We were busy this week, we released a lot of content for you... on the podcast, cfcasts, youtube, and our blog as well as a couple of special podcast appearances for Brad Wood and Luis Majano on the Wicked Good Development Podcast while they were at DevNexus. Here's the summary in bite size pieces.
I know we all reuse code and some types of reuse are better than the others (I'm looking at you COPY AND PASTE / man in the mirror), but copy-paste is only a symptom of a larger issue, that WET code is not as easy to maintain as DRY code.
ColdSpring was the first dependency injection framework for ColdFusion in the good 'ol days. It was inspired by Java Spring and it rocked during its tenure. As a matter of fact, there is still quite a large number of applications leveraging it, even though the framework itself is completey legacy, unsupported and might not even work on some versions of Adobe 2018+ as well. If you are in this technical debt boat and want a quick win and recover some ground in the technical debt war, then this tutorial is for you.
CommandBox 5.2.0 added a new feature called Server Profiles which allow you to dial in a bevy of development or production lockdown rules in a single setting. Each profile can be tweaked with individual settings to customize them.
I wanted to highlight a recent project I help a client out with, where we used CFConfig to help automate the process of applying government STIGs to ColdFusion servers. A STIG, or Security Technical Implementation Guide, is meant to standardize the process of setting up and auditing secure servers. If you manage servers in a government or corporate setting, you may be familiar with this. If not, you should still be automating your locks downs anyway, so keep reading.
In this tutorial, Brad Wood shows how to use FusionReactor features such as the request Profiler to identify several bottlenecks of slow code in a ColdFusion app.
More and more people are using CommandBox or our Ortus Docker containers (powered by CommandBox) for production deployments. Commandbox uses JBoss Undertow which is very lightweight and fast, and capable of service traffic just as fast as IIS or Apache. A lot of people ask me about running CommandBox in production and I always say it's find so long as you follow the same basic lockdown procedures you'd take on any web server. If you have IIS or Apache sitting in front of CommandBox, most of this configuration can happen there, but for people who want drop-dead simply prod servers, here's some quick tips on locking down your CommandBox server.