you (or your admin) reconsider it? I think it's a tragedy how many developers suffer without leveraging RDS, certainly on their own machines, and even on shared servers. Whether you think RDS evil or a blessing, or are unaware of what it enables in your favorite CFML editor, and whether you use CF 8 or earlier, there may be more to RDS than you realize. And there are solutions to security concerns, especially in CF8 but even beforehand. In this talk, frequent CFUG speaker Charlie Arehart will show you all the ways that RDS can be used to make you more productive in Eclipse, Dreamweaver, or HomeSite+. He'll also address (and in some cases resolve) common security concerns, especially the multi-user RDS security available in CF 8 (and CF 4 and 5), as well as how to enable it if it's been disabled (assuming you have the right to make configuration changes, of course).

Join us for another CF "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features (on the newest or older versions), configuration or tuning, deployment, security, the future and state of CF, whatever. You can offer questions in advance if you like, using this form: https://docs.google.com/forms/d/e/1FAIpQLSenOp4GULwLA6q8UDIvhgXjAymSr2jM3zfSDEfFXu7yUVMhxw/viewform Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-) You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.

Join us for our first "Ask Me Anything" session, with your host Charlie Arehart and recent co-organizer Dan Wilson. We'll open the floor to any sort of CF-related questions you may have, whether about coding challenges or using CF features, configuration or tuning, deployment, security, the upcoming new CF version, recent CF versions, the future and state of CF, whatever.

Of course, some topics tend to generate more heat than light, so we hope folks will ask questions that may not be merely points of debate (preferences, disappointments, laments). And since we're not Adobe and don't speak for them, there are some topics where we won't be able to offer information that isn't publicly known. Still, there are many questions asked in the community (in various places) every day, so there are plenty of good questions. Of course, we can even talk about, "where are good places to ask CF questions?"! :-)

You bring 'em, we'll wing 'em. We'll even let others hop on to speak/share video/screen, if they feel they have a question or answer that would be better spoken than written in the chat.

OWASP AppSec Research 2010, Chris Eng from Veracode provides a practical guide for those doing penetration testing or code reviews on an application written in ColdFusion.

Generating PDF documents is a simple task in ColdFusion 8. That is if you know what you are doing. This meetup will discuss the basic knowledge needed to create a PDF document. From something as simple as taking an image and converting it, to converting an entire web page or other document. Advanced features such as page extraction, PDF merging and document security will also be discussed. Real world examples, as well as basic demos, will be used to explain the features discussed. The goal is for everyone to leave the meeting with the feeling that they can do it themselves.

In this 30 minute preview of his CFObjective seminar, Dean will examine how threat modeling can be used as a baseline activity to ensure the security of web applications. Threat modeling is a structured approach for identifying, evaluating and mitigating risks to system security. By modeling a system as an attacker would, development organizations can prioritize the usage of a development/security budget, manage risks to system security and find vulnerabilities earlier than technical testing or code reviews. Applied early in the development lifecycle, threat modeling can be used to drive further secure SDLC activities, such as code reviews and penetration testing to ensure the security of your software throughout its lifetime.

Over the years authentication schemes have changed drastically from the old days of username and password logins. Today, there are multiple kinds of multi-factor authentication mechanisms in use that add complexity and security to your login processes. We'll explore some of these newer authentication techniques and show you how to easily implement a secure authentication process in every application you write. We'll also cover basic PCI compliance, encryption, obfuscation, and access control lists along with password security, password recovery, session management and other topics that relate to building a robust authentication system.

Cloud computing and distributed storage are gaining more traction in the ColdFusion community, and Amazon's EC2 and S3 are highly secure, cost effective and easy to use solutions that give the power of the cloud to ColdFusion developers. Learn how to create and manage EC2 instances, install Adobe ColdFusion and MySQL server on Amazon's EC2 linux based servers, how to use S3 storage directly within ColdFusion and how to take advantage of some of the other features offered by Amazon Web Services including network security, messaging, and load balancing. Above all, you'll learn how to get a free micro EC2 instance and other free services from Amazon for a full year!