I was about the start compiling a list of useful links to info and tutorials for CF9 and CFBuilder, but it seems someone has beat me to it, so rather than re-invent the wheel I will just link to this chaps page and save myself some work :-) If you are looking for find out what is new in CF9 and how to do it, this is worth reading.

• CFML Language Enhancements Tutorials
• CFScript Enhancement Tutorials
• ColdFusion As a Serveice Tutorials
• Hibernate-based ORM Tutorials
• Microsoft SharePoint & Office Interoperability Tutorials
• Native JEE Portlets Tutorials
• Enhance and New UI Controls Tutorials
• Advance Caching Tutorials
• Apache Solr / Lucene Integration Tutorials
• Server Management Tool Tutorials
• Flex/AIR Integration Tutorials

A few of my favourite new features are below, of course I tend to look at things from a hosts perspective these days rather than a developer seeing as I don't do a lot of coding anymore.

Most of these improvements are especially great for me because I actually had discussion with Adobe some years ago about about what improvements needed to be made to ColdFusion to make it more suitable for shared hosting and explained how they needed to work, and these are areas I specifically addressed, so it seems that finally they did listen to me.

• View Undelivered Mail
  This new feature allows you to browse mail sitting in the undelivered folder and then delete or respool them. This is handy for manual checking or on a dev machine. Currently my company has a custom script that automatically respools all undelivered mail for 24 hours, and then deletes them, which is very useful in a shared hosting environment otherwise the undelivered folder regularly fills up. It is a shame Adobe didn't have the foresight to add this kind of automation as well, but at least the viewer allows an easy way to find missing emails.
• Application Specific Datasources
  This is a real code saver and somewhat of a security benefit as well. With this new "this.datasource" application property to can set an application wide datasource, thus negating the need to specify the DSN in every query. A full review of this feature can be found on Ben Nadel's blog.
• Server Manager
  ColdFusion 8 introduced server monitoring for single and multiple servers via a Flex based app which provided access to all sorts of ColdFusion internals, alerts, proactive problem management, and more.
  ColdFusion 9 takes this a big step further with a new tool called "ColdFusion Server Manager". This AIR based application allows you to monitor as many servers as needed (including individual ColdFusion instances on a multi-instance configuration) and even offers pop-up alerts when issues occur, it allows for remote server configuration (define a data source, for example), it also allows for settings to be applied to multiple servers at once, it can clear the template caches, it can upload hot-fixes to one or more servers, and it even allows you to select two ColdFusion servers to compare their configuration settings, highlighting any differences between them.
  Oh, and before you ask, here are answers to the three most commonly asked questions.
  
  
  1. No, this is not a separately sold utility, it is part of ColdFusion itself (and installed via a link in the ColdFusion Administrator).
  2. ColdFusion Server Manager uses APIs added to ColdFusion 9, so no, this will not work with ColdFusion 8 or earlier.
  3. Adobe have not made any decisions yet as to product edition, so no decision as to whether this is an Enterprise only feature or not.
• Server Security
  One of my big issues has always been ColdFusion's security, or rather lack thereof. You need the enterprise edition to get security sandboxes and these only sandbox CFML code, if someone writes some Java code into their CFML pages they can completely bypass the sandbox and do whatever they like, which actually makes ColdFusion one of the most insecure application servers out there in a shared hosting environment as PHP, ASP and .NET do not suffer from this problem.
  This has supposedly now been addressed with ColdFusion 9 now allowing you to restrict access to certain JAVA functionality. I have not yet looked into this, and as no-one else seems to have written an article on particular area yet I may as well do so, so a more detailed tutorial ont his subject will be coming soon.
• 64bit ColdFusion for all
  Up till now, 64bit ColdFusion has only been available to ColdFusion Enterprise customers. This will (thankfully) change in ColdFusion 9, and all customers will have access to 32bit or 64bit versions, regardless of edition. Groovy!

I recently had a total nightmare with Office 2007 Enterprise on windows 2008 server. Some of my office applications stopped working so I tried to repair it, but the setup file would not run off the DVD nor would add/remove programs run, always failing with the error below, as a result I was not able to uninstall office.

"setup has stopped working"

I originally thought it was my DVD player, so I went out and bought a new one, which didn't help.

The solution to get the office installer to work was quite a PITA to say the least

1. First read this Microsoft KB article
   How to manually uninstall the 2007 Office system if you cannot uninstall it by using the "Add or Remove Programs" feature
2. Also run the Windows Installer Cleanup Utility
   http://support.microsoft.com/kb/290301

After doing all this and getting office off my PC I was finally able to run the office setup, but alas this then threw another error during installation.

**************

Microsoft Office Enterprise 2007 encountered an error during setup.

Error 1402. Setup cannot open the registry key

UNKNOWN\Components\3D5095D39455BD341908312EDABA9DD8\00002109F10090400000000000F01FEC. Verify that you have sufficient permissions to access the registry or contact Microsoft Product Support Service (PSS) for assistance.

