Agent K on CF

Back in Edinburgh for Scotch On The Rocks 2014

by kai 31/12/2013

There are those moments when everything just falls into place. Before Xmas and before I got the notification from the CAB at cf.Objective(), one of my submitted sessions was accepted for Scotch On The Rocks 2014. I’m still extremely happy about that as the amount of submissions they got was massive (around ~160, iirc) and given that […]

Read the full article →

I’ll be speaking at cf.Objective() 2014

by kai 30/12/2013

It already happened an few days ago, but I’m very pleased to announce that I’ll be at cf.Objective() 2014 in Minneapolis in May 2014 and that two of my three session proposals got chosen for the conference’s agenda. I’ve been to cf.Objective() 2013 as an attendee (Kudos to Gert @ Railo for throwing me a […]

Read the full article →

When and why you should run when someone (including myself) recommends a certain set of JVM settings

by kai 30/12/2013

This is part two of a loosely connected series of blog posts dealing with JVM settings. Make sure you check out the first post titled “JVM memory settings for Railo (and Adobe ColdFusion) on Tomcat” before continuing to get an idea of the overall context of this series. Today’s post is about why generic recommendations […]

Read the full article →

JVM memory settings for Railo (and Adobe ColdFusion) on Tomcat

by kai 30/12/2013

This is the first post of a loosely connected series about JVM settings (some of them related to memory, some others not). I got kind of inspired by a series of discussion threads on various CFML-related lists sitting in my inbox for a while now (because I felt the urge to comment on them — […]

Read the full article →

NullPointerExceptions from cfcookie when migrating from Adobe ColdFusion 9 to 10

by kai 20/12/2013

A few months ago, one of my clients was testing a possible migration from Adobe ColdFusion 9 to Adobe ColdFusion 10. One of the issues they ran into was a NullPointerException when it came to their cookie use. Something simple such as <cfcookie name=”cfid” value=”574857485748543″> didn’t quite work and resulted in: “The system has attempted […]

Read the full article →

An update on HTTPOnly marked cookies in Railo 4.1

by kai 30/11/2013

In January this year, I wrote a blog post to advise people how to make the default installation of a Railo 4 server more secure. One of the elements was to make sure you’re using HttpOnly marked cookies for your session cookies (depending on your setup that might be JSESSIONID or CFID/CFTOKEN). In the blog […]

Read the full article →

Adobe ColdFusion and Railo users: be aware of the newest Apache Tomcat trojan/worm

by kai 27/11/2013

Symantec has recently discovered a trojan/worm-ish thing that threatens application servers running Apache Tomcat. It seems to follow the typical command & control pattern with control servers having been found in Taiwan and Luxembourg so far. This threat is using a very specific attack vector by trying to spread via the Apache Tomcat Managers and […]

Read the full article →

ColdFusion and ColdFusion Builder source code have been stolen

by kai 05/10/2013

So, there we go. Adobe got hacked and according to Krebs on Security and Adobe themselves, among other things, the source code of ColdFusion, ColdFusion Builder and other Adobe products has been stolen and shown up on hacker sites. This is obviously an issue. I don’t want to comment on how it might or might […]

Read the full article →

ColdFusion – just another security hole…

by kai 16/05/2013

It’s getting to the point where people who’re looking at this must be saying: “Man, this is getting really embarrassing for Adobe”. There’s another (unspecified) security hole that users were made aware of May 8, 2013. The patch was then announced for and released on May 14, 2013, for the days in-between there was only the recommendation […]

Read the full article →

Some more differences when moving to Railo

by kai 14/05/2013

You might remember that I’ve blogged about the differences between Railo and ColdFusion in the past. Here’s another one to look out for – this popped up on the railo mailing list the other day. A poster was asking about some Adobe CF-specific code that was used to retrieve a list of datasources (working on Adobe CFMX […]

Read the full article →