### Start ColdFusion Server on UNIX Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md After successful installation and configuration, this command is used to start the ColdFusion server process on UNIX systems. It is typically executed from the ColdFusion installation's bin directory. ```Bash /cf_root/cfusion/bin/coldfusion start ``` -------------------------------- ### Start ColdFusion 11 Installer on UNIX Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md This command initiates the ColdFusion 11 installation process from the current directory. The installer can be run in a graphical user interface (GUI) mode by appending the '-i gui' argument. ```Bash ./ ``` ```Bash ./ -i gui ``` -------------------------------- ### Configure Built-in Tomcat Connector - server.xml Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Shows an example of the `Connector` XML element in `server.xml` that needs to be uncommented or configured to enable the built-in Tomcat web server. ```XML ``` -------------------------------- ### Manage ColdFusion Server on Windows - Command Line Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Provides command-line instructions for starting, stopping, and restarting the ColdFusion server on Windows using `coldfusion.exe`. ```Batch coldfusion.exe -start -console coldfusion.exe -stop -console coldfusion.exe -restart -console ``` -------------------------------- ### Basic jQuery Split Pane Plugin Usage Example Source: https://github.com/foundeo/cfdocs/blob/master/assets/vendor/plugins/split-pane/README.md This example demonstrates the fundamental setup for using the jQuery Split Pane plugin. It includes the full HTML structure, inline CSS for layout and initial sizing of the components and the divider, and a small JavaScript snippet to initialize the plugin on the main split pane container. It emphasizes setting initial dimensions via CSS for progressive enhancement. ```HTML Basic Example
This is the left component
This is the right component
``` -------------------------------- ### CFScript For Loop Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Demonstrates a basic 'for' loop in CFScript, iterating a counter and performing operations within the loop block. ```ColdFusion for (i=1; i <= 5; i++) { // all statements in the block are looped over result = i * 2; writeOutput(result); } ``` -------------------------------- ### Manage ColdFusion Server on UNIX/Linux/macOS - Command Line Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Provides command-line instructions for starting, stopping, and restarting the ColdFusion server on UNIX, Linux, Solaris, and macOS using the `coldfusion` script. Also includes the command to check server status. ```Shell ./coldfusion start ./coldfusion stop ./coldfusion restart ./coldfusion status ``` -------------------------------- ### Run CFDocs Locally with CommandBox Source: https://github.com/foundeo/cfdocs/blob/master/README.md This snippet provides the command-line instruction to start the CFDocs local development server using CommandBox. CommandBox is an embedded CFML server that simplifies the setup process, allowing developers to browse the documentation locally. ```CommandBox CLI box server start ``` -------------------------------- ### Initialize Application Scope with onApplicationStart in ColdFusion Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/application.md This CFML example demonstrates how to use the `onApplicationStart` method within `Application.cfc` to initialize application-wide variables. The `application.something` variable is set when the application first starts, making it available throughout the application's lifecycle. ```cfml component { this.name = "myApplication"; function onApplicationStart() { application.something = "otherthing"; } } ``` -------------------------------- ### Manage ColdFusion Web Server Connectors via wsconfig Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md This collection of command-line examples demonstrates how to use the `wsconfig` utility to configure, manage, and unconfigure web server connectors for ColdFusion. It covers integration with IIS and Apache, including specific commands for setting up sites, associating them with ColdFusion clusters, and performing uninstallation or listing operations. The tool is crucial for establishing communication between ColdFusion and various web servers. ```Shell wsconfig.exe -ws iis -site ``` ```Shell wsconfig.exe -ws iis -site ``` ```Shell