cftopper.com

Tip: Easily protect your include files

Hi All. Sorry I haven't posted in a while, I've been very very busy. Thanks to everyone who has been encouraging me to release our Content Management Software I demonstrated as CFUnited EUrope... soon I promise.

I just thought I'd share this quick and useful tip:

Put the following code in all your Application.cfm or Application.cfc fles to automatically protect your include files such like "inc_test.cfm" or "act_deleteUser.cfm" from being called directly.

UPDATE: This code had a bug which was fixed 30th April 2008
<!--- Any script such as inc_file.cfm or dsp_file.cfm can not be called directly --->
<cfif mid( ListLast( cgi.script_name, "/" ), 4, 1 ) IS "_">
    <cflocation url="#APPLICATION.siteURL#" addtoken="no" />
</cfif>

There is some code in fusebox that prevents calling files other than index.cfm but we have found this too limiting.
Tags: ColdFusion | Tips
Posted by Topper at 12:38PM Permalink Comments [4] - Leave a comment

CFUnited Europe 2008

Mission accomplished - I spoke at CFUnited and survived.

Charlie Arehart was nice enough to give me some tips and help me rearrange and improve my Powerpoint presentation for the 2 hours before my talk.

With minutes to go, I saved my Powerpoint and suspended my laptop, then headed upstairs to the conference room. Now this was my first time speaking in front of more than 6 people and I was extremely nervous.

I get to the conference room and there are a few people in there already. I head up to the stage, laptop in hand and start setting up... I hit the power button to restore my laptop and.... what the hell... my laptop is rebooting, not restoring.

OK, not too bad, I'll just have to start ColdFusion, open the presentation and Firefox windows again. My laptop takes an age to start up.

So I am 3 minutes into the presentation and still waiting for my laptop to warm up. Fortunately there are still a few stragglers filing into the small conference room.

I double click to open the presentation and wait. And wait. It is taking ages to open. My laptop is being projected onto the 8 foot screen; everybody in the room feels my pain when Powerpoint reports that the file is corrupt and asks if I would like to restore it. Hell yes, restore that thing and fast.

I start the presentation. My freyed nerves are shattered but the show must go on. I start into the slides and notice something strange on the "About Me" slide. It's not exactly right.

Then I get to the "Contents" slide and notice that all the changes Charlie helped me make have been lost. Now this is a major curveball - there were entire topics that I had dropped, new sections I added and the whole thing had been rearranged.

Next disaster. The first section in my presentation should have been the last - it's all about "Source Control". I ask for a show of hands to make a point - "How many people in this room use source control". I had expected about 4 hands. I am dismayed to see that of the room of maybe 35 people, only 1 does not have his hand up.

Anyhow, I persevered and bluffed my way through the rest of the presentation. I'd like to thank everybody who was in the audience for their support. As promised here is the real presentation. Hopefully you all got something from the rest of the presentation. Topics covered:
  • Quick Tip: AJAX debugging
  • Supporting Different Timezones
  • Foreign Language Support
  • Advanced File Uploading
  • Quick Tip: CSS Hacking for IE6
  • Working with Multiple Domains
  • Database “Sharding”
  • Source Control.
I also gave a demo of our content management system, TeamworkCMS, and it's powerful plug-in architecture. As promised this will be released in May 2008. Stayed tuned.

I learned a lot from this experience and i'm sure that next time, i'll be more prepared and much more confident. It was a great experience all-in-all. 
This is the latest CF9 prototype (codename MoHawk):
CF9 (foot) at CFUnited 2008
Tags: ColdFusion
Posted by Topper at 12:01AM Permalink Comments [8] - Leave a comment

I'm speaking at CF-United Europe!

I'm going to be speaking at CF-United Europe! It's my first real public-speaking effort so please lend your support.

The topic is:
How we made it: Teamwork Project Manager - tips for development of highly-scalable web2.0 apps in ColdFusion.

