I upgraded a CF8 server to CF9 the other day and thought everything had gone fine, but today I received an email from a user saying his Microsoft Access DSN was no longer working.

The error was:

[Macromedia][SequeLink JDBC Driver]TCP/IP error, connection refused

First course of action was to google the error as usual, which turned up nothing useful, so then started my own investigations using a bit of common sense.

I checked the SequeLink ODBC services and they were running, so I tried to restart and they would not.

It was at this point that I noticed all the CF8 services were still running, which was odd, because while CF9 leaves CF8 intact it should disable and stop all the services. This has been the case since CF7 in fact that the previous version is left intact.

Thinking back on my install I remembered CF informing me that it had detected CF8 was installed and had changed a couple of ports for some reason, I thought nothing of it at the time as I presumed it would not cause a problem, but in hindsight I should have known better as whenever CF has ever used alternative ports for anything in the past it has always caused issues.

I also did not stop all the CF8 services prior to installing CF9, as the installer always does this for you anyway, but I guess in this case it did not and thus detected a conflict. So a lesson learned there, always stop all services prior to an upgrade.

So anyway I was sure the problem was with the ODBC service, so the next step was to hunt for the tcp settings, this actually proved to be quite simple in the end.

I first checked the windows service and see where the exe file is located, which pointed me to
D:\ColdFusion9\db\slserver54\bin\swagent.exe "ColdFusion 9 ODBC Agent"

Ah now my memory was starting to clear, this is where the SeqeuLink drivers are.

1. Look for config files that may contain tcp port settings.
   This led me to the following file

   
   D:\ColdFusion9\db\slserver54\cfg\swandm.ini

2. Now look for TCP port references, which led me the following lines in this file
   ServiceConnectInfo=tcp://LOCALHOST.19999
   ServiceConnectInfo=tcp://LOCALHOST.20000

   
   

3. I then compared this to the CF8 settings, which showed
   ServiceConnectInfo=tcp://LOCALHOST.19997
   ServiceConnectInfo=tcp://LOCALHOST.19998

   
   

4. So clearly CF had indeed changed the ports due to a conflict. So I simply set the ports back to 19997 and 19998 in that order, stopped and disabled all the CF8 services, and started the CF9 ODBC services and voila everything was fixed.

So what initially seemed like it was going to be PITA problem actually only me less and 1 hour to resolve, and most of that was spent googling for a solution and finding nothing. Once I actually started my own investigation it actually took less than 30 minutes to diagnose and resolve, sods law.

If you are having some other type of SequeLink ODBC service errors that are not fixed by my solution then the following TechNote may also help you out.
http://kb2.adobe.com/cps/188/tn_18800.html

Technote here : http://kb2.adobe.com/cps/825/cpsid_82536.html

Bizzarely I cannot find any reference to this hotfix or tech note anywhere on the Adobe site, it is not on the below ColdFusion hotfixes or updates pages at the time of writing this, and is not in any of the ColdFusion RSS feeds. So not sure how people are supposed to find out about this. Very poor job Adobe, tut tut.

http://www.adobe.com/support/coldfusion/downloads_updates.html
http://kb2.adobe.com/cps/402/kb402604.html

SECURITY ALERT!

There has been an increase in the past few days of sites being hacked via file upload scripts, particularly a number of high profile ColdFusion based sites.

The hacker gets in by uploading a CFM, ASP, PHP or other supported file type to the server and executing the file, thus escalating his access.

If you have any publicly accessible areas of your site where files can be uploaded then you should make sure you are not vulnerable, make sure that you are validating allowed uploaded file types and not allowing executable files to be uploaded.

In particular you should pay attention to things like image uploads on forums or other applications which people seem to think are safe because it only allows images to be upload. Many scripts will actually accept the uploaded file to the final destination folder before validating it and then deleting it if it is not valid, thus giving a window of opportunity for the file to be executed.

What happens is that the hacker uses a load testing tool that constantly executes the URL on your site where he knows his file will be uploaded (e.g. mysite.com/files/xyz.cfm), this is done many times a second, so when he then uploads the file it will get executed in those few milliseconds before it is deleted.

To avoid this scenario you should perform checks prior to accepting the upload, or upload the file to a temp location first that the hacker cannot access and then move it to the destination folder once it has been verified.

I was about the start compiling a list of useful links to info and tutorials for CF9 and CFBuilder, but it seems someone has beat me to it, so rather than re-invent the wheel I will just link to this chaps page and save myself some work :-) If you are looking for find out what is new in CF9 and how to do it, this is worth reading.

• CFML Language Enhancements Tutorials
• CFScript Enhancement Tutorials
• ColdFusion As a Serveice Tutorials
• Hibernate-based ORM Tutorials
• Microsoft SharePoint & Office Interoperability Tutorials
• Native JEE Portlets Tutorials
• Enhance and New UI Controls Tutorials
• Advance Caching Tutorials
• Apache Solr / Lucene Integration Tutorials
• Server Management Tool Tutorials
• Flex/AIR Integration Tutorials

A few of my favourite new features are below, of course I tend to look at things from a hosts perspective these days rather than a developer seeing as I don't do a lot of coding anymore.

