Accessibility

ColdFusion Documentation

ColdFusion 4.5.2 Documentation Updates

Please note the following late changes and additions to the ColdFusion Server and Studio documentation.

Administering ColdFusion Server

Please note the following updates to the Administering ColdFusion Server documentation:

New ColdFusion Administrator Welcome page

Whenever you start the ColdFusion Administrator, you'll see a new home page, where you're always just a click away from a wealth of ColdFusion information. You can access the home page at any time by clicking the Home link in the Server menu on the left-hand side of the screen.

The Administrator Home page lets you access the following information:

ColdFusion Administrator Home Page

Category Description
Local Resources Includes links to the following information, which is specific to the current installation of ColdFusion Server:
  • Release Notes keep you apprised of important information relating to ColdFusion Server installation and configurations and provide details about known problems and fixed issues.
  • New Features provides details about new features that have been added to ColdFusion Server 4.5.
  • Product Documentation provides information about the ColdFusion documentation set and, if you chose to install HTML-based documentation at setup time, links to the HTML versions of all the books in the ColdFusion documentation set.
  • Example Applications gives you quick access to sample ColdFusion applications that you can examine or run.
Technical Support Includes links to the following technical support resources on the Allaire Web site:
  • Allaire's Installation Support page, where registered users can get free technical support for installation issues.
  • Interactive technical support discussion forums are an excellent source of information, suggestions, and discussions with Allaire technical staff, Team Allaire members, and other web developers.
  • The Allaire Knowledgebase contains technical support resource information, problem resolution information, answers to the most frequently asked hotline questions, tips and techniques, and training information.
  • Allaire Support Resources is the home page for Alliare Technical Support. You can use this page to learn how to contact Technical Support, to report bugs, and to connect to all Allaire's Technical Support resources, including Knowledgebase articles and disucssion forums.
Online Resources Includes links to the following resources on the Allaire Web site:
  • Product Registration lets you quickly register your new version of ColdFusion over the Web.
  • The ColdFusion DevCenter
  • Developer Exchange lets you view, contribute, and download multiple types of content, including code and custom tags. Passworded access allows you to administer your contributions.
  • ColdFusion White Papers offer comprehensive overviews of topics such as scalability and secure application development.
  • Training helps you find the right instructor-led or self-paced ColdFusion course.
  • Enhancement Requests lets you e-mail your ColdFusion wish list to Allaire.
  • The Allaire Security Zone contains Allaire's latest security bulletins and technical briefs that provide information about issues Allaire believes are significant. The Security Zone also contains an extensive list of non-Allaire sites where you can go to learn about everything from security standards and protocols to the most recent security bulletins from companies like Netscape, Microsoft, and Sun.

Change to "ColdFusion Probe" nomenclature

In Administering ColdFusion Server, all references to "ColdFusion Probe" should be replaced with "ColdFusion Service Level Failover."

Additional information about Bright Tiger processes

In Chapter 1, "Installing and Configuring ColdFusion" the following processes should appear in the list of ClusterCATS processes:

  • appmgr -- Application Manager responsible for managing ClusterCATS processes and the ColdFusion probe.
  • dfp -- Local Director integration. Responsible for feeding load and availability information to Cisco Local Director if the user has configured the cluster to do this.
  • wsprobe -- Responsible for feeding load information to the teserver process and keeping the web server running.
  • teserver_apache -- Main ClusterCATS engine. Responsible for cluster membership, alarms, load balancing, and support mail. Also manages server state.
  • teserver.so -- ClusterCATS filter for Netscape Enterprise Server. Has the same functions as teserver_apache.

Updates to the btadmin utility

The following btadmin command syntax changes were introduced to support multiple instances of the web server.

Most useful btadmin commands:

btadmin stop all
   # Stop all ClusterCATS daemons, including the web server.
btadmin start all
   # Start all ClusterCATS daemons, including the web server.
btadmin add btcats https-<my-instance> 
   # configure ClusterCATS with an NES or Apache instance
btadmin reset
   # Reset the current configuration
btadmin disable btcats 
   # Remove ClusterCATS from Web Server configuration file 
     and restart web server
btadmin enable btcats  
   # Add ClusterCATS to Web Server configuration file and 
     restart web server
btadmin config <option> <instance-name> load
   # set load balancing type
wsprobe
   # monitor web server and if it can't serve a page, stop it 
     and restart it
failover 
   # configure failover