wsconfig.exe -ws iis -site -cluster ``` ```Shell (Windows only) wsconfig.exe ws apache dir ``` ```Shell (Linux or MAC only) ./wsconfig ws apache dir ``` ```Shell (Windows only) wsconfig.exe ws apache dir bin /httpd script /apachectl ``` ```Shell (Linux or Mac only) ./wsconfig ws apache dir bin /httpd script /apachectl ``` ```Shell (Windows only) wsconfig.exe -ws apache dir -cluster ``` ```Shell (Linux or MAC only) ./wsconfig -ws apache dir -cluster ``` ```Shell wsconfig.exe -remove -ws iis -site ``` ```Shell wsconfig.exe -remove iis -site ``` ```Shell ./wsconfig -remove ws apache dir ``` ```Shell ./wsconfig -remove ws apache dir bin /httpd script /apachectl ``` ```Shell ./wsconfig -uninstall ``` ```Shell ./wsconfig -list ``` -------------------------------- ### TestBox xUnit Style Test Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/testbox.md An example of an xUnit-style test case in TestBox, showcasing the use of the `$assert` object to perform direct assertions like `isTrue` and `notIsEmpty` within a test function. ```CFML component displayName="My Sweet Suite" extends="testbox.system.BaseSpec" { function testSomething() { var something = true; $assert.isTrue(something); $assert.notIsEmpty(something); } } ``` -------------------------------- ### CFScript If/Else If/Else Conditional Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Shows how to implement conditional logic using 'if', 'else if', and 'else' statements in CFScript to execute different code blocks based on various conditions. ```ColdFusion count = 10; if (count > 20) { writeOutput(count); } else if (count == 8) { writeOutput(count); } else { writeOutput(count); } ``` -------------------------------- ### Example Java Code for Car Object Interaction Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/java.md This hypothetical Java code snippet showcases common object-oriented patterns: creating an object via a factory method, setting properties, and retrieving related objects. It serves as a reference for understanding Java syntax before converting similar logic to CFML. ```Java Car myCar = CarFactory.create(); myCar.setDriver( new Driver("Pete") ); Driver myDriver = myCar.getDriver(); myDriver.eject(); ``` -------------------------------- ### CFScript Query Loop Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Demonstrates iterating over a query result set using a 'for (row in q)' loop in CFScript, accessing individual row data. ```ColdFusion q = queryNew("id,data", "integer,varchar", [ [11, "aa"], [22, "bb"], [33, "cc"] ] ); for (row in q) { writeOutput("#q.currentRow#:#row.id#:#row.data#;"); //result: 1:11:aa;2:22:bb;3:33:cc; } ``` -------------------------------- ### CFScript While Loop Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Illustrates the basic syntax for a 'while' loop in CFScript, which executes statements as long as a specified condition remains true. ```ColdFusion while (condition) { // statements } ``` -------------------------------- ### Example Obfuscated Cookie Name (Google Analytics Style) Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-session-management.md This example illustrates an obfuscation technique for a session cookie name, making it appear as a Google Analytics tracking beacon. The goal is to confuse potential hackers into dismissing it as unrelated to authentication, thereby enhancing security through obscurity. ```CFML __ga_tracking_beacon_ ``` -------------------------------- ### TestBox BDD Test Suite Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/testbox.md Illustrates a Behavior Driven Development (BDD) test suite in TestBox, defining a `describe` block for test grouping and an `it` block for individual specifications, including a basic `expect` assertion. ```CFML component extends="testbox.system.BaseSpec" { function run() { describe("A sweet suite", function() { it("contains spec with an awesome expectation", function() { expect( true ).toBeTrue(); }); }); } } ``` -------------------------------- ### Enable Symbolic Links in Tomcat Context - context.xml Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Describes how to enable OS symbolic links in Tomcat by adding the `allowLinking="true"` attribute to the `context` element in the `context.xml` file. ```XML ``` -------------------------------- ### Encrypt String using AES/CBC/PKCS5Padding in CFML Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-encryption.md This example illustrates how to encrypt a string using the `encrypt()` function