In this hands on we will change our locale and update the date and time outputs to change the display based on our locale.
Functions Used: LsdateFormat, LstimeFormat, setLocale
The process of making an application ready for global usage is globalization, or G11N (for the 11 letters between the "g" and the "n" in globalization). Globalization consists of two steps: internationalization, or I18N (for the 18 letters between the "i" and "n" in internationalization), and localization or L10N (for the 10 letters between "l" and "n" in localization—if you're sensing a pattern here, yes there is, people working in this field are particularly fond of numeronyms). The atomic units for globalization are locales. Locales are the most important piece of G11N.
Locales are languages and calendars; date, number, and currency formatting; spelling; writing system direction; etc., that are specific to a geographic region. For instance, the English (color) and date formats (month/day/year) used in Brooklyn are not exactly the same as the English (colour) and date formats (day/month/year) used in Perth.
In this hands on, you are going to create an error and view the error information in the log files.
Tags Used: <cfoutout>
Fixing problems within your code can sometimes be very difficult. If the problem you are experiencing is an error, then the chances are it is pretty easy to fix as you already know the file and line number of the issue. If the issue you are trying to fix is that a piece of functionality is not acting as you expected, then the problem is a bit harder to resolve. There is no sure way to find these problems and fix them, but there are a few debugging methods that can often help you find the problem area.
When trying to debug a problem within your application, it can sometimes be a very easy task or sometimes it can be a very arduous task. When an error is thrown, you often know the file and line number of the problem and you can fix it very easily. Sometimes the problem is that the application is not doing what you expected it to do and often this is a much harder problem to resolve. During these situations, the more information you have, the better. Th
While the best efforts are made to stop errors from happening, they do happen. Sometimes the errors might be due to some bad code; other times it may be due to external resources that are out of one's control. During the development process, these errors hold valuable information that allows us to improve and fix our code, but in production environments, these errors hold information that can make our servers vulnerable to attack. It is important that as a developer you anticipate errors and gracefully handle them. Thankfully, ColdFusion offers a number of ways to trap those errors and even allow developers to react to those errors and call alternative functionality.
While the best efforts are made to stop errors from happening, they do happen. Sometimes the errors might be due to some bad code; other times it may be due to external resources that are out of one's control. During the development process, these errors hold valuable information that allows us to improve and fix our code, but in production environments, these errors hold information that can make our servers vulnerable to attack. It is important that as a developer you anticipate errors and gracefully handle them. Thankfully, ColdFusion offers a number of ways to trap those errors and even allow developers to react to those errors and call alternative functionality.
In this hands on, we are going to add security to the blog comments. As this section allows users to supply data that will be stored in a database and will also be output to other users, this is a weakest point of the application.
Tags Used: <cfif>, <cfset>, <cfthrow>
Functions Used: isSimpleValue, canonicalize,
The previous sections focused on secure ColdFusion coding practices, but if the installation of ColdFusion is configured insecurely, all of that work is for nothing. Securing the ColdFusion Application Server requires making the OS, web server, and the ColdFusion configuration secure. For ColdFusion 9, Adobe published the Adobe ColdFusion 9 Server Lockdown Guide which covered how to properly configure ColdFusion 9 on Windows or Linux. It covered various OS settings, connecting ColdFusion to IIS or Apache, and settings within the ColdFusion Administrator.
ColdFusion 10 introduced the Secure Profile that can be enabled during installation. It simplifies securing ColdFusion by applying more secure defaults to the configuration instead of having to apply them manually. Some of the settings changes are: