I was recently publically attacked and smeared for the fact that I had tequila girls serving drinks at CFDevCon (such a crime eh). As the 3 main principles responsible (Mac Jordan, Pete Jordan and Piers Cawley) have now removed the offensive material from their web blogs and have also had their mates do the same (except Guy Kewney), so I have also amended my blog accordingly.

I would like to appolgise to anyone else who was offended by or dragged into this attack, and it certainly was not my intention to offend anyone. I cannot speak for Mac, Pete or Piers as I have received no apology from them, but I would hope they do feel some remorse for what they have done.

I believe that spreading derogatory comments about someone over the net or any other media is just plain wrong. I would ask anybody to think about the consequences of this, now that we have online blogs and are publishing our comments for the world to see, the tactics used in old style flame wars are dangerous.
Consider what has happened already as a result of this. Both myself and my wife (8 months pregnant) have had to endure abusive emails, abusive posts on my web sites, being signed up for porn and spam. and having our hosts web server DOS attacked. Had this been allowed to continue we could have probably started to receive hate mail, crank calls and dangerous items shoved through our letterbox..
In case you think this extreme, it is not, it HAS happened before to people (me included) and can easily happen again.

There are a lot of angry people out there, and some of them just need an excuse, so don't give them one. Nobodies opinion is gospel and debate is good, but it is now VERY public. Risking a hate/smear campaign against anyone that doesn't agree with your views is not the way to do things, and you will end up being responsible for the actions of other people.

Thankfully I can say that while this was obviously bad for me, it was not bad for CFDevCon, in fact it had the opposite effect and the site got lots more traffic and and a whole bunch more registrations, and most of the feedback I have received from the ColdFusion community was on my side, so thankfully we can all be safe in the knowldge that most ColdFusion developers and professionals are in fact normal men and women who believe in freedom of choice and not shoving their opionions down others throats and attacking those that do not share their point of view.

The CF Meister himself, Ben Forta has today told me he will be able to make it to CFDevCon, which is great news as everybody likes to see Ben. He will be doing some sneak peeks of Scorpio and letting some other top secret stuff from the Adobe vaults out of the bag. This is now a total of 8 speakers and one totally packed day, not to mention the fun and games in the evening. So if you haven't aleady registered, better get over to www.cfdevcon.com and be quick as the addition of Ben Forta will prob have the tickets selling like hot cakes.

It has just been pointed out to me that I haven't even mentioned CFDevCon on my own blog, DOH! So I guess I should do so really seeing as I am the one organising it. As you probably know I run cfdeveloper.co.uk, and a few years ago I did a little CFDeveloper party, I had Hal Helms over to do a presentation on Fusebox, gave away a few prizes, and aferwards we free thinks provided by some nice ladies from a sponsoring recruitment agency. All in all it was a good time had by all and I had a really good turnout and a great response, but this was back in the Allaire day so there was more of a tight community back then. I did intend to start doing these events regularly, but never really got around to it. Anyway recently I got a little depressed about the fact that I could never afford the money or time to go to CFUnited, and thought that a lot of other people must have the same problem, so I thought I should revive the CFDeveloper party. Then I thought no sod it, we have nothing in this country except user gorups, so lets do a proper UK conference, and thus CFDevCon was born.

Not wanting to bite off more than I could chew seeing as I would be doing this all by myself and not knowing what kind of response I would get, I opted to just do a 1 day mini conference this year, with bigger plans for next year depending how it went. You can see the result at www.cfdevcon.com

I have been rather disapointed with the lack of sponsors and the lack of interest from Adobe, but so far it has just about managed to pay for itself. All things considered 100+ delegates for the first conference isn't all bad, I have been told thi is a good turnout, especially when you consider that Cfunited only had as many people on their first event, and the USA is a hell of a lot bigger than the UK. Hopefully everyone will have such a great time they will tell everyone else to come next year.

One thing I will say, organising and hosting a conference all by yourself is very hard work, and I probably wouldn't recommend as something to do just for kicks, so i'm actually quite chuffed I have pulled it off. Although setting the date in the same month my wife is due to give birth was not a good idea, so fingers crossed the little guy isn't going to pop out early.

I will post again after the conference and let you know how it went.

I recently posted the following on CFGURU and it was suggested that I blog it, so here it is.

When using the Sandbox Security in ColdFusion MX Enterprise Edition there are several things you need to take into consideration when securing your environment.

• You should have a default sandbox for the the folder that contains all your sites, with all tags/functions disabled that provide any kind of file system access
  E.G. d:\wwwroot
  You may also want to consider totally removing CFEXECUTE and CFREGISTRY form the server so that they cannot be used period. See my related blog entry for details on how to do this.
  The tags/Functions I disable by default are:-
  • CFFILE
  • CFDIRECTORY
  • CFREGISTRY
  • CFEXECUTE
  • CFPOP
  • CFMAIL
  • CFLDAP
  • CFCONTENT
  • CFDOCUMENT
  • CFFTP
  • CFHTTP
  • CFOBJECT
  • CreateObject() on CFMX6 and CreateObject(JAVA) on CFMX7
  • GetProfileString()
  • SetProfileString()
• For CFFILE uploads, every sandbox needs to explicity allow access to the temp folder
  E.G.
  C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\
  C:\CFusionMX7\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\-
  creating a default sandbox at the root of all your websites and giving that access to the temp folder does not work.
• The same applies to c:\windows\fonts folder when using cfdocument if you have specified ANY font name anywhere in the document then you need to have this path explicily allowed in the sandbox for that site.
• When using MYSQL DSN's, you sometimes need to explicity allow the IP:PORT of the MYSQL server in the sandbox. This is a random issue and does not occur all the time, so is perhaps a bug.
• Sandboxes do not apply when calling a CFC as a web service.
• Sometimes sandboxes just do not work, and you will need to delete it and re-create, sometimes more than once.
• Sometimes sandboxes become corrupted and will stop working, you must delete and re-create.
  A common error with corrupted sandboxes is that you will find that you can no longer enable sessions in your application.cfm, and you will get an access denied message for www.mydomain.com
• When CF tries to find a CFC in any custom tag path, it will fail with an "access denied" error for the custom tags path when you have sandboxes in place. CF will randomly try to find CFC's in custom tag paths if your not using a mapping to invoke your CFC or the CFC is not in the same folder as the calling template.
• Sandboxes do not work by default in a J2EE or multi-server install. You must explicitly enable them by modifying the jvm.config and ideally having a separate jvm.config for each instance otherwise you can only tell each instance to use the neo-security file for one particular instance. (see related blog entry)
• As you know CF will search all the way up to the directory tree for an application.cfm file, if you have an application.cfm above the folder that is sandboxed, it will not execute.
• If you call a custom tag in the custom tags folder, it will not obey the rules of the sandbox of the site that called it, I.E. it will have FULL access to all paths. (nb: this may have changed since CFMX 6)
• Sandboxes do not apply to CFX tags.
• Sandboxes to not apply to Java, if CreateObject(java) is enabled, you can do anything. even if CreateObject(java) is not enabled, you can create a JWS file and call it as a web service.
  

PROBLEM

When many databases exist in a default instance or in a named instance of Microsoft SQL Server, you may experience a slow response from SQL Server Enterprise Manager, specifically when you drill into the Databases folder. If the Databases folder contains more than a thousand databases, you could experience delays that are more than five minutes.

The other problem is the very fact that on a shared server any user can see all the other databases on the server via Enterprise manager, even if they cannot access them.
The reason this can be an issue is from a security perspective. A lot of clients will have their database username/password hard coded into their DSN, and their DSN will usually have the same name as the database, which means that anyone else hosted on the same ColdFusion server can access that database if they know the DSN, and any les sthan honest person may just try that after seeing the list of databases.
So you may want to restrict this so that a user can only see their own databases.

Here is a link to a Microsoft KB article on how to resolve this issue.