Most of these improvements are especially great for me because I actually had discussion with Adobe some years ago about about what improvements needed to be made to ColdFusion to make it more suitable for shared hosting and explained how they needed to work, and these are areas I specifically addressed, so it seems that finally they did listen to me.

• View Undelivered Mail
  This new feature allows you to browse mail sitting in the undelivered folder and then delete or respool them. This is handy for manual checking or on a dev machine. Currently my company has a custom script that automatically respools all undelivered mail for 24 hours, and then deletes them, which is very useful in a shared hosting environment otherwise the undelivered folder regularly fills up. It is a shame Adobe didn't have the foresight to add this kind of automation as well, but at least the viewer allows an easy way to find missing emails.
• Application Specific Datasources
  This is a real code saver and somewhat of a security benefit as well. With this new "this.datasource" application property to can set an application wide datasource, thus negating the need to specify the DSN in every query. A full review of this feature can be found on Ben Nadel's blog.
• Server Manager
  ColdFusion 8 introduced server monitoring for single and multiple servers via a Flex based app which provided access to all sorts of ColdFusion internals, alerts, proactive problem management, and more.
  ColdFusion 9 takes this a big step further with a new tool called "ColdFusion Server Manager". This AIR based application allows you to monitor as many servers as needed (including individual ColdFusion instances on a multi-instance configuration) and even offers pop-up alerts when issues occur, it allows for remote server configuration (define a data source, for example), it also allows for settings to be applied to multiple servers at once, it can clear the template caches, it can upload hot-fixes to one or more servers, and it even allows you to select two ColdFusion servers to compare their configuration settings, highlighting any differences between them.
  Oh, and before you ask, here are answers to the three most commonly asked questions.
  
  
  1. No, this is not a separately sold utility, it is part of ColdFusion itself (and installed via a link in the ColdFusion Administrator).
  2. ColdFusion Server Manager uses APIs added to ColdFusion 9, so no, this will not work with ColdFusion 8 or earlier.
  3. Adobe have not made any decisions yet as to product edition, so no decision as to whether this is an Enterprise only feature or not.
• Server Security
  One of my big issues has always been ColdFusion's security, or rather lack thereof. You need the enterprise edition to get security sandboxes and these only sandbox CFML code, if someone writes some Java code into their CFML pages they can completely bypass the sandbox and do whatever they like, which actually makes ColdFusion one of the most insecure application servers out there in a shared hosting environment as PHP, ASP and .NET do not suffer from this problem.
  This has supposedly now been addressed with ColdFusion 9 now allowing you to restrict access to certain JAVA functionality. I have not yet looked into this, and as no-one else seems to have written an article on particular area yet I may as well do so, so a more detailed tutorial ont his subject will be coming soon.
• 64bit ColdFusion for all
  Up till now, 64bit ColdFusion has only been available to ColdFusion Enterprise customers. This will (thankfully) change in ColdFusion 9, and all customers will have access to 32bit or 64bit versions, regardless of edition. Groovy!

Today, Adobe are announcing a new beta version of Adobe ColdFusion 9 software, the premiere server-side framework, runtime, and language for building HTML-based or rich Internet applications (RIAs). By extrapolating complex tasks into fewer lines of code, Adobe ColdFusion 9 enables you to build Internet applications faster and easier than with any other technology.

In tandem, they are introducing a new ColdFusion development tool: Adobe ColdFusion Builder(TM), available in beta today. Adobe ColdFusion Builder is an Eclipse(R)-based IDE for ColdFusion development that is deeply integrated with ColdFusion 9. Now you can manage your entire ColdFusion development cycle, from concept to production, with one easy-to-use tool.

By providing a highly customizable environment, Adobe ColdFusion Builder helps you to develop ColdFusion applications faster than ever before.

These beta versions of ColdFusion 9 and ColdFusion Builder will enable you to:

• Develop and manage applications faster and easier than ever before
• Create RIAs quickly and easily with ColdFusion and the Adobe Flash(R) Platform
• Integrate applications across a multitude of technologies in enterprise environments

To download the beta of ColdFusion Builder and get started today,

visit >

http://www.adobe.com/go/coldfusion_builder_beta_download?sdid=EUSXS

To download the ColdFusion 9 beta, visit >

http://www.adobe.com/go/coldfusion_beta_download?sdid=EUSXT

If you're interested in learning more about ColdFusion 9 or ColdFusion Builder, register to attend an eSeminar at no charge >

http://www.adobe.com/cfusion/event/index.cfm?event=detail&id=1345643&loc=en_us&sdid=EUSXR

Plus, visit Adobe MAX 2009 in Los Angeles for highly technical

sessions that can help you learn these tools >

http://max.adobe.com?sdid=EUSXU