Help text from btadmin

Note the addition of instance name in some places:

btadmin : Manage ClusterCATS daemons
Usage: btadmin  [start/stop/restart daemon] 
 start         : Start specified daemon (default is all)
 stop          : Stop specified daemon (default is all)
 restart       : Stop specified daemon (default is all)

Usage: btadmin [enable/disable/add/delete/config <option> <instance>] 
 enable        : Enabled specified option for instance.
 disable       : Disable specified option for instance
 add           : Add a new instance
 delete        : Delete an existing instance
 config        : Configure specific option for instance

Usage: btadmin [reset] 
 reset         : Reset Bright Tiger ClusterCATS for all instances

Usage: btadmin [show] <instance>
 show          : Show Configuration for the specified instance

Usage: btadmin [help]
 help          : Help Information

 Valid daemons : appmgr, failover, wsprobe,  ns-httpd, dfp

 Valid Options : btcats   - Bright Tiger ClusterCATS
                 dfp      - Local Director Integration
                 wsprobe  - Web Server Monitoring
                 failover - Server Failover (ipaliasd)
                 wsroot   - Update Server Root
                 load     - Load Management Perference CGI or HTTPJava

 Instance      : Web Server Instance (https-?)

 Note:    Stopping/Starting of a single daemon may result in 
          multiple daemons being stopped/started.

Administrative Tags and Functions

In addition to the Administrative Functions listed in Chapter 10, "Configuring Advanced Security" of Administering ColdFusion Security, ColdFusion 4.5 includes this Administrative function:

CFUSION_DISABLE_DBCONNECTIONS (datasource;"0/1") -- Disables and enables an individual data source specified by datasource.

Example

The following line disables the data source named cfmysource:

<cfset rc=cfusion_disable_dbconnections("cfmysource","1")> 

The following lin enables the data source named cfmysource:

<cfset rc=cfusion_disable_dbconnections("cfmysource","0")> 

Protecting all resources by default

In previous versions of ColdFusion, an individual resource was not protected until you created a rule for it. ColdFusion 4.5 gives you the option of protecting all the resources that a security context governs when you create the context. Then you create a rule for each individual resource that you want to make available to ColdFusion users. No user can access any locked resource that you don't create a rule for. Finally, you create policies that contain both resources (rules) and the users you want to have access to them.

The following instructions assume that you have read the security chapters in Administering ColdFusion Server and are familiar with Advanced security.

Note: You can't use the "protect all resources" feature with the new Advanced security Resource view. You must create rules and policies the same way you did with Release 4.0.

To create the security context:

  1. Set up the security server. See "Setting Up a Security Server" in the print or online Administering ColdFusion Server reference for more information.
  2. Set up user directories to authenticate against an NT domain, an LDAP directory, or an ODBC data source. See "Defining User Directories" in the print or online Administering ColdFusion Server reference for more information.
  3. Create a security context for the application. See "Defining a Security Context" in the print or online Administering ColdFusion Server reference for more information.

    When you create the security context, select the Protect All Resources by Default check box. Then, select the types of resources to protect. Once the context is created, it protects all resources of the selected types. For example, if you select Protect All Resources by Default and then select the resource type Data Source, the context protects all data sources on the server.

Now that you've created the security context, create rules for the resources that you want users to access.

To create rules:

  1. Click the Rules button at the bottom of the Edit Security Context page to display the Resource Rules page for the security context you just created.
  2. Enter a name for the rule and select the type of resource the rule protects. Remember that the drop-down on this page lists only the types of resources you selected when you created the context.
  3. Click Add to display the New Resource Rule page
  4. Enter a description of the rule and specify the resource and, if applicable, the actions that the rule protects. For example, if the rule applies to a data source, enter the name of the data source and select the types of SQL statements to restrict.
  5. Click Add.
  6. Repeat steps 2 through 5 for each rule you want to add to the context.

    Note: Remember that every resource of each type you selected when you created the context is automatically locked. For example, if you selected the resource types Tags and Functions, the context locks all ColdFusion tags and functions. You must create a rule for each resource that you want users to have access to. Resources that you don't create rules for can't be accessed by anyone.

Now that you've finished creating the rules for your context, you must create policies that match the rules with users.

