Sorcerer's Tower

Welcome to the Tower, my programming and web development blog. Here you will find articles relating primarily to CFML and regex, plus assorted other technologies, techniques, and ideas.

If you are interested in more than just programming, you can visit my aggregated blog, where you will also find entries on my photography and other interests.

accessibility Beehive Forum CFML ColdFusion conferences Eclipse events frameworks fun Fusebox Java JavaScript news Open BlueDragon projects qpscanner Railo regex reviews security semantics software SQL Web Development

Lucee

Lucee is the best CFML engine.

Nine years ago I began a blog article with a similar claim, and set out to explain why Railo was at that time the best CFML engine. Well the simplest proof of Lucee taking the crown is that Lucee is a fork of Railo by its original creator, Michael Offner.

The thing that made Railo great and that Lucee will be taking further is in being a CFML engine written for developers. That is to say, with features added through developers saying "I need feature X to do my job better" - and specifically not via vague ideas decided on by product managers getting feedback from non-technical clients who say "we need to do mobile" and then having a bunch of disconnected non-programmers come up with a horrendously buggy and useless mess called cfclient. Eugh!

Good programmers already know what tools they need to achieve certain tasks, and if those tools don't exist or aren't good enough, they need the ability to create/improve them - that is what Micha gave us with Railo, and Lucee promises to take this further - to make it even easier for the developer community to adapt it to their needs.

Bering a fork, Lucee continues the versioning from Railo, launching tonight with Lucee 4.5 available already, and an excellent Lucee 5 just around the corner.

Why Not Railo?

Many will be wondering why fork Railo, instead of working on what was there, and the best way to answer that is simply to refer to what Brad Wood has already written on the Railo mailing list: https://groups.google.com/forum/#!msg/railo/B_1S3WzVPXY/hlIeZDE1u98J

To re-iterate the key points: this is the original Railo developer, taking the Railo source code, and refreshing the project. Don't mistake for division what is actually an inclusive evolution, and importantly: a sign of exciting things to come!

Lucee 5

With the next release, Lucee will bring incredible flexibility to CFML and JVM developers through a couple of key technologies.

OSGi is a modular platform for the JVM which allows only the necessary libraries to be loaded. So if, for example, you don't use Hibernate, it doesn't get included and wont add any overhead. Railo was already lightweight, and Lucee with OSGi will take this even further.

JSR223 or "Scripting for the Java Platform" is a standard for embedding different languages on the JVM, and what this means is being able to use Lucee to write CFML in far more places than before. A good example is Ant build scripts - doing certain things with Ant can be awkward and convoluted and Lucee 5 will allow embedding CFML which makes those same tasks trivial.

Together these bring some great opportunies, and this is only the beginning...

More Info

I've tried to avoid simply parrotting what others have already written, so to get further details on Lucee's launch and future you should definitely check out Mark Drew's blog post, Adam Cameron's blog post, the thread started by Igal on the Railo list, and of course the official Lucee website: lucee.org.

QueryParam Scanner 0.8 Release Candidate

The release candidate for the next version of QueryParam Scanner is available on GitHub.

So what's changed?

Well it now runs on FW/1 rather than Fusebox, and the UI has a new theme - the previous gold/beige is gone, and in its place is a theme based on a "new" logo which I've actually had sitting around for several years. There's CSS used that will require a modern browser - FF4 and IE9 both work, but no guarantees for anything older.

Functionality-wise there's a couple of fixes: an error is now thrown when a directory doesn't exist (previous behaviour was to return 0 matches in 0 files), and the IDs returned in data structures are now content-based hashes (previously they were ever-changing UUIDs). Oh, and the IDs are now displayed with the HTML results, in preparation for future functionality that'll potentially use them.

A new experimental (i.e. buggy) feature has been added to seperate the query code into SELECT/FROM/WHERE/etc parts, when returning data structures. This may help with post-processing the data, but has known flaws so use with care. (The existing ORDER BY functionality has also been marked as experimental to similarly indicate that it's not perfect.)

There's a minor change in that relative paths are officially not supported - the UI always stated absolute paths or mappings were required, but there was ugly code in place to try and make relative paths work too - that code has been removed. If you used relative paths before, you need to resolve them before passing to qpscanner.

In summary:

Changed:  Switched to FW/1 and removed unnecessary files.
Changed:  New logo and front-end UI.
Removed:  Dropped unofficial relative path support.
Added:    Experimental ability to separate query code into segments
Fixed:    IDs now use content-based SHA hashes, not random UUIDs.
Fixed:    Throw error when path does not exist, instead of zero results.
Supports: ColdFusion 9/10 and Railo 3.3/4.0/4.1

That's it for now. There are several new features planned to make qpscanner faster, more flexible and more useful, but you'll have to wait for a future release for those.

As ever, if you have any feedback, feature requests, or find any bugs, then please go ahead and get in touch via the GitHub issue tracker.

Speaking at Scotch on the Rocks 2013

I will be speaking at this year's Scotch on the Rocks conference. My presentation is on the subject of getting help when you are stuck and how to describe your issue in a way that makes it easier for others to help you.

All developers have times when they need help, but it's not always easy to ask for (particularly when all you want is to get past a tricky problem, not have long tangental discussions). Having spent a lot of time both seeking and offering help, I hope to shed some light on the quickest ways to find solutions and effective methods for framing your issues so that fellow developers can understand what you need.

The talk will be aimed at developers of any level who want help with getting help.

Scotch on the Rocks is Europe's longest running conference catering for CFML developers, having been held most years since 2005. This year it takes place on the 6th and 7th of June at the Hilton Edinburgh Grosvenor hotel and covers a wide variety of topics on different aspects of web development - so whether you're looking to learn new techniques and technologies or you want to network and socialise with other programmers, Scotch on the Rocks is the conference for you.

Hurry up and book your tickets before they sell out!

QueryParam Scanner v0.7.5 Released

Earlier this week I promoted the release candidate for 0.7.5 of QueryParam Scanner to full release.

For anyone unaware, QueryParam Scanner is a simple tool for identifying unparameterised variables in CFML queries (which may indicate a potential SQL injection risk).

This version has a handful of bug fixes and code cleanups, resulting in faster more accurate scanning than previous versions, plus the addition of JSON output format, giving a more lightweight option if used in scripted processes.

For further details on these, see the previous RC article; other than a couple of trivial fixes and a new readme, nothing has changed since that.

To download the latest version, you can either clone the git repo, or grab it as a zip archive from the GitHub tags page.

For any feedback, problems, or questions, please use the issue tracker.

Apache, cPanel and ErrorDocument

If you're using a cPanel-powered Apache server, there's a chance it may not be setup in the best way.

The same issue might manifest itself in two ways: confusing error messages and ignored htaccess directives.

In both cases, the solution is to use the ErrorDocument directive.

Find out more.