The Ortus BlogBox

"Ortus: A rise, beginning, coming into being, born, the origin!"

 

.htacces rules to protect against SQL Injection attacks

Luis Majano
Oct 15, 2008

 

Due to the huge spur in SQL injection attacks, Sana Ullah has done some great work on some .htaccess rules to protect against such injections. They have been committed to the ColdBox SVN, but we are also sharing here. Please note that all the rules are for ColdBox SES, so make sure to update accordingly. RewriteEngine on #SQL Injection Protection --Read More www.cybercrime.gov #Please use these rules if below words does not conflict with your friendly-urls. You may modify accordingly RewriteRule ^.*EXEC(@.*$ /notfound.htm [L,F,NC] RewriteRule ^.*CAST(.*$ /notfound.htm [L,F,NC] RewriteRule ^.*DECLARE.*$ /notfound.htm [L,F,NC] RewriteRule ^.*DECLARE%20.*$ /notfound.htm [L,F,NC] RewriteRule ^.*NVARCHAR.*$ /notfound.htm [L,F,NC] RewriteRule ^.*sp_password.*$ /notfound.htm [L,F,NC] RewriteRule ^.*%20xp_.*$ /notfound.htm [L,F,NC] #Ignore images and this would be last rule --if the condition matched RewriteRule ^/(.*.(png|gif|jpg|bmp)) /$1 [L,PT,NC] #Ignore CSS or JS files and this would be last rule --if the condition matched RewriteRule ^/(.*.(css|js)) /$1 [L,PT,NC] #Ignore txt/doc/pdf/xls files and this would be last rule --if the condition matched RewriteRule ^/(.*.(txt|pdf|doc|xls)) /$1 [L,PT,NC] RewriteRule ^$ index.cfm [QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.cfm/%{REQUEST_URI} [QSA,L]

ColdBox MVC, Tutorials, Tutorials 2

New ColdBox Store Launched!

Luis Majano
Oct 15, 2008

 

I am happy to announce that our new ColdBox Marketplace has launched. We have tried to put together some great items for you and will be adding several more in the near future. Show your support for ColdBox by buying some of these great products. We have created several T-shirts, buttons, mousepads, jackets, hoodies with incredible design.

In the next few days we will be launching our accessories section where you will be able to buy customizable shoes, messenger bags, totes, ties, and even aprons. I already ordered my set!!

ColdBox MVC, News 0

ColdBox 2.6.1 Final Release is now available

Luis Majano
Oct 15, 2008

 

We are pleased to announce ColdBox 2.6.1. This version is a critical fix release that ALL users should upgrade too, that will provide stability and tons of fixes.  However, we have also included some goodies that we left out of 2.6.0 as they where not fully tested yet. Now they are.  Below we have delineated the new goodies for 2.6.1.  We have also created a What's New in 2.6.1 guide and you can read the entire release notes also.

What's New

ColdBox SideBar

This is another developer tool that will make your ColdBox development much easier thanks to Ernst van der Linden.  We truly believe this developer tool will revolutionize the way you build your ColdBox Applications.  TheThe full guide can be found here

This nifty little toolbar lives in your application (development of course) and helps you do the following:

* Reinit the framework
* Open cache and profiler monitors
* Dump vars
* Clear the Cache
* Clear Scopes
* Clear the log files
* Go in and out of debug mode
* Search the docs
* Search the forums
* Skinnable via css
* Add your own links via configuration (JSON)
* much more coming soon.

New Core Interception Points

We have added two more core interception points to ColdBox

* afterCacheElementExpired : Executes after an element has expired from the cache
* onException : Executes when an exception occurs anywhere in the framework

Caching Enhancements

There have been some cool minor enhancements to the cache.

* New FIFO Eviction policy (First In First Out)
* New method: setEvictionPolicy(policyObj), you can now override eviction policies with anything you want
* New method: getObjectMetadata(objectKey), you can now get the caching metadata structure about a specifc object key.

New Interceptor Output Buffer

What this means is that an interceptor has the following methods that enable you to add content to an output buffer that will be flushed after the execution of the interception point. Why would I use this? Well, just look at the ColdBox SideBar. I can create output without affecting handlers, views, etc. Interceptors wrap themselves around an execution (AOP), so you can output content in an non-obtrusive and decoupled manner.

* clearBuffer():void
* appendToBuffer(string):void
* getBufferString():string
* getBufferObject():coldbox.system.util.RequestBuffer

The buffer is unique per interception point but available to the entire chain of execution within an interception point. Once the interception point is executed, the interceptor service will check to see if the output buffer has content, if it does it will advice to write the output to the output stream. This way, you can produce output very cleanly from your interception points, without adding any messy-encapsulation breaking output=true tags to your interceptors. (BAD PRACTICE). This is an elegant solution that can work for both core and custom interception points.

 

//clear all of it first clearBuffer(); //Append to buffer appendToBuffer('This software is copyright by Luis Majano');

Bean Factory Plugin Autowire Update

The Autowire method in the bean factory now has a stopRecursion argument that can be used to send in a class name where recursion should stop.

Transfer Utilities

We have created several utilities for Transfer Integration that we introduced a while back.  They are now in the core in the extras directory. 