To create policies:

  1. Click the Back button on the Resource Rules page to redisplay the Edit Context page for your context.
  2. Click the Policies button to display the Resource Policies page for your context.
  3. Enter a name for the new policy and click Add to display the New Security Policy page.
  4. Enter a description of the new policy and click Add.
  5. Repeat steps 3 and 4 for each policy you want to add to your context. When you're finished, you should see the Resource Policies page with a list of the new policies you've created.
  6. Click a policy in the list to display its Edit Policy page.
  7. Click the Rules button to display the Resource Rules for your policy. The first time you display this page, there are no rules listed; you'll add them in the next step.
  8. Click the Add/Remove button to display the Add/Remove Rules page for your policy.
  9. Select rules to add to the policy from the Available Rules column and click the left arrow to move them to the Current Rules policy.

    Note: If you create a rule but don't add it to any policies, the resource that the rule governs won't be available to any ColdFusion users.

  10. Click the Back button to display the Resource Rules for your policy and then click Back again to display the Edit Security Policy page.
  11. Click the Users button to display the Users page for your policy. The first time you display this page, there are no current users listed; you'll add them in the next step.
  12. Select a user directory from which to add users and click the Add/Remove button to display the Add/Remove Users page for your policy.
  13. Select users or groups to add to the policy from the Available Users column and click the left arrow to move them to the Current Users policy.

    Note: If the user directory is an NT Domain or LDAP directory, you'll only see groups, not individual users, in the Available Users list. To add an individual user to the policy, enter the user name in the Enter User box and click the Add button.

  14. Click the Back button to display the Users page for your policy, click Back again to display the Edit Security Policy page, and click Back a third time to display the Resource Policies page for your context.
  15. Repeat steps 6 through 14 for each policy you created

Once you've finished adding rules and users to policies, you've finished configuring Advanced security to protect all resources by default.

CFML Language Reference

Hash function

The new hash function takes a string and returns the result of a one-way hash (using MD5), converted to a hexidecimal representation. There is no conversion from the hash result back into the source string (that's why it's called "one-way"), so this can be useful data for password comparisons. For example, a developer could store the hash of a password in a database without exposing the password itself. Later, to validate the password the developer could write something like this:

<CFIf Hash(Form.Password) is NOT MyQuery.PasswordHash>
    <CFLocation Url="unauthorized.cfm">
</CFif>

One-way hashes can also be used to match the validity of a document.

Structured exceptions

The following list shows the ColdFusion 4.5 Structured Exceptions by Name:

  • APPLICATION
  • ANY
  • COMCOM.Allaire.ColdFusion.HTTPConnectionTimeout
  • COM.Allaire.ColdFusion.HTTPFailure
  • COM.Allaire.ColdFusion.HTTPAuthFailure
  • COM.Allaire.ColdFusion.HTTPFileNotFound
  • COM.Allaire.ColdFusion.HTTPFileNotPassed
  • COM.Allaire.ColdFusion.HTTPUrlValueNotPassed
  • COM.Allaire.ColdFusion.HTTPCGIValueNotPassed
  • COM.Allaire.ColdFusion.HTTPCookieValueNotPassed
  • COM.Allaire.ColdFusion.HTTPFileNotRenderable
  • COM.Allaire.ColdFusion.HTTPFileInvalidPath
  • COM.Allaire.ColdFusion.HTTPContinue
  • COM.Allaire.ColdFusion.HTTPSwitchingProtocols
  • COM.Allaire.ColdFusion.HTTPCreated
  • COM.Allaire.ColdFusion.HTTPAccepted
  • COM.Allaire.ColdFusion.HTTPNonAuthoritativeInfo
  • COM.Allaire.ColdFusion.HTTPNoContent
  • COM.Allaire.ColdFusion.HTTPResetContent
  • COM.Allaire.ColdFusion.HTTPPartialContent
  • COM.Allaire.ColdFusion.HTTPMultipleChoices
  • COM.Allaire.ColdFusion.HTTPMovedPermanently
  • COM.Allaire.ColdFusion.HTTPMovedTemporarily
  • COM.Allaire.ColdFusion.HTTPSeeOther
  • COM.Allaire.ColdFusion.HTTPNotModified
  • COM.Allaire.ColdFusion.HTTPUseProxy
  • COM.Allaire.ColdFusion.HTTPBadRequest
  • COM.Allaire.ColdFusion.HTTPPaymentRequired
  • COM.Allaire.ColdFusion.HTTPForbidden
  • COM.Allaire.ColdFusion.HTTPNotFound
  • COM.Allaire.ColdFusion.HTTPMethodNotAllowed
  • COM.Allaire.ColdFusion.HTTPNotAcceptable
  • COM.Allaire.ColdFusion.HTTPProxyAuthenticationRequired
  • COM.Allaire.ColdFusion.HTTPConflict
  • COM.Allaire.ColdFusion.HTTPGone
  • COM.Allaire.ColdFusion.HTTPContentLengthRequired
  • COM.Allaire.ColdFusion.HTTPPreconditionFailed
  • COM.Allaire.ColdFusion.HTTPCFHTTPRequestEntityTooLarge
  • COM.Allaire.ColdFusion.HTTPRequestURITooLarge
  • COM.Allaire.ColdFusion.HTTPUnsupportedMediaType
  • COM.Allaire.ColdFusion.HTTPServerError
  • COM.Allaire.ColdFusion.HTTPNotImplemented
  • COM.Allaire.ColdFusion.HTTPBadGateway
  • COM.Allaire.ColdFusion.HTTPServiceUnavailable
  • COM.Allaire.ColdFusion.HTTPGatewayTimeout
  • COM.Allaire.ColdFusion.HTTPVersionNotSupported
  • COM.Allaire.ColdFusion.POPConnectionFailure
  • COM.Allaire.ColdFusion.POPAuthFailure
  • COM.Allaire.ColdFusion.POPDeleteError
  • COM.Allaire.ColdFusion.SERVLETJRunError
  • COM.Allaire.ColdFusion.Request.Timeout
  • COM.Allaire.ColdFusion.CFEXECUTE.Timeout
  • COM.Allaire.ColdFusion.CFEXECUTE.OutputError
  • COM.Allaire.ColdFusion.FileException
  • DATABASE
  • EXPRESSION
  • LOCK
  • MISSINGINCLUDE
  • OBJECT
  • SECURITY
  • TEMPLATE