We developed Teamwork Project Manager over the last 7 months. There aren't many web2.0 CF apps taking on the Ruby crowd these days and I think my speech will be interesting.

Some items would include:

  • Industry Analysis
  • Ajax & ColdFusion
    • Debugging techniques
    • Processing the response
    • Using JSON with CF
  • Handling Multiple Domains with one application
  • Advanced file uploading - hundreds of files in one go
  • Database design
  • Scalability
  • Support
  • Sales & marketing
Tags: ColdFusion | My Work | Teamwork Project Manager
Posted by Topper at 03:01PM Permalink Comments [4] - Leave a comment

Another reason to hate IE

Like we need another reason to hate IE. But here it is.

I recently implemented rounded edges throughout Teamwork Project Manager and it's a painful process involving nested divs and workarounds for IE6 glitches.

Today I was procrastinating on Digg.com and I stopped to admire the rounded edges on their notification bar.

Digg.com - nice rounded edges

I decided to look at the page source to to see their nested divs - are they using 4 nested divs for maximum flexibility bar with rounded edges - 1 div for each corner, or, where they using just 2 divs - one for each side with a height limitation?

The answer perplexed me - They just had something like <div id="announce"><p>Check out...</p></div>.

I thought "they must be using the <P> tag as a container with a background image" so I download their CSS source code and was confounded to see this:

     -moz-border-radius: 1em;
     border-radius: 1em;

What in the blazes is that? CSS supports rounded edges? My pain was for nought? Could I have just shoved these 2 lines of code in and saved myself hours of work?

In a perfect world, a world without Internet Explorer, then yes, I could. If you are using FireFox, this entire post will have rounded edges. If you are using IE, you'll just see a plain box.

Here you see the same announcement banner in IE - notice anything different?

Digg.com - no rounded edges in IE

Here is another example.

Rounded edges browser comparison
I hereby confirm, IE sucks.
Tags: CSS | Rant | WebDev
Posted by Topper at 02:11PM Permalink Comments [7] - Leave a comment

Announcing CF Debug Live Link (free tool for CF Developers)

Want to save time developing ColdFusion applications? - Just install CF Debug Live Link.

It changes the links in the standard ColdFusion MX 7 debugging output so that when the file names are clicked, they open for editing instantly.

CF Debug Live Link - turns file names into clickable links to quickly edit files

It does this by registering a protocol handler with Windows, which in turn calls a small .net application which tells your editor of choice to edit the file.
It's Windows / CFMX7 Only. Tested on both Vista & XP.

I made a simple installer so you can install this in seconds.


NOTE: By default, CF Debug Live Link is configured for Homesite+ but you can change this to any editor by editing C:\Program Files\CF Debug Live Link\cfdebugfilelink.exe.config
Posted by Topper at 12:45PM Permalink Comments [4] - Leave a comment

Teamwork Project Manager - The story

We hear a lot about people building web2.0 apps like Twitter using Ruby on rails. Rarely do we hear a mention of ColdFusion being use to build a scalable high-availability ajax enabled application. But at Digital Crew we recently launched Teamwork Project Manager - an application that as the name suggests, allows organisations to manage their internal and external projects and get productive.

The whole thing is built on our own 'SiteEngine' framework using ColdFusion and MySQL.

Here is the story so far.

The Teamwork Project Manager Story

January 2007


Peter Coppinger & Dan Mackey founded their company Digital Crew almost 8 years earlier and have made a living building websites, intranets and custom web-based solutions for clients in Cork, Ireland. At this point their company has a good reputation internationally and they sell website components online.

However they found themselves up to their eyeballs in client projects.
Peter Coppinger says, "Every Monday we held a meeting and discussed the current projects - reassigned tasks and set milestones. We maintained a large whiteboard separated into 5 segments - Active Projects. Upcoming Projects, Sales, Meetings and Billing.

The whiteboard was neatly organised and gave us a sense that we were organised.... but we weren't.

The meetings were taking longer and longer. We knew we needed a better system.".