  • TransferConfigFactory
  • TDOBeanInjectorObserver

You can read more about these two tools and how they will help you when working with Transfer:

Critical Fixes and Updates

  • * #492 MTLogger Tracer method when called asynchrounously and from a remote call behaves weirdly, blanking out some variables due to cfthread.
  • * #493 setView() with no layout is not blanking out a pre-set layout
  • * #494 proxy,sessionstart,sessionend concurreny issues when ConfigAutoReload is set.
  • * #495 Throw an error that is informative when interceptor classes are not found instead of a bogus error.
  • * #499 onInvalidEvent crashes in SES mode
  • * #500 on Invalid Event error type is not configured correctly
  • * #501 resource bundle not handling relative paths, update to use same approach as other plugins
  • * #502 useSetterInjection not passed correctly across the inheritance tree in the beanFactory
  • * #503 Interceptor Service not registering correctly on demand registrations and doing double puts on some states
  • * #504 Interceptor state addition of an exists method, so overwriting does not occur
  • * #506 Missing onException core interception point
  • * #507 ExceptionHandler not firing on proxy errors
  • * #508 Request Context Decorator overriding the memento and loosing the controller reference
  • * #511 Resource bundle paths bug when unit testing remotely
  • * #517 event.noRender() has wrong logic for the remove bit
ColdBox MVC, Releases 3

ColdBox 2.6.1 Updated Bits, please redownload

Luis Majano
Oct 15, 2008

 

I have updated the 2.6.1 bits due to a left out file in my deployment. Thanks for the pointer! So if you downloaded the 2.6.1 release before today at 5pm Pacific Standard Time. Please re-download it. Sorry for the inconvenience.

ColdBox MVC, News, Releases 0

The ColdBox SideBar, a developer's companion

Luis Majano
Oct 15, 2008

 

In our 2.6.1 release we included a new developer toolbar called the ColdBox SideBar. You can see a screenshot below: The SideBar enables the developer to have a floating toolbar that will assist on development. You can reinit the framework, clear the cache, clear the log files, clear some of the most used scopes like session and client, and so much more. It also appends itself to errors when they occur, so you can easily reinitialize or search for the errors in the live docs or the forums. Yes, you can search right from the sidebar. Another extra feature is that the links declared are all customizable, so you can customize your own sidebar according to your project, create internal or external links, or anything you like. Another extra feature is that the sidebar is completely skinnable via css, so you can make it look pretty!! So skin it and send over your screenshots.

ColdBox MVC, News, Tutorials 0

Win Free ColdBox Training!

Luis Majano
Oct 15, 2008

 

ColdBox Platform Official Training Seminars Announces One FREE Seat for October 2008 Seminar in Dallas, Texas
 
Rancho Cucamonga, CA, August 19th, 2008
We are announcing today a special opportunity for one lucky person to attend our October 2008 ColdBox Platform 101 seminar in Dallas, Texas for FREE.  For more information on ColdBox Platform Training or to enter for your chance at a FREE seat, please visit the ColdBox Training web site to download the official contest rules.

This is also a reminder that the Early Bird Pricing for the Training Seminar ends August 31, 2008 at Midnight.  So hurry up and get your training on, space is limited.

 

ColdBox MVC, News, Training 1

Reminder: Free ColdBox Training Ends Tomorrow

Luis Majano
Oct 15, 2008

 

This is just a reminder that tomorrow the Win Free ColdBox training contest ends. So get your submissions in, it is really easy.

ColdBox MVC, News, Training 0

Free ColdBox Training Date Extened and Hilarious Entry

Luis Majano
Oct 15, 2008

 

The submission date has been extended until Wednesday 27th at 5pm pacific time. The winner will be announced the following day August 28th. You can download the contest rules to see the updates if you want. Here is a snippet of a submission I got today, totally hilarious:

Dear Santa, I don't mean to sound ungrateful for the gifts that I've received over the years. The toy train set was great in 1976. My Atari 2600 was awesome in 1980. And who could forget the subscriptions to Playboy, Penthouse, Hustler, Oui, and Reader's Digest. Good times. But lately man: the presents have kind of sucked. 2006, I got a tie. A freakin' tie? I'm a programmer. 2007 was the month's supply of Rogaine. I understand the motivation there, but couldn't you have tested that on a bald elf first? Doesn't work. This year I'm asking for an early gift. Luis and Matt are offering the gift of free ColdBox training. If you could lend a hand and make that happen, I'll overlook the debacle of 2006's gift (really? A book on ASP.NET?), and that one year I saw you kissing my mom.
ColdBox MVC, Training 0

New ColdBox Flickr Group, Upload your media!

Luis Majano
Oct 15, 2008

 

New ColdBox Flickr Group is online: http://www.flickr.com/groups/coldbox/ Submit your media! Anybody can join, you can upload ColdBox related photos, screen shots and even video.

ColdBox MVC, News 0

ColdBox Eclipse Reference Plugins Updated

Luis Majano
Oct 15, 2008

 

The ColdBox Eclipse Reference Plugins have been updated to reflect all of the 2.6.1 API udpates. Please read this guide to learn how to install them or to update them, the version should be 1.0.5

ColdBox MVC, Releases 0