in CFML, specifically employing the more secure AES/CBC/PKCS5Padding algorithm. It highlights that this mode generates a unique encrypted output for the same input due to its initialization vector mechanism, improving security over ECB mode. ```CFML myString = 'dog'; myKey = 'ITRkCTb/XMtGT0g99WUkKak/hhNvPml3k+UbsVDqSBE='; myAlgorithm = 'AES/CBC/PKCS5Padding'; myEncoding = 'HEX'; encString = encrypt( myString, myKey, myAlgorithm, myEncoding ); writeOutput( encString ); ``` -------------------------------- ### Accessing URL Parameters in ColdFusion Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/scopes.md This example illustrates how to retrieve and display parameters passed in a URL using the `URL` scope in ColdFusion. It shows how to access individual parameters like 'view', 'page', and 'mode', and also demonstrates conditional display based on the existence of a parameter like 'start' using `structKeyExists`. ```ColdFusion You're looking at #URL.view#'s page #URL.page# in #URL.mode# mode Start with letter: #URL.start# ``` -------------------------------- ### Configure ColdFusion JVM Settings - jvm.config Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Outlines key parameters within the `jvm.config` file for configuring the Java Virtual Machine (JVM) settings used by ColdFusion, including Java home, arguments, and class paths. ```Properties java.home: [Java home path] java.args: [JVM arguments, e.g., -Xmx512m] java.library.path: [Library path settings] java.class.path: [Additional classpath settings, comma-separated] ``` -------------------------------- ### CFScript Query Loop with cfloop (CF11+) Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Illustrates the CF11+ syntax for looping over a query using the 'cfloop' construct within CFScript, including grouping functionality. ```ColdFusion cfloop(query=q, group="fk") { writeOutput("#fk#"); } ``` -------------------------------- ### Change ColdFusion Installer File Permissions on UNIX Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Before executing the ColdFusion installer on UNIX, it is crucial to ensure the installation file has appropriate executable permissions. This command grants read, write, and execute permissions to all users for the specified installer binary. ```Bash chmod 777 ColdFusion_11_WWEJ_solaris64.bin ``` -------------------------------- ### Encrypting URL Parameters with AES/CBC/PKCS5Padding Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-encryption.md This example illustrates how to encrypt sensitive data passed as URL parameters using AES/CBC/PKCS5Padding. By encrypting both the parameter names (using hashing) and their values, it significantly reduces the risk of parameter tampering and makes it harder to guess the purpose of parameters. ```ColdFusion myKey = 'Ng12PCeRET7ESEfUqwJCA2TgWh3wadBk/SDx10U/8lI='; myAlgorithm = 'AES/CBC/PKCS5Padding'; myEncoding = 'HEX'; Edit Profile ``` -------------------------------- ### Generate Private Key for HTTPS with keytool Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Generates a private key and self-signed certificate in a keystore file (.jks) using the Java `keytool` utility. This is a prerequisite for setting up HTTPS communication for ColdFusion remote instances. ```Shell cfroot\jre\bin\keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks ``` -------------------------------- ### Dual Syntax for cfthread in CFScript (CF9 vs CF11+) Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Illustrates the evolution of cfthread syntax in CFScript, showing both the older CF9 style and the newer CF11+ style for thread creation and management. ```ColdFusion //CF9 syntax thread action="run" name="testName" { thread.test = "CFML"; } ``` ```ColdFusion //CF11 syntax cfthread( action="run", name="testName") { thread.test = "CFML"; } ``` -------------------------------- ### Configure Jetty Server for HTTPS SSL Listener Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Adds an SSL connector configuration to the Jetty server's `jetty.xml` file, enabling HTTPS on port 8443. This configuration specifies the keystore, passwords, and truststore paths required for secure communication. ```XML 8443 30000 /etc/server.jks changeit changeit /etc/server.jks changeit ``` -------------------------------- ### Uninstall ColdFusion on UNIX Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Commands to navigate to the ColdFusion uninstall directory and execute the uninstallation script on a