User Guide
Table Of Contents
- Contents
- The CFML Programming Language
- Elements of CFML
- Using ColdFusion Variables
- Using Expressions and Number Signs
- Using Arrays and Structures
- Contents
- About arrays
- Basic array techniques
- Populating arrays with data
- Array functions
- About structures
- Creating and using structures
- Structure examples
- Structure functions
- Extending ColdFusion Pages with CFML Scripting
- Using Regular Expressions in Functions
- Building Blocks of ColdFusion Applications
- Creating ColdFusion Elements
- Writing and Calling User-Defined Functions
- Contents
- About user-defined functions
- Creating user-defined functions
- Calling user-defined functions
- Working with arguments and variables in functions
- Handling errors in UDFs
- A user-defined function example
- Using UDFs effectively
- Building and Using ColdFusion Components
- Contents
- About ColdFusion components
- Creating ColdFusion components
- Using ColdFusion components
- Passing parameters to methods
- CFC variables and scope
- Using CFCs effectively
- ColdFusion component example
- Creating and Using Custom CFML Tags
- Building Custom CFXAPI Tags
- Developing CFML Applications
- Designing and Optimizing a ColdFusion Application
- Contents
- About applications
- Elements of a ColdFusion application
- Structuring an application
- Defining the application and its event handlers in Application.cfc
- Migrating from Application.cfm to Application.cfc
- Using an Application.cfm page
- Optimizing ColdFusion applications
- Handling Errors
- Contents
- About error handling in ColdFusion
- Understanding errors
- Error messages and the standard error format
- Determining error-handling strategies
- Specifying custom error messages with the cferror tag
- Logging errors with the cflog tag
- Handling runtime exceptions with ColdFusion tags
- Using Persistent Data and Locking
- Contents
- About persistent scope variables
- Managing the client state
- Configuring and using client variables
- Configuring and using session variables
- Configuring and using application variables
- Using server variables
- Locking code with cflock
- Examples of cflock
- Securing Applications
- Contents
- ColdFusion security features
- About resource and sandbox security
- About user security
- Using ColdFusion security tags and functions
- Security scenarios
- Implementing user security
- Developing Globalized Applications
- Debugging and Troubleshooting Applications
- Contents
- Configuring debugging in the ColdFusion MX Administrator
- Using debugging information from browser pages
- Controlling debugging information in CFML
- Using the cftrace tag to trace execution
- Using the cftimer tag to time blocks of code
- Using the Code Compatibility Analyzer
- Troubleshooting common problems
- Designing and Optimizing a ColdFusion Application
- Accessing and Using Data
- Introduction to Databases and SQL
- Accessing and Retrieving Data
- Updating Your Database
- Using Query of Queries
- Contents
- About record sets
- About Query of Queries
- Query of Queries user guide
- Using dot notation
- Using joins
- Using unions
- Using conditional operators
- Managing data types for columns
- Using the CAST function
- Using aggregate functions
- Using group by and having expressions
- Using ORDER BY clauses
- Using aliases
- Handling null values
- Concatenating strings
- Escaping reserved keywords
- Using Queries of Queries with dates
- Understanding Query of Queries performance
- Understanding Query of Queries processing
- Managing LDAP Directories
- Building a Search Interface
- Contents
- About Verity
- Creating a search tool for ColdFusion applications
- Creating a search page
- Enhancing search results
- Working with data returned from a query
- Using Verity Search Expressions
- Requesting and Presenting Information
- Introduction to Retrieving and Formatting Data
- Building Dynamic Forms with cfform Tags
- Validating Data
- Contents
- About ColdFusion MX validation
- Validating form fields
- Handling invalid data
- Masking form input values
- Validating form data with regular expressions
- Validating form data using hidden fields
- Validating form input and handling errors with JavaScript
- Validating data with the IsValid function and the cfparam tag
- Creating Forms in Macromedia Flash
- Creating Skinnable XML Forms
- Creating Charts and Graphs
- Creating Reports for Printing
- Contents
- About printable output
- Creating PDF and FlashPaper output with the cfdocument tag
- Creating reports with the ColdFusion MX 7 reporting
- Reporting features
- Reporting architecture
- Getting started
- Basic steps for creating reports
- Report definition guidelines
- Common reporting tasks and techniques
- Grouping and group breaks
- Defining, modifying, and using fields and input parameters
- Using toolbox elements on report bands
- Aligning elements
- Using text styles
- Previewing reports
- Displaying page numbers
- Using layered controls
- Using links
- Using the Properties sheet
- Displaying reports
- Using input parameters to pass variables and other data at runtime
- Configuring RDS
- Using the Report Creation Wizard
- Using the Query Builder
- Using CFML in reports
- Using charts
- Using subreports
- Font management with printable reports