March 2007


Peter and Dan spent some time reviewing and using project management software. Many are very expensive and all are overly complex. They wanted something intuitive that doesn't take time to learn and maintain. Something everybody in the company can use - not just the project manager.

Peter dreams of a software system that would basically manage a company. Call it a project management system, if you will - something extremely easy-to-use and generic enough that it could be used by all sorts of companies. He starts scribbling ideas on paper. In the morning he returns to work and the confused whiteboard overlord.

May 2007


Peter and Dan discuss the software they want to make almost daily now. And they have a name - Teamwork Project Manager (styled after TeamworkCMS - Digital Crew's bespoke website content management system).

A credos is set - "Project Management Made Easy!"

Peter and Dan are too busy with 'real work' to dedicate time to developing the product idea. But fate intercedes and a manager from a multinational client calls Peter to ask if he would have time to do a "simple" project management system. They want something extremely easy-to-use that would list upcoming and late milestones. This is the opportunity Peter has been waiting for. He eagerly tells the client about the software he has been thinking about making for a while and the client agrees that it is exactly what they need.

Peter first reviews other popular project management systems to find out what they are doing right and what they are doing wrong. Although other Project Management solutions exist, they are all too slow, clunky and badly designed. None are what the client wants and Peter has in his head. He makes a list what he likes and dislikes and puts pen to paper designing the software.

While on holiday to visit his sister in Boston for 3 weeks, Peter shamelessly neglects holidaying to stay up night-and-day working on the 'Project Management System'. Dan, busy with other client work back in Cork, checks in every morning. Screenshots fly back and fourth but Peter is reluctant to show the software running "until it's ready". Dan, also passionate about the development of their first "real" product, provides a steady steam of encouragement and suggestions.


June 2007


The software is installed for the client. Peter nervously waits for their feedback. Will they love it or loath it? Peter checks back an hour later and the client manager has already set-up several projects, added staff, assigned tasks and milestones. Just then, the phone rings. The client manager tells Peter that this is exactly what he was looking for. He was able to use it right off-the-bat with no instruction manual. Software, the way it should be.


August 2007


Dan works post-haste on TeamworkPM adding his fair share of sleepless-nights to the tally. The software is lovingly sculpted bit-by-bit with sometimes heated 'discussions' over items such as the color of a link. Their mission is simple - to make the worlds most east-to-use, fastest and best Project Management System.


September 2007


Weeks of preparation. Servers are set-up. Database is optimized. Software continually improved. The promotional website is made. And finally the launched date is set.


October 2007


Everything is ready and has been tested a hundred times.
Teamwork Project Manager is launched on October 4th 2007.

Almost immediately, through their respective software development blogs, curious users start browsing the website and Teamwork Project Manager receives it first sign up within a hour of launch!

It's only been 3 weeks so far and the feedback has been great. We didn't expect the sales to start until at least the 30-day mark but we things are going better than expected. We believe we have a great product and we are now working hard on the marketing side of things.
Stay tuned to the blog. I look forward to updating this story.

Thanks for reading the story. So far we have had a great response and we are continually improving the software. We believe that our software lives up to our credos - "Project Management Made Easy". We want the software to be so easy-to-use, our own computer-shy mothers could use it (and indeed they do).

We are working extremely hard to deliver more features and continually improve TeamworkPM. Please try Teamwork Project Manager for free.
Tags: ColdFusion | Teamwork Project Manager
Posted by Topper at 09:59AM Permalink Comments [0] - Leave a comment

Teamwork Project Manager - Password stored securely

RE: Teamwork Project Manager - Project Management made Easy!

That feedback feature I added has worked out great so far. We've got some great suggestions and enquiries in.

One customer used to feedback option to contact us. He had used the option to retrieve a lost password and wondered why the password we emailed him was different to the password he originally provided.

The answer, I replied, is security.
We do not store your passwords!

Instead we store a HASH of the passwords.
A HASH is a one-way transform. For example in the database, the password "tulsar256" might have been transformed to a string like "DDC3954CB4BC3AFE4A278BE8D7A1662" using hashing. And there is no way to determine what the original password is from this string.