UNIX-like operating system. ```Shell cd cf_root/uninstall ./uninstall.sh ``` -------------------------------- ### Import Certificate to Local Host Truststore with keytool Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Imports the remote host's self-signed certificate into the local ColdFusion JRE's `cacerts` truststore. This step is crucial for the local host to trust the remote server's certificate, enabling secure HTTPS communication. ```Shell cfroot\jre\bin\keytool.exe -importcert -keystore "cfroot\jre\lib\security\cacerts" -file selfsignedcert.cer -storepass password ``` -------------------------------- ### ColdFusion 11 Default Directory Structure Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md This section describes the default directory structure created by a ColdFusion 11 installation, detailing the purpose and contents of key subdirectories within the main '_cfusion_' folder. ```Filesystem _cfusion_: bin: Programs for starting, stopping, and viewing information for ColdFusion, and to run Crystal Reports (Windows only). It also contains the password reset scripts for server administrator and Admin Component for remote server start and stop. cache: Repository for temporary files from ColdFusion. cfx: Sample C++ and Java CFX files with their supporting files. You can also store your CFX files in this directory (although you can put them in any location that is defined in your classpath). charting: Files for the ColdFusion graphing and charting engine. CustomTags: Repository for your custom tags db: The sample Apache Derby databases for all platforms. gateway: Files for ColdFusion event gateways. jetty: Solr configuration files and files related to remote instance start and stop. jintegra: (Applies only to Windows) JIntegra programs, libraries, and other supporting files (for example, to integrate Java and COM code; manage access to ActiveX controls (OCXs) that are hosted in a graphical user interface (GUI) container; and register the JVM and type libraries). (Applicable only for Windows.) jnbridge: Files for .NET Integration Services. lib: JAR, XML, property, and other files that are the foundation of ColdFusion, for functionality such as queries, charting, mail, security, Solr, and system probes. logs: Repository for ColdFusion log files. JRE-specific log files are in the runtime/logs directory. Console outputs are logged in to coldfusion-out.log instead of cfserver.log. ``` -------------------------------- ### Generate Private Key and Keystore for HTTPS Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Generates a new RSA key pair and stores it in a JKS keystore file. This key is essential for establishing secure HTTPS communication for the ColdFusion Admin Component on the remote host. ```Shell cfroot\jre\bin\keytool -genkeypair -alias certificatekey -keyalg RSA -validity 7 -keystore keystore.jks ``` -------------------------------- ### Generate AES Encryption Keys with generateSecretKey() Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-encryption.md This snippet demonstrates how to generate secret keys for AES encryption using the `generateSecretKey()` function in CFML. It shows examples for generating both 128-bit (default) and 256-bit AES keys, noting the compatibility requirements for 256-bit keys (CF10+ or Lucee4.5+). ```CFML // generate a 128 bit AES encryption key writeOutput( generateSecretKey( 'AES' ) ); // generate a 256 bit AES encryption key CF10+ Lucee4.5+ writeOutput( generateSecretKey( 'AES', 256 ) ); ``` -------------------------------- ### ColdFusion Closure Basic Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/closures.md Demonstrates the fundamental concept of a ColdFusion closure, where an outer function returns an inner function that retains access to the outer function's variables. Shows how multiple closures can be created from a single outer function, each with its own retained environment. ```ColdFusion function helloTranslator(String helloWord) { return function(String name) { return "#helloWord#, #name#"; }; } helloInHindi = helloTranslator("Namaste"); helloInFrench = helloTranslator("Bonjour"); writeOutput(helloInHindi("Anna")); //closure is formed. //Prints Namaste, Anna. writeOutput("
