ColdFusion WebSockets are lightning fast and presents an opportunity to create realtime applications. This time I've created an application that tries to push HTML5 video content over a WebSocket. The idea here is to use a temporary Canvas, since it allows you to draw a video frame on it and then transfer the contents of the drawn video frame (as base64 encoded Image) over a ColdFusion WebSocket channel to the subscribers.
I've posted this on my blog along with the demo video and code. Check out Pushing HTML5 Video content over ColdFusion WebSockets.
How many times you have wished there was a simpler way to apply hot-fixes? How many times number of steps involved have caused inconvenience and errors in deployment? The debugging required in most of these cases really takes a long time. Same is true for uninstalling a particular hot-fix.
With ColdFusion 10, all of this will be solved and hot-fix installation will becomes a one click activity. Hot-fix installer (updater) is bundled within ColdFusion 10. This will eliminate the hassles of copying files, deleting files, different hot-fixes like cumulative, security etc. There will be always a single cumulative hoti-fix available. Hot-fix installer will take care of all the work required to update the server and will also keep the back up.
Read my blog here to know details about this feature.
With ColdFusion 10, option to have Secure Profile enabled is added at installation time. It is recommended to choose this for production or public facing servers. When selected, this will enforce a lot of security related configurations enabling fewer configurations required by administrator to secure the server.
Read for a complete list of settings added in Secure profile at Secure Profile & ColdFusion 10
Ray has also created a very nice Administrator Extension. The details can be found as Security Profile Admin Extension for ColdFusion 10
What is CSRF?
Cross-site request forgery abbreviated as CSRF is also known as one-click attack or session riding. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. (More info in OWASP site)
The very first and easy step to setup WebSocket is to use the default Channel Listener .But if you need to implement business logic to control the WebSocket system in your application you will have to use a custom Channel Listener CFC.
Channel Listener has six methods which can be used to control
- who is allowed to publish data over a websocket channel
- who is eligible to recieve data
over a websocket channel
- how to present data to different users
For more details on how to implement the logic to restrict the right to publish data , read my blog entry - ColdFusion WebSocket Part4:Restricting Right to Publish