berniedolan
Category: ColdFusion
Beware Of Friendly DOS Attacks
March 13, 2007
Not long ago, we were experiencing a performance issue on one of our internal sites. Taking a look at the web server's access log, I noticed that the site was being hammered by requests -- all originating from the same IP address. It turned out the requests were coming from a web analytics server we have installed. Normally, this server parses through our access logs nightly and creates reports of site usage by page, etc. To make the reports more friendly to read, they had been configured to display page titles for each page (so for example, home.cfm might have "Home Page" as it's title). In order to get the page title, the analytics server was doing an http request to our site for each page in the log. Since it was doing this in rapid succession, it basically amounted to the analytics server initiating a DOS attack on our site!
Obviously I had the report stopped (normally the report runs off-hours anyway, but it had slipped into prime usage time for the site). I also arranged to have the analytics server configured to ignore page titles for a part of the web site that wasn't particularly performant to begin with. Lesson learned? Beware of friendly DOS attacks! Oh -- and don't run analytics reports in the middle of the day :)
Comments (0) | Related Categories: ColdFusion
DataMgr Tour Of Two Cities Is Almost Over
February 22, 2007
Looking for something to do while you're waiting for the Scorpio User Group Tour to start? See if you can catch Steve Bryant on his whirlwind "DataMgr Tour of Two Cities" before it ends!
At this very moment, Steve's groupies are camping in tents just outside his hotel in Boston while he furiously puts the finishing touches on DataMgr 2.0. This version just reached Release Candidate this week and the folks in Boston are hoping to meet the man...nay the Legend...behind this amazing database abstraction tool in person. If they don't catch him on the way to the airport, they're sure to follow him to Nashville -- where he finishes the last leg of his tour. I have no need to go there though. I was one of the lucky ones...
Steve presented tonight at the Boston CFUG and I was fortunate enough to snag a front row seat. It wasn't long before the crowd was chanting "Bryant" and holding lighters in the air -- It was a great presentation. Unfortunately at some point the fans got a little too rowdy with the beach balls and Steve had to be whisked away by his bodyguards. Brian, Tom and I managed to follow his limo and we caught up with him at a local pub for some tasty brew.
If you're planning on following Steve to Nashville (or if you're fortunate enough to live there) I highly recommend stopping into the Nashville CFUG Thursday night for your own taste. Get there soon though -- I hear the lines are already forming. For more info about DataMgr, see Steve's site. He's taken the time to put together an impressive amount of material on the tool including full documentation, flash presentations, and a demo site with examples that let you see the tool in action while giving you the ability to view his source code as well.
Steve -- I just put in my order for the tour T-shirt. Some advice though: Don't let all of this publicity get to you -- you'll end up doing something stupid like shaving your head ;)
Comments (2) | Related Categories: ColdFusion
Getting Real
February 07, 2007
At one point during the latest version of the ColdFusion Weekly, Matt recommended a book called "Getting Real" by 37 Signals (the makers of Basecamp, Backpack, etc.). It really is an excellent and easy read, discussing (among other things) how 37 Signals approaches software development. It's also pretty darn funny in parts :)
You can buy versions of the book in pdf or paperback -- but I just discovered you can also read it online for FREE! Check it out...
Comments (0) | Related Categories: ColdFusion
DST changes: Use TZupdater if you can't upgrade your JVM
January 30, 2007
As mentioned in several posts lately (like this one by Damon Cooper and here by Sarge) the start and end dates for Daylight Savings Time are changing this year. This has a direct impact on ColdFusion since these timezone changes are only supported in version 1.4.2_11 or later of Sun's JVM. Adobe is recommending that you upgrade the JVM used by your ColdFusion installation as outlined in this technote.
In some cases you might be unable, or unwilling, to upgrade your JVM. Sun has also provided their TZupdater Tool for this purpose. As mentioned on their site, "this tool provides a route of updating timezone data while leaving other system configuration and dependencies unchanged."
To be clear -- as far as I can tell, Adobe has not officially endorsed the TZUpdater Tool, and Sun mentions the preferred method is to upgrade the JVM, but this at least leaves you with an option if you need it.
UPDATE: The TZUpdater Tool can only be used for version 1.4 or later of the JVM. Also, Adobe now has 3 technotes regarding the DST issue as noted here by Damon Cooper.
Comments (4) | Related Categories: ColdFusion
Query Data Getting Truncated? Check Your Buffer
January 18, 2007
A coworker of mine ran into a problem the other day with query data he was trying to display on a page getting truncated. The database he was querying has a text column that stores huge XML documents, and he noticed one document was getting chopped off...exactly 64000 characters into the display.
By default, ColdFusion datasources are defined with a "Long Text Buffer" size of 64000 chr -- if your query data is any larger than that, the remaining characters are lost. It's important to note that no error messages are thrown when this occurs -- CF just fills the buffer to the max and continues processing.
To resolve this issue, you have two options. Under the Advanced Settings for the datasource you can either increase the size of the Long Text Buffer, or simply check the box for CLOB to "Enable long text retrieval"...
According to LiveDocs, when you have the CLOB setting selected your queries will "return the entire contents of any CLOB/Text columns in the database for this data source. If not selected, ColdFusion MX retrieves the number of characters specified in the Long Text Buffer setting."
We ultimately decided against enabling CLOB just in case there were ever super size documents in there -- we didn't want to bring the server to its knees :) Ultimately, we bumped the Long Text Buffer size to 512000 which turned out to be sufficient for most of the documents in the database.
Comments (3) | Related Categories: ColdFusion
Recent Pics