"); writeOutput(helloInFrench("John")); //Prints Bonjour, John. ``` -------------------------------- ### Export Self-Signed Certificate for HTTPS with keytool Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Exports the previously generated self-signed certificate from the keystore to a .cer file. This certificate will be imported into the local host's truststore to establish trust for secure communication. ```Shell cfroot\jre\bin\keytool -export -alias certificatekey -keystore keystore.jks -rfc -file selfsignedcert.cer ``` -------------------------------- ### Generate SSL Certificate with Java Keytool for ColdFusion Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md This command utilizes the Java `keytool` utility to generate a new keystore and a self-signed certificate. This certificate is crucial for enabling SSL on the ColdFusion server. The command prompts the user for various details such as organizational information and uses the RSA key algorithm. ```Shell cfroot\jre\bin\keytool -genkey -alias tomcat -keyalg RSA ``` -------------------------------- ### Export Self-Signed Certificate from Keystore Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Exports the public certificate from the generated JKS keystore to a .cer file in RFC format. This certificate will be imported into the local host's truststore to enable secure communication. ```Shell cfroot\jre\bin\keytool -export -alias certificatekey -keystore keystore.jks -rfc -file selfsignedcert.cer ``` -------------------------------- ### ColdFusion Nested Ternary/Elvis Operator Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/elvis.md Shows an example of nesting ternary or Elvis operators in ColdFusion. While functional, this pattern is generally discouraged due to reduced readability. The example classifies a value as numeric, alphabetic, or neither. ```ColdFusion result = stage1.firstOperand ? stage1.secondOperand : stage2.firstOperand ? stage2.secondOperand : stage1.thirdOperand; value = "nineteen"; result = isNumeric(value) ? "it's numeric" : (reFind("[A-Za-z]",value) > 0) ? "it's alphabetic" : "it's neither"; // "it's alphabetic" ``` -------------------------------- ### Configure Jetty for HTTPS SSL Listener Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Adds an SSL connector configuration to the Jetty server's 'jetty.xml' file. This enables HTTPS on port 8443, specifying the keystore path, passwords, and truststore for secure communication with the ColdFusion Admin Component. ```XML 8443 30000 /etc/jks-file.jks changeit changeit /etc/jks-file.jks changeit ``` -------------------------------- ### ColdFusion Ternary Operator Full Usage Example Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/elvis.md Demonstrates the full ternary operator syntax in ColdFusion, evaluating a condition and returning one of two results. This example checks if the string 'nineteen' is numeric. ```ColdFusion result = isNumeric("nineteen") ? "it's numeric" : "no it isn't"; // "no it isn't" ``` -------------------------------- ### ColdFusion Array Manipulation: Standard vs. Member Functions Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/member.md This example illustrates how to perform common array operations like creation, appending, and sorting using both the traditional ColdFusion functions and the more modern member function syntax. ```ColdFusion // The standard way var myArray = arrayNew(1); arrayAppend(myArray, "objec_new"); arraySort(myArray, "ASC"); ``` ```ColdFusion // The member way myArray.append("objec_new"); myArray.sort("ASC"); ``` -------------------------------- ### Stop ColdFusion Server on UNIX Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md This command is used to gracefully stop a running ColdFusion server process on UNIX systems. It ensures that all processes are terminated cleanly. ```Bash /cf_root/cfusion/bin/coldfusion stop ``` -------------------------------- ### Invoke Static Java Method (getRuntime) for Runtime Access in CFML Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/java.md This snippet demonstrates using a static Java method, java.lang.Runtime.getRuntime(), as an entry point to access a Java API. After obtaining an instance of the Runtime object via the static method, an instance method like availableProcessors() can then be called on it. ```CFML runtime = createObject("java", "java.lang.Runtime").getRuntime(); writeOutput( runtime.availableProcessors() ); ``` -------------------------------- ### ColdFusion: hash() Function API Reference Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-obfuscation.md Detailed API documentation for the ColdFusion `hash()` function, which generates a hash of a string. It supports various algorithms, encodings, and iteration counts, making it suitable for parameter obfuscation. ```APIDOC hash(string: String, algorithm: String, encoding: String, iterations: Integer): String string: The input string to be hashed (e.g., original parameter name). algorithm: The hashing algorithm to use (e.g., 'SHA-384', 'SHA-512'). encoding: The character encoding for the input string (e.g., 'UTF-8'). iterations: The number of hashing iterations to perform, increasing computational cost for attackers. ``` -------------------------------- ### CFScript Break and Continue Statements in Loops Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Demonstrates the use of 'continue' to skip the current iteration and 'break' to exit a loop prematurely in CFScript, based on specified conditions. ```ColdFusion for (row in q) { if (row.skip) { continue; } //do stuff... } ``` ```ColdFusion for (row in q) { if (q.currentRow > 5) { break; } //process rows 1-5 } ``` -------------------------------- ### Import Certificate into Local JRE Truststore Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Imports the self-signed certificate (exported from the remote host) into the local Java Runtime Environment's 'cacerts' keystore. This step is crucial for the local ColdFusion Administrator to trust the remote server's HTTPS certificate. ```Shell cfroot\jre\bin\keytool.exe -importcert -keystore "cfroot\jre\lib\security\cacerts" -file selfsignedcert.cer -storepass password ``` -------------------------------- ### Chaining ColdFusion String and List Member Functions Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/member.md This example showcases the ability to chain multiple member function calls on a string variable, demonstrating a concise way to perform sequential transformations like list manipulation, case conversion, and reversal in ColdFusion. ```ColdFusion s = "the"; s = s.listAppend("quick brown fox", " ") .listAppend("jumps over the lazy dog", " ") .uCase() .reverse(); ``` -------------------------------- ### CFML Tags Not Directly Supported in CFScript Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/script.md Lists CFML tags that do not have direct script support and suggests alternative CFScript functions for equivalent functionality. ```ColdFusion (infinite loop :) (use writeOutput() instead) (use writeDump() instead) (use invoke() instead) (use createObject instead) ``` -------------------------------- ### ColdFusion: Retrieve Obfuscated URL Parameters Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-obfuscation.md Illustrates how to retrieve values from URL parameters whose names have been obfuscated using the `hash()` function. The 'v' prefix is used to ensure compliance with HTML parameter naming conventions. ```ColdFusion param name="URL['v' & hash( 'userId', 'SHA-384', 'UTF-8', 500 )]" default="0"; param name="URL['v' & hash( 'name', 'SHA-384', 'UTF-8', 1000 )]" default=""; param name="URL['v' & hash( 'departmentId', 'SHA-384', 'UTF-8', 750 )]" default="0"; ``` -------------------------------- ### ColdFusion: Obfuscate URL Parameter Names with Hashing Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-obfuscation.md Demonstrates how to dynamically generate URLs where parameter names are obfuscated using ColdFusion's `hash()` function. This technique makes it harder for attackers to guess parameter meanings, improving 'security through obscurity'. ```ColdFusion Edit Profile ``` -------------------------------- ### ColdFusion 4.5: Scopes as Structures and Java Integration Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/coldfusion-versions.md Demonstrates how common ColdFusion scopes like `url`, `cgi`, `form`, and `cookie` became accessible as structures, improving data access. It also shows early examples of Java integration through `createObject` and `cfservlet`. ```ColdFusion Markup Language (CFML) ``` -------------------------------- ### CFML Documentation JSON Schema Field Reference Source: https://github.com/foundeo/cfdocs/blob/master/README.md Detailed descriptions for each field within the CFML documentation JSON schema, explaining their purpose, valid values, and usage. This serves as a comprehensive guide for contributors creating or updating documentation entries. ```APIDOC name: The name of the tag or function, use lowercase. type: Either `function` or `tag` or `listing` a *listing* is how categories are made, they simply contain a `name`, `description`, and a list of `related` items. syntax: The basic syntax of the tag or function