So when you login, we convert the password your have entered into another hash and then compare it to the hash we have stored in the database.

This is all great and gives our customers that extra little piece of mind - knowing that even if we wanted to, we couldn't see what passwords you are using. However we can't just email you with your password now when you forget it - we simply don't know it.  Instead we email you a hash of a your password hash.

So we have absolutely no idea what our customer passwords are (and we shouldn't know!).  Many people use the same password on several sites and all IMHO all sites that care about their customers security should use hashing for storing all passwords.

Teamwork Project Manager - Project Management made Easy!

Tags: Online | Tips
Posted by Topper at 05:39PM Permalink Comments [2] - Leave a comment

TeamworkPM - 24 hours in

It's been 24 hours since we launched Teamwork Project Manager.

...and we've had a monkey-load of installations!
Just about everybody is using the free account... so I guess we'll have our work cut out convincing people to upgrade but that's OK... I relish the challenge.

OK, I've decided that i'm going to try to add at least one feature, bug fix or enhancement everyday. Today I added something that really should have been there from the start... the ability to um, well, cancel one's account if you must.

Cancel Account


Not a feature I relished in adding but it had to be done. Before we cancel the account, we try to encourage the user to let us know where it all went wrong. We are really dedicated to making this the best project management system and if we are losing a user, we would love to learn from it.

Cancel account form

Feedback


You might have noticed I beg the user to provide us with some feedback instead of just quitting. So I had to get the feedback form done quickly today also. The feedback link is available at the bottom of every page so hopefully we'll get some good feedback to help us further shape and improve the product and blow the competition away.

Feedback Form


That's it for today - stay tuned - more features (hopefully more interesting) tomorrow.

Update

I was just looking at the site stats - not bad for 24 hours in. It feels like we are having an effect. Hello to the 1 guy/gal in Thailand and the 1 guy/gal in Moscow who checked in on us. And thanks to everybody who has created an installation so far. Spread the word!

Visit map after 24 hours
Posted by Topper at 07:50PM Permalink Comments [0] - Leave a comment

About Topper on ColdFusion

Peter Coppinger aka Topper is a neurotic web monster who spends most of his chaotic life developing ColdFusion web applications when not drinking himself into a stupor and scheming his plans for world dominance.

Peter founded Digital Crew way back in 1999. Digital Crew run CFTagStore.com and have also produced lots of powerful ColdFusion tools like ProFlashUpload and CFMyAdmin.

I made this site to share my thoughts, tips and tools with fellow ColdFusion developers.

If your a ColdFusion developer, go ahead and subscribe to this site and in exchange i'll try to provide quality content to make it worth your while.
RSS Feed for Topper on ColdFusion

My ColdFusion Software

My Blogs

Digging

My Work - Just Finished

  • modules.cit.ie
    Web-=based modules/programmes designer tool and database system for Cork institute of technology.
  • Teamwork Project Manager
    The top secret project is finally released. The project management app will rock your world - give it a go.
  • PMG
    New website for Project Management Group website.
  • Digital Warehouse Wholesale
    Added wholesale products to existing client website.
  • New Digital Crew documentation website
    New version of documentation.digital-crew.com using new InfinityCMS site engine. It's done now. Just add content.
  • PFH Company Webite
    New website/CMS/Newsletter System for prestigious Irish IT company.
  • Module Manager for CIT
    CIT is switching to module based courses. We are making an application for managing/submitting these modules. Gettig there.
  • Bons Secours Cork Hospital Intranet
    New Intranet for Bons Secours hospital in Cork. Considering turning this Intranet system into stand-alone product.
  • Revamping InfinityCMS
    I'm making major improvements to our content management solution, InfinityCMS. Making it faster, more powerful and easier to check into/out-of source control. Done but it's always going to be evolving.
  • BPC Update
    Minor functionality update for internal Pfizer Best Process Chemistry project.

Archive

Tags