Lock Down Your App with Application.cfc
There are a few security-related configuration settings in
Application.cfc
which you should consider enabling by default for every app you make. If you find a setting is too restrictive, you can always turn it off later.// Application.cfc
component {
this.name = "myApp";
// we don't need uploads in this app; why leave a possible open hole?
this.blockedExtForFileUpload = "*";
// easy first line of defense against scripts pasted into forms.
this.scriptProtect = "all";
// more secure session cookies
this.sessioncookie = {
httpOnly: true,
secure : true
};
}
Global Error Logging from Application.cfc
The
onError
function in Application.cfc
is a great way to catch errors within your application and make sure that each error is logged. Be aware that if you catch an exception within your app, that exception will not "bubble up" to this onError
handler unless you also use rethrow
.// Application.cfc
component {
// ...
function onError( exception ){
// Log it with LogBox!
writeOutput( "Logging error with logbox..." );
logger.error(
"Error in cfSnippets app: #exception.message# #exception.detail#"
exception
);
// show error page
include "views/error.cfm";
}
}
Set the Default Datasource in Application.cfc
Sometimes it's a little nicer not needing to specify the datasource in your DB queries. When you have an application which mainly queries a single database, go ahead and set the default datasource - it's simple and saves you typing.
// in Application.cfc...
// datasource configuration
this.datasources["myDB"] = {
// datasource config here...
};
this.datasource = "myDB";
// you can now omit datasource settings from queryExecute() calls and tags.
var rows = queryExecute( "SELECT * FROM pages" );
Enable and configure Hibernate ORM
This basic ORM configuration should quickly get you going with ColdFusion's built-in Hibernate ORM.
// Application.cfc
component {
this.ormEnabled = true;
this.ormSettings = {
// the datasource Hibernate will use to connect to the database.
datasource = "mainDB",
// helpful for development but NOT recommended for production!
logSQL = "true",
// make table updates on detecting changes to the ORM models.
// probably best to turn this off in prod and use cfmigrations or similar
// to manually handle the database updates.
dbcreate = "update",
// where to look for persistent models (aka ORM entities defined via CFML components)
cfclocation = [ "models/orm/", "modules_app/admin/orm/" ],
// what sort of database are you using?
dialect = "MicrosoftSQLServer"
};
}
Load and use jar files from your CFML app
This configuration will ask the CFML engine to scan the specified directory every 30 seconds. Any jar files found will be loaded into the 'classpath' and accessible for use like any CFML component.
this.javaSettings = {
loadPaths : "./libs/jars",
reloadOnChange : true,
watchInterval : "30"
};
// in your app, you can now reference classes from the jar files located in /libs/jars
// like JStrava: https://github.com/dustedrob/JStrava
var jStrava = new main.java.org.jstrava.api.JStravaV3();
Get New Snippets In Your Inbox
No spam, not too many emails.