script: For tags, shows how the tag would be invoked from cfscript. member: For functions, shows the available member function syntax. returns: The returntype of a function. Valid options are: `any`, `array`, `binary`, `boolean`, `date`, `function`, `guid`, `numeric`, `query`, `string`, `uuid`, `variableName`, `void`, `xml`. Default value is `void`. related: An array of tag or function names that are related to this item. description: A short description of the item. discouraged: If this key exists and has content a warning is displayed stating that the tag or function is discouraged by the CFML community. params: Array of structures containing information about the attributes of a tag, or arguments of a function. engines: CFML engine implementation specific info goes here, for example if it was added in CF10 and Railo 4.1 you can add that in `minimum_version` if something was changed in CF11, you can add notes about what changed. The `docs` key should point to a url for vendor documentation. links: Use this to link to blog entries or other useful related content. examples: Show example code. It is very helpful to readers to use the `result` to show the expected result of the code sample when applicable. This has to be JSON, so you can to do `\n` for newline, double quotes must be escaped `\"`. The `runnable` is a boolean that determines if the _Run Code_ button shows up next to the example. ``` -------------------------------- ### Create Java Object Instance with Constructor in CFML Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/java.md This snippet demonstrates how to instantiate a Java class, specifically java.io.File, within CFML. It shows the use of createObject("java", "className").init() to call a Java constructor, allowing CFML to interact with Java objects and their instance methods. ```CFML currentFile = createObject("java", "java.io.File").init( getCurrentTemplatePath() ); writeOutput( currentFile.lastModified() ); ``` -------------------------------- ### Change Built-in Web Server Port - server.xml Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/installCF/install.md Illustrates how to modify the `server.xml` file to change the port of the ColdFusion built-in web server (Tomcat). It shows the `Connector` element where the `port` attribute can be updated. ```XML ``` -------------------------------- ### CFML Implicit vs. Explicit Array and Struct Initialization Source: https://github.com/foundeo/cfdocs/blob/master/CONTRIBUTING.md This snippet illustrates the use of implicit (shorthand) notation for initializing arrays and structs in CFML, contrasting it with the equivalent explicit function calls. It demonstrates that `[]` is equivalent to `arrayNew(1)`, `{}` to `structNew()`, and `[:]` to `structNew('ordered')`. ```CFML arr = []; // implicit // is the same as arr = arrayNew(1); unorderedStruct = {}; orderedStruct = [:]; // is the same as unorderedStruct = structNew(); orderedStruct = structNew('ordered'); ``` -------------------------------- ### SecurityService.cfc Data Encryption and Decryption API Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-encryption.md API documentation for the `dataEnc` and `dataDec` functions found in the `SecurityService.cfc`. These functions provide a convenient abstraction for applying encryption and decryption based on a specified scope, allowing for different keys and algorithms to be used for URL, form, cookie, or database contexts. ```APIDOC SecurityService.cfc: dataEnc(string: string, scope: string) string: The data string to encrypt. scope: The scope for encryption (e.g., 'URL', 'FORM', 'COOKIE', 'DATABASE'). Returns: Encrypted string. dataDec(string: string, scope: string) string: The encrypted string to decrypt. scope: The scope used for encryption (e.g., 'URL', 'FORM', 'COOKIE', 'DATABASE'). Returns: Decrypted string. ``` -------------------------------- ### Encrypting Usernames with Multi-Pass ECB for Consistent Lookup Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-encryption.md This snippet demonstrates how to encrypt a username using multiple passes with different algorithms and keys in ECB mode. This approach is necessary when the encrypted value needs to be consistently reproducible for database lookups, unlike CBC mode which produces unique outputs for the same input. ```ColdFusion myUsername = 'bob@bob.com'; myKey1 = 'RQr9IRygGQtguVEHvKh4WLgs5wz3V+BZIq82GKM5FrI='; myAlgorithm1 = 'AES'; myEncoding1 = 'HEX'; myKey2 = '7SlPIgphVuR8sTGjBdKHBUqw2wss1XKwz5vYZXn7TY0='; myAlgorithm2 = 'BLOWFISH'; myEncoding2 = 'BASE64'; myKey3 = 'zZYZVmsNFMqZcz0SzKMGPtCixdP9CWfmV3/xu9cwCRA='; myAlgorithm3 = 'AES'; myEncoding3 = 'HEX'; encUsername = encrypt( myUsername, myKey1, myAlgorithm1, myEncoding1 ); encUsername = encrypt( encUsername, myKey2, myAlgorithm2, myEncoding2 ); encUsername = encrypt( encUsername, myKey3, myAlgorithm3, myEncoding3 ); writeOutput( encUsername ); ``` -------------------------------- ### Invoke Static Java Method (currentTimeMillis) in CFML Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/java.md This example illustrates how to call a static method from a Java class, such as java.lang.System.currentTimeMillis(), in CFML. It highlights that even for static methods, createObject is used to obtain a reference to the class before invoking the method directly on that reference. ```CFML javaSystem = createObject("java", "java.lang.System"); currentTime = javaSystem.currentTimeMillis(); writeOutput(currentTime); ``` -------------------------------- ### Example Obfuscated Cookie Name (Hashed) Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-session-management.md This CFML snippet shows how to generate an obfuscated cookie name using the `hash()` algorithm with SHA-256. While this method provides a unique name, it is generally less effective at confusing attackers than names designed to mimic common, non-authentication-related cookies. ```CFML __#hash( 'some_cookie_name', 'SHA-256', 'UTF-8', 25 )# ``` -------------------------------- ### TestBox Expectation Negation and Chaining Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/testbox.md Demonstrates how to negate an expectation using the `not` keyword and how to chain multiple expectations together for more complex and readable assertions in TestBox. ```CFML expect(5).notToBe(6); expect(5).notToBe(6).toBeGT(0).toBeLT(10); ``` -------------------------------- ### TestBox Common Assertion Methods Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/testbox.md A reference for common assertion methods available via the `$assert` object in TestBox, used for direct assertions in xUnit-style tests. Includes checks for boolean values, equality, key existence, and length. The `message` argument is optional. ```CFML //assert that value is true $assert.isTrue(value, message); //assert that value is false $assert.isFalse(value, message); //assert that expected is equal actual, no case is required. $assert.isEqual(expected, actual, message); //assert that the struct has the given key $assert.key(struct, key, message); //assert the length of a string, array, structure or query $assert.lengthOf(object, length, message); ``` -------------------------------- ### Redirect to Login if Session Cookie is Missing (CFML) Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/security-session-management.md This ColdFusion code checks for the presence of a predefined session cookie (`application.cookieName`). If the cookie is not found, it redirects the user to the login page, optionally passing a message parameter. This example uses `variables.fw.redirect` for fw/1, but `cflocation` could be used for direct redirection. ```CFML // we're not, check if the session cookie is defined if ( !structKeyExists( cookie, application.cookieName ) ) { // it isn't, redirect to the login page variables.fw.redirect( action = 'main.login', queryString = "msg=501" ); } ``` -------------------------------- ### Instantiate ColdFusion Component with positional and named arguments Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/new.md Shows how to create an instance of the `Dog` component using the `new` operator in CFScript, demonstrating both positional and named argument passing for the constructor. Named arguments provide more clarity and flexibility. ```CFML pet = new Dog( "fido" ); ``` ```CFML ``` ```CFML pet = new Dog( breed="pitbull", name="hank" ); ``` -------------------------------- ### Type Cast Java Primitives in CFML with javaCast Source: https://github.com/foundeo/cfdocs/blob/master/guides/en/java.md This example demonstrates how to perform type casting for Java primitive types within CFML using the javaCast function. It's crucial when passing CFML values to Java methods that expect specific primitive types, ensuring correct method overload resolution and data handling. ```CFML integerObject = createObject("java", "java.lang.Integer"); maxInt = integerObject.max(javaCast("int", 5), javaCast("int", 6)); ```