Developing Web Applications with ColdFusion

Using ColdFusion Studio

The following items are not covered in Using ColdFusion Studio.

Interface change for Files label

The documentation uses the label "Universal Files" to identify the new tab that replaces the Local Files and Remote Files tabs. This label was changed to "Files" after the documentation was completed. This change affects the Tool Help popup for that tab and other interface elements.

New Editor options in the Settings dialog (F8):
  • Maintain horizontal cursor position -- When this option is checked, the cursor attempts to maintain its horizontal position (column) as you move up and down within the document text. If the line is shorter than the original horizontal position, the cursor will be positioned at the end of the line. This option is active by default.
  • Allow cursor past end of line -- When this option is checked, the cursor can be positioned past the last character of text on a line. When the cursor is moved up and down through the document text, the horizontal position is maintained regardless of the line length.
  • Show hidden characters -- When this option is checked, the editor will display non-printing characters, such as spaces, tabs, and carriage returns.
Resource Tabs
  • Resource tabs can now be floated as individual windows. An individual page can be repositioned by dragging the appropriate page tab (with the small vertical grab bar) with the left mouse button. Resource tabs docked together to the main HomeSite window can be moved as a group by dragging the horizontal grab bar at the top of the pages.
  • The tabs can be docked to each other in any combination, hidden individually, or docked to any of the four sides of the main HomeSite window.
  • Floating resource windows (or groups of windows) can be made to float on top of the main HomeSite window. This is done by right clicking on the window's title bar and selecting "Always on top".
  • When resource tabs are docked to each other, the tabs can be positioned at the top or bottom, and they can display either icons, title captions, or both. These options are set in the Settings window, under the General section.
  • The position, size, and floating style of the tabs is maintained between sessions.
Expression Builder
  • The Expression Builder is now resizable. The splitter bar above the help pane can also be used to modify the size of the help display.
  • When inserting functions in Expression Builder the first argument of the function is now automatically pre-selected for further editing.
Toolbars
  • Added floating help that shows the toolbar name, when you float the mouse over the dock/undock bar on the left-hand side of the toolbar. Hold the mouse pointer over the double vertical lines to the left of the toolbar to see the floating help.
  • Added a menu command to the Toolbar menu that moves all open toolbars to the QuickBar. Right click any of the Toolbars and Select "Move All to Quickbar".

Top Support Topics

 

More ColdFusion Topics

Choose a category to see more topics.

Request Support

 

Additional ColdFusion Resources

 

ColdFusion Downloads

 

Outside Resources

 

Feedback

 

Community