- Creating reports with Crystal Reports (Windows only)
- Using the Flash Remoting Service
- Using Server-Side ActionScript
- Contents
- About server-side ActionScript
- Connecting to the Flash Remoting service
- Using server-side ActionScript functions
- Global and request scope objects
- About the CF.query function and data sources
- Using the CF.query function
- Building a simple application
- About the CF.http function
- Using the CF.http function
- Using Web Elements and External Objects
- Using XML and WDDX
- Contents
- About XML and ColdFusion
- The XML document object
- ColdFusion XML tag and functions
- Using an XML object
- Creating and saving an XML document object
- Modifying a ColdFusion XML object
- Validating XML documents
- Transforming documents with XSLT
- Extracting data with XPath
- Example: using XML in a ColdFusion application
- Moving complex data across the web with WDDX
- Using WDDX
- Using Web Services
- Contents
- Web services
- Working with WSDL files
- Consuming web services
- About the examples in this section
- Passing parameters to a web service
- Handling return values from a web service
- Using cfinvoke to consume a web service
- Using CFScript to consume a web service
- Consuming web services that are not generated by Macromedia ColdFusion MX
- Calling web services from a Macromedia Flash client
- Catching errors when consuming web services
- Handling inout and out parameters
- Configuring web services in the ColdFusion MX Administrator
- Data conversions between ColdFusion and WSDL data types
- Consuming ColdFusion web services
- Publishing web services
- Using request and response headers
- Handling complex data types
- Troubleshooting SOAP requests and responses
- Integrating J2EE and Java Elements in CFML Applications
- Integrating COM and CORBA Objects in CFML Applications
- Contents
- About COM and CORBA
- Creating and using objects
- Getting started with COM and DCOM
- Creating and using COM objects
- Getting started with CORBA
- Creating and using CORBA objects
- CORBA example
- Using XML and WDDX
- Using External Resources
- Sending and Receiving E-Mail
- Interacting with Remote Servers
- Managing Files on the Server
- Using Event Gateways
- Contents
- About event gateways
- Event gateway facilities and tools
- Structure of an event gateway application
- Configuring an event gateway instance
- Developing an event gateway application
- Deploying event gateways and applications
- Using the CFML event gateway for asynchronous CFCs
- Using the example event gateways and gateway applications
- Using the Instant Messaging Event Gateways
- Using the SMS Event Gateway
- Creating Custom Event Gateways
- Index
390 Chapter 16: Securing Applications
• The logout method logs a user out. If you specified Browser Dialog Box as the login page type,
it also calls the closeBrowser method to close the browser window. This behavior is necessary
because the browser continues to send the old login credentials after the user logs out, and the
cflogin tag will automatically use them and log the user in again.
• The closeBrowser method closes the browser window or tells the user to close the browser
window to complete the logout, depending on the browser type.
mm_wizard_login.cfm This file contains a ColdFusion MX login form. The wizard generates
this file for all options, but does not use it if you specify Browser Dialog login.
index.cfm or mm_wizard_index.cfm The wizard generates an index.cfm page if the directory
does not have one; otherwise, creates an mm_wizard_index.cfm page. These pages let you test the
generated login code before you implement your application, or without using any of your
standard application pages. To test your login, open the index.cfm page in your browser.
Modifying the login code for your application
The Login Wizard creates a basic framework for authenticating a user. You must customize this
framework to meet your application’s needs. Typical security-related changes include the
following:
• Providing user-specific role information in the cflogin tag
• Authenticating users against a database
Providing user-specific role information
The Login Wizard sets all users in a single role. In mm_wizard_authenticate.cfc, the performlogin
method is hard-coded to set the role to “user.” The authentication routines handle roles
differently. (For the details, see the mm_wizard_authenticate.cfc code.) If your application uses
roles for authorization, you must change the authentication method to get and return valid role
information, and change the performlogin method to use the information in the
roles attribute
of its
cfloginuser tag.
Authenticating users against a database
If you use a database to maintain user IDs and passwords, you can create your login framework by
specifying simple authentication, and modify the code to use the database. The following
instructions describe a simple way to change the code to use a database. They do not include all
the cleanup work (particularly, removing the hard-coded user name and password), that you
should do for a well-formatted application.
Replace the following code:
<cfif sUserName eq uUserName AND sPassword eq uPassword>
<cfset retargs.authenticated="YES">
<cfelse>
<cfset retargs.authenticated="NO">
</cfif>
<cfreturn retargs>