***********

Now this was especially confusing as that registry key does not actually exist. I tried numerous things to resolve this and ultimately failed, so now I was stumped and thought I was going to have to either re-install windows or stump up £250 for Microsoft support. Then I wondered if I could get any free partner support through my Microsoft Action Pack Subscription (MAPS), and discovered these forums. Which surprisingly turned out to be very helpful as I got a reply from a Microsoft Tech who helped me resolve this issue.

As I had already tried everything they suggested, they decided it was in fact a permissions issue, somehow my registry permissions had got screwed, but thankfully they also have a fix for this.

How do I restore security settings to the default settings?

http://support.microsoft.com/Default.aspx?id=313222

After applying this fix I was finally able to re-install Office 2007.

This solutions above should help anyone on XP, Windows Vista, Windows 2003 or 2008 server, it can also be applied to other software you are getting similar errors with.

Today, Adobe are announcing a new beta version of Adobe ColdFusion 9 software, the premiere server-side framework, runtime, and language for building HTML-based or rich Internet applications (RIAs). By extrapolating complex tasks into fewer lines of code, Adobe ColdFusion 9 enables you to build Internet applications faster and easier than with any other technology.

In tandem, they are introducing a new ColdFusion development tool: Adobe ColdFusion Builder(TM), available in beta today. Adobe ColdFusion Builder is an Eclipse(R)-based IDE for ColdFusion development that is deeply integrated with ColdFusion 9. Now you can manage your entire ColdFusion development cycle, from concept to production, with one easy-to-use tool.

By providing a highly customizable environment, Adobe ColdFusion Builder helps you to develop ColdFusion applications faster than ever before.

These beta versions of ColdFusion 9 and ColdFusion Builder will enable you to:

• Develop and manage applications faster and easier than ever before
• Create RIAs quickly and easily with ColdFusion and the Adobe Flash(R) Platform
• Integrate applications across a multitude of technologies in enterprise environments

To download the beta of ColdFusion Builder and get started today,

visit >

http://www.adobe.com/go/coldfusion_builder_beta_download?sdid=EUSXS

To download the ColdFusion 9 beta, visit >

http://www.adobe.com/go/coldfusion_beta_download?sdid=EUSXT

If you're interested in learning more about ColdFusion 9 or ColdFusion Builder, register to attend an eSeminar at no charge >

http://www.adobe.com/cfusion/event/index.cfm?event=detail&id=1345643&loc=en_us&sdid=EUSXR

Plus, visit Adobe MAX 2009 in Los Angeles for highly technical

sessions that can help you learn these tools >

http://max.adobe.com?sdid=EUSXU

I recently discovered this site that recycles old mobile phones and printer cartridges and donates the money to a charity of your choice. Certainly a very worthwhile cause and a great way to get rid of your old phones and cartridges and do a good deed instead of throwing them in the bin.

They have also decided how beneficial it would be to offer people their own personal recycling sign up page and have created the intelligent link. This means that any person visiting your site is able, quickly and easily, to sign up to donate their waste to your chosen cause!!

Recent postings on SANS and The Register identify a vulnerability in some ColdFusion 8 installations. It involves the richtext feature found in the cftexarea tag. This TAG actually implements an open source rich text editor called FCKEditor. FCKEditor has functionality built in to handle file uploads and file management but this feature should be disabled in the version embedded in CF server. The problem lies in that in some cases the connector that runs this feature is actually turn on.

Is your connector enabled, to find out navigate to the following folder on your server.

CFIDE\scripts\ajax\FCKeditor\editor\filemanager\connectors\cfm

and Look at the config.cfm file. and see if the connector is on (config.enabled).

If enabled, this means a hacker might be able to directly call the filemanager system to upload files and take control of the server. FCKEditor has had some history on being exploited by this type of attack.

    // What the user can do with this connector
    Config.ConfigAllowedCommands             = "QuickUpload,FileUpload,GetFolders,GetFoldersAndFiles,CreateFolder" ;

Solutions:

1) Turn off the connector so that the filemanagement and file upload features can't work. Do this by commenting it out.

2) Just restrict what the filemanager can do, see code above, remove the fucntions you do not want to allow.

3) To be completely safe, delete the entire filemanager directory found under "CFIDE\scripts\ajax\FCKeditor\editor". The embedded version of FCKeditor for CF doesn't and really shouldn't use this feature. So removing those files completely is the safest thing to do. Be mindful that updates to CF might re-introduce those files and naturally re-open the problem. You can avoid this by making the file/folder read only so that it cannot be updated.

Please note that if your host is secure and runs sites so that they cannot read/write files outside of their own root, then any attack should only be localised to the attacked site and not the whole server.

At BlueThunder/CFMX Hosting we employ Security sandboxes for every site restricting access and PHP/ASP etc are also restricted in the same way using server security, so it should not be possible for any uploaded code to access paths outside of that website.

If your host allows CFFILE by default without a sandbox or only runs CF Standard edition, then beware as their entire server is vulnerable to this and just about any other file upload attack as well.

The Adobe Product Security Incident Response Team (PSIRT) has posted an official response to this issue here, a patch is expected soon, but in the mean time make sure you are not at risk.

UPDATE: hotfix now available HERE