I’ll be speaking at cf.Objective() 2014

by kai 30/12/2013

It already happened an few days ago, but I’m very pleased to announce that I’ll be at cf.Objective() 2014 in Minneapolis in May 2014 and that two of my three session proposals got chosen for the conference’s agenda. I’ve been to cf.Objective() 2013 as an attendee (Kudos to Gert @ Railo for throwing me a […]

Read the full article →

JVM memory settings for Railo (and Adobe ColdFusion) on Tomcat

by kai 30/12/2013

This is the first post of a loosely connected series about JVM settings (some of them related to memory, some others not). I got kind of inspired by a series of discussion threads on various CFML-related lists sitting in my inbox for a while now (because I felt the urge to comment on them — […]

Read the full article →

NullPointerExceptions from cfcookie when migrating from Adobe ColdFusion 9 to 10

by kai 20/12/2013

A few months ago, one of my clients was testing a possible migration from Adobe ColdFusion 9 to Adobe ColdFusion 10. One of the issues they ran into was a NullPointerException when it came to their cookie use. Something simple such as <cfcookie name=”cfid” value=”574857485748543″> didn’t quite work and resulted in: “The system has attempted […]

Read the full article →

An update on HTTPOnly marked cookies in Railo 4.1

by kai 30/11/2013

In January this year, I wrote a blog post to advise people how to make the default installation of a Railo 4 server more secure. One of the elements was to make sure you’re using HttpOnly marked cookies for your session cookies (depending on your setup that might be JSESSIONID or CFID/CFTOKEN). In the blog […]

Read the full article →

Adobe ColdFusion and Railo users: be aware of the newest Apache Tomcat trojan/worm

by kai 27/11/2013

Symantec has recently discovered a trojan/worm-ish thing that threatens application servers running Apache Tomcat. It seems to follow the typical command & control pattern with control servers having been found in Taiwan and Luxembourg so far. This threat is using a very specific attack vector by trying to spread via the Apache Tomcat Managers and […]

Read the full article →

ColdFusion and ColdFusion Builder source code have been stolen

by kai 05/10/2013

So, there we go. Adobe got hacked and according to Krebs on Security and Adobe themselves, among other things, the source code of ColdFusion, ColdFusion Builder and other Adobe products has been stolen and shown up on hacker sites. This is obviously an issue. I don’t want to comment on how it might or might […]

Read the full article →

ColdFusion – just another security hole…

by kai 16/05/2013

It’s getting to the point where people who’re looking at this must be saying: “Man, this is getting really embarrassing for Adobe”. There’s another (unspecified) security hole that users were made aware of May 8, 2013. The patch was then announced for and released on May 14, 2013, for the days in-between there was only the recommendation […]

Read the full article →

Some more differences when moving to Railo

by kai 14/05/2013

You might remember that I’ve blogged about the differences between Railo and ColdFusion in the past. Here’s another one to look out for – this popped up on the railo mailing list the other day. A poster was asking about some Adobe CF-specific code that was used to retrieve a list of datasources (working on Adobe CFMX […]

Read the full article →

Railo Express Tomcat – updates

by kai 13/05/2013

I’ve just updated the Railo Express on Tomcat bundles that I’m compiling. They now feature Apache Tomcat 7.0.40 (which is a very recommended upgrade from .39) and various Railo versions: Tomcat 7.0.39 and Railo!m0IUhYDR!abAZeAh-dukXRw8EpMHV8lWAhGpyXuiyHhpvrNouaKw Tomcat 7.0.40 and Railo!6sx3GIrT!LJRexzWxkbQItSg_PdaRaEgsSDhzNzglO6y-Sjz__tk Tomcat 7.0.40 and Railo!25ZiFZaL!Q-RzyFRjWz43Xdy7senMmSHHi1wNFgj2cywGyv9X1Tk Tomcat 7.0.40 and Railo!f94nnI7a!MuHpoltxQANMISy6l7b8Gx_iZJw8hTf-e5wZ4s4QLrg

Read the full article →

Railo Express Tomcat for OS X

by kai 20/04/2013

And here we go. If you want to play with and try out my unofficial Railo Express Tomcat for OS X, you can get started by just visiting the wiki page for it. On there, I’ve provided some (hopefully useful) instructions on what to do after the download – please note that the screenshots show […]

Read the full article →