CF Code-Fu Atrophy

It was bound to happen.

I no longer get to code as often as I would like, so when I got the opportunity to make a quick fix to help bring my company's software up to CF 9 snuff, a problem with nested WDDX packets, I decided to keep the task to myself. A short time later I had the solution, wrote the necessary code, checked it in the browser, and then committed the file to source control feeling the old coding euphoria set in.

This morning, however, one of our developers called over the cubicle wall saying something was not right. Yep, I made a syntax error. My sense of accomplishment withered into feeling like a newbie. I made a mistake, one that I often coach others on: I did not sufficiently unit test my code change.

Once I got over the blast to my coding ego, I made the (small) code fix, unit tested again, and committed the file to the repository.

My lesson learned is two-fold:

First, never overestimate your own coding ability. There is always room for improving and refreshing both your language knowledge and your development practices.

Second, find time out from designing software to actually write some code. Do not let your code-fu wither due to disuse.

Using a ColdFusion Datasource in Java

From time to time I have to switch out of ColdFusion into Java to get a task accomplished. The latest was writing a password callback class for a web service integration project using ColdFusion, aka the Axis web service engine, and WSS4J.


Creating a Self-Signed Key Pair

One of my recent projects was to design a web service-based API for an existing Fusebox 3 application (more on that later). The data exchange has to be digitally signed, which requires working with public and private keys within ColdFusion.

ColdFusion uses the Java keystore within the JRE to handle keys and matters of trust. A keystore is simply a storage location for keys and certificates. Most keystores are physical files protected with a password. By the way, the default password for the ColdFusion keystore is "changeit."

During the prototyping and development phases, I determined that using a self-signed key was faster and easier than having to go through the process of obtaining a "real" signed key.

Note: Self-signed keys are useful for development, but a real key should be used in production environments.

General Syntax

The general syntax for generating a self-signed key pair using the Java keytool utility is:

view plain print about
2 -genkey
3 -alias <alias of key>
4 -keypass <password for alias>
5 -keystore <path/to/keystore>
6 -storepass <keystore password>
7 -dname "cn=<alias>"
8 -keyalg RSA

My project required using the RSA key algorithm. If you do not specify the algorithm to use, the keytool utility uses DSA.

Using the Keytool Utility

Using the keytool utility requires going to the command line, so GUI-lovers beware! I'm going to use the Windows command line in my examples below.

The keytool utility lives in the bin directory of the Java runtime associated with ColdFusion. The default keystore for ColdFusion, named cacerts is in the lib/security directory, so any references to it must be the full path.

view plain print about
1cd c:\coldfusion9\runtime\jre\bin

To list the current contents of the ColdFusion keystore, use the -list switch:

view plain print about
1keytool -list -keystore c:\coldfusion9\runtime\jre\lib\security\cacerts -storepass changeit

Generating a key pair uses the -genkey switch. In this example, I create a RSA key named mykey stored in the cacerts keystore, and then self-sign it:

view plain print about
1keytool -genkey -alias mykey -keypass secureme -keystore c:\coldfusion9\runtime\jre\lib\security\cacerts -storepass changeit -dname "cn=mykey" -keyalg RSA
3keytool -selfcert -alias mykey -keypass secureme -keystore c:\coldfusion9\runtime\jre\lib\security\cacerts -storepass changeit

To share the public key with another application, you will need to export the certificate from the keystore using the -export switch:

view plain print about
1keytool -export -alias mykey -keypass secureme -keystore c:\coldfusion9\runtime\jre\lib\security\cacerts -storepass changeit -file export\file\path\mykey.cer

Importing a key also uses the keytool utility, this time with the -import switch:

view plain print about
1keytool -import -alias the.key.alias -file path\to\certificate.cer -keystore c:\coldfusion9\runtime\jre\lib\security\cacerts -storepass changeit

Note: Once a key exists in the ColdFusion keystore be sure to restart the ColdFusion Application Server.

The Persistant SQL UDF

I came across a very strange and unexpected problem with a SQL Server 2005 UDF yesterday that continues to puzzle me. First, the cast of players:

  • ColdFusion MX 7
  • SQL Server 2005
  • A table-valued function
  • Puzzled developers

In case you are not familiar with table-valued functions, they are functions in SQL that return a table, as opposed to the more traditional scalar value.

We had to change the data type for one of the columns in the returned table from decimal to text to fix a bug. Nothing a simple ALTER FUNCTION statement could not handle.

Script, run, test, same error, what?

