Entries for month: “November 2012”

ColdFusion 10 Server Lockdown Guide

November 28, 2012 / Rakshith Naresh

  Adobe ColdFusion 10 | Announcements | Application Server | ColdFusion | Rapid Application Development | Tomcat | web application development | web application security

The server lockdown guide for ColdFusion 10 is now available on the Adobe website. The ColdFusion 10 Server Lockdown Guide will help server administrators secure their ColdFusion 10 installations. You will also find several tips and suggestions intended to improve the security of your ColdFusion server. 

You can access the lockdown guide here.


Optimizing CFHTTP calls on Linux systems

November 21, 2012 / Altamish Ahmad

While making a cfhttp call to a coldfusion server the apache httpclient library tries to generate a secure random number. It is an operation which depends on the "entropy" of the system.

In case of linux systems (mainly the ones which are freshly installed) it is observed that this operation can be quite time consuming because the system "entropy" is apparently quite low. Hence, