GitLogFusion

Jun 17 2014
posted by Dana K in ColdFusion

I had some code I tossed on GitHub, lamely named GitLogFusion. It provides web-based statistics on a Git repository, using ColdFusion.

The code includes an example, and offers:

  • Author List from the Git repo.
  • Commit counts, by author. A date range is optional.
  • A range/author filtered listing of the git log. This can be provided in text or xml format.
  • Related file changes, by commit id.
  • Optional regex linking of commit msgs to issue tracking.

It requires cfexecute to be enabled, git installed on the machine running the code, and a local path to the repository.

I'd appreciate, if someone is bored, a code review. I've been in a rut lately, and need to improve. Feel free to tell me how dumb I am, and what should be done better. I won't hate you for too long!

CF Security

Jun 15 2014
posted by Dana K in ColdFusion

As anyone actively using CF knows, the release cycle is currently putting in CF11 fixes, and developing on the roadmap to the next version.

I think it's imperative for anyone using CF full time to really weigh in on the architecture design and seriously make a push for a better way for the CFIDE/ components to be implemented. This setup has constantly bit the product in the butt, and needs to be 100% addressed as it was ignored in CF11.

I think it's imperative for customers to get their feedback in now during active development. If you don't fully get the issues at hand, I'd suggest watching Dave Epler's presentation on hacking ColdFusion so you get as little sleep as I do. The current infrastructure isn't a critical vulnerability, IF you use request filtering on IIS, significantly lock down requests in your stack, actively patch. It's still scary, because how many people are putting in this level of effort? The product should allow for this level of lock down out of the gate imho.

I'm seeing a ridiculous amount of attack vectors in the logs across every public CF install I have for CFIDE requests. I'm lucky to know enough to block this on multiple levels of security.

posted by Dana K in ColdFusion

I've been playing with CF 11 for a bit now, some stream of conscience thoughts:

  • I'm a little disappointed this release didn't focus more on infrastructure security, given the negative press and compromises the past year. The current structure of CFIDE and the administrator etc should have been completely reworked, in my opinion. This setup has proven time and time again to bite the product in the ass because of lax administration from customers. I really hoped a development/production switch would setup things differently, and lock down the CFIDE better to outside access. You can't rely on administrators of your product to follow adequate patching routines, and the lock down guide as your baseline of a secure install. The negative press has made it exceedingly hard to defend against switching to a different platform in the past three years.
  • There was a pretty polarized debate on the mobile development additions in this release. I think it falls in line with what made CF successful in the past, provide a 'shallow end' for people to access technologies, but still allow people over in the 'deep end of the pool' to use more standardized tools. It does open up the argument for making things more compartmentalized and not necessary to an install if it's not being used. It looks like this is being addressed in the next version, which is a positive step.
  • The PDF re-write is extremely awesome. The handful of test cases I've run, the PDF output has been spot on, a definitely large step forward on what was previously in place as far as aesthetics go anyhow.
  • The CFScript support is a difficult one to provide an opinion on. I think at this maturity level it is hard to accommodate this, so from that perspective it was a good effort. I think at some point things need to be re-evaluated and some level of starting from scratch needs to occur. That's my personal opinion anyhow, and I'm not a large CFScript user in my work setting.
  • I'm still trying to wrap my head around all the content encoding option that are now available. I think it's a good step forward for the product, I just haven't had much time to dink with it so far.

Overall, I think the group did a good job on a shorter release cycle. I've got to imagine it's tough given where Adobe publicly appears to rank the importance of ColdFusion in their business plan.

Ugh

Jun 6 2014
posted by Dana K in ColdFusion

I forgot how annoying it was to update the BlogCFC template. I'm working on it slowly but slowly?

Back

Jun 1 2014
posted by Dana K in Random

Turning the lights back on.

Find Me

Calendar

<< September 2016 >>
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  

Subscribe

Enter your email to subscribe.

Recent Comments

ColdFusion 11, First Impressions
Dana Kowalski said: I haven't noticed anything out of the ordinary in my JMeter testing. I'm using a modified version o... [More]

ColdFusion 11, First Impressions
Joey said: Thoughts on memory usage? I haven't looked much into it but I was playing around building an app. I ... [More]

Archives by Subject