Maybe something is cached on the SQL Server side. Let's try dropping and recreating the function.

Script, run, test, same error, ???

Something very odd was happening. Only after restarting the ColdFusion Application Server service did the error go away.

I am still searching for an answer. Surely ColdFusion does not cache database object information...?

CFUnited the Fourth

CFUnited is this week, and I will be there from Wednesday to Friday. Since this will be my fourth CFUnited - I have the t-shirts to prove it - I have a pretty good idea of what the sessions and format will be like. The three days will be packed with information that is nearly impossible to remember without rereading any notes I happen to take.

CFUnited sessions are far to short to fully cover most topics. ColdFusion is just too deep and rich to do so. Instead, I approach each session with the following goals:

  • Learn one new aspect of the topic. For example, what does an XSS attack look like in the logs.
  • Get introduced to the broad aspects of the topic. For example, what are the high-level abilities of ColdFusion to connect to a Microsoft Exchange server.
  • Get acquainted with the latest buzzwords and "must-haves" in the ColdFusion world. A little tongue-in-cheek, but unfortunately I do not always have time to keep up with the various email lists and blogs.

Each session is an opportunity to become interested in a new or different approach to solving a problem (and everything is a problem to resolve). Just leave room for chatting with vendors and maybe even other developers. ;-)

Version Control for Database Objects?

I have used a variety of version control methods and products over the years. In the beginning, I (infrequently) added a digit or date to the end of the file name, an effort that was largely ineffective and highly subject to user error. :-) Then, corresponding with a job change, I was introduced to version control software in the shape of CS-RCS from ComponentSoftware, based on GNU RCS. After a couple of years, the development team made the shift to Subversion, my personal favorite. To be complete, I will throw in a year of pain using Visual SourceSafe.


First Steps into Test Driven Development with Red Green Refactor

I (finally) took my first dive into test driven development (TDD) with a personal project I recently started. I admit, the first thought that came to mind when I first read about the red/green/refactor process included a man, flannel, and duct tape. ;-)

I decided to use MXUnit for my unit test framework. Using the Eclipse plugin made running the tests very easy.

Instead, the hardest part for me was fighting the impulse to just write code. Red/green/refactor is all about first writing the test, watching it fail, then writing the code. Test, fail, code, and repeat until the test passes. Several times I caught myself writing code outside of the confines of the current test case. It was far too tempting to listen to the little voice that says, "It will be easy to add this feature too. The template is open anyway."

Writing the tests first was also a challenge. I had to sit back and really think about what behaviors and data my user bean would contain. I actually had to formulate a plan before coding! Time to practice what I preach about on almost a daily basis at my paying job.

I have yet to get to a true refactor stage, but I imagine it will be soon. It is too early in the unit testing and coding phase to have enough code to refactor.

Finding All Triggers in SQL Server

Database triggers are sometimes difficult to track down. I needed to locate a list of all of the triggers in a database to check them for performance issues, and, when I turned to the INFORMATION_SCHEMA views, discovered there is not one for triggers. Oh well, back to interrogating the system tables.

Triggers are located in the sys.triggers table, so the following query delivered the information I needed:

view plain print about
2 AS parent_object,
3 AS trigger_name,
4    c.text AS trigger_def
5FROM sys.sysobjects o
6    INNER JOIN sys.triggers t
7        ON t.parent_id =
8    INNER JOIN sys.syscomments c
9        ON = t.object_id

Coding Resolutions for 2009

A new year is here and with it my list of resolutions for the coding year. Therefore, I resolve to:

  • Write a working program in Java that is not a simple textbook example. I'm talking something I can use in the real world.
  • Write an application using ColdBox. A new year, a new framework. ColdBox just looks interesting to work with. I have not written on an event-driven framework before (go Fusebox!) so ColdBox ought to be a good introduction.
  • Attend CFUnited. Okay, I admit I cheated on this one. I'm already registered, but since the conference is not until August, I'm writing it down as a goal.
  • Release an open source application written in ColdFusion. This is a tough one that I hope I'll find time to accomplish.

There they are, out in the wild, my coding resolutions for the year. I met (most) of my goals for 2008. I hope to keep that trend for 2009.

On the Naming of Things

One of the challenges we face as developers is maintaining code written by other people. Yes, the ever present "they" who just cannot seem to live up to your own expectations and standards of how code should be written. I'm always struck by how hard it is to read other people's code, even if it well commented, contains properly scoped variables, and is written in a language I know.


Previous Entries / More Entries