[Looking for Charlie's main web site?]

CF911: High CPU in #ColdFusion? Some common but perhaps unexpected causes

I often help people who are reporting that CF is "running hot on the CPU", maybe reaching 80 or even 100% of the CPU, whether in spikes or for extended periods. What might you propose people look at, when you've heard that? I've heard all kinds of things over the years, often focused on coding, or perhaps jvm tuning.

But as is often the case in a lot of the CF server troubleshooting consulting I do, I find the causes to be far less often what most people seem to suspect. So what would I look for when someone reported high CPU in ColdFusion (or Railo)? Read on.

[....Continue Reading....]

#ColdFusion Lockdown/Security guides: there are several, and some you may have missed

While helping people with various problems in my CF server troubleshooting services, I often have the chance to help people identify security vulnerabilities, especially in their configuration of CF and/or their web server, and sometimes related to their code.

I was wanting to point out to someone the various ColdFusion security resources, and while I have a category on them in my CF411 site, I thought this was a list worth pulling out into its own blog entry and expanding a bit.

You may be surprised to find that there are more to CF security guidelines than just the venerable server "lockdown guide" (for those administering and configuring CF, the OS, and the web server, among other things).

Did you know that there have been "developer security guidelines" as well, focused instead on coding? This latter guide has gone through three iterations, including just recently, as I'll discuss along with the lockdown guides, below.

[....Continue Reading....]

proXPN users: a simpler soluton for "Connecting to proXPN has failed"

If you're a user of proXPN (a free/low-cost VPN service), and you get the error, "Connecting to proXPN has failed", here is a simple solution that you may not find offered elsewhere: just try restarting proXPN. For more information, read on.

[....Continue Reading....]

CF911: Solving problem in #ColdFusion Admin getting "error accessing this page" on certain actions

Here's a real CF911 challenge (and solution): You may find that when using the CF Admin, especially in CF10 but it can happen in CF 9 or 8 depending on security hotfixes applied, when performing certain Admin operations (like making a change, or verifying datasources, or checking for server updates) you get an error:

"There was an error accessing this page. Check logs for more details."

And your operation fails. You're then prompted to "Click here to login", but even if you back up or client another link, you'll be prompted with the CF Admin login.

What gives? Why is it happening? And how can you fix things? Is CF broken? No, not in the sense that you need to reinstall or anything. The good news is that there is a quite simple solution. Well, there are several, depending on your goals.

The simple solution: delete the duplicate cfid/cftoken or jsessionid cookies that you will find your browser is sending to CF. But there is much more to this, as well as other solutions, which would be worth most readers taking a few minutes to read on here.

BTW, the same root problem can be the cause of your own application's users finding that they can't stay logged in. More on that in a moment.

[....Continue Reading....]

The State of the Online #ColdFusion Meetup

As a follow-up to my previous blog entry today, on news of the CFHour podcast show ending this week, some have wondered (publicly) whether perhaps the Online ColdFusion Meetup, which I host, might help "fill the void" here.

I don't hold that out as a real possibility, for a couple of reasons, and I'd like to discuss them here.

Indeed, it's a good time to share a "State of the Online ColdFusion Meetup", to discuss what you might (and might not) expect to see in the future, and what you can perhaps do to help.

[....Continue Reading....]

BlogCFC was created by Raymond Camden. This blog is running version 5.005.

Managed Hosting Services provided by
Managed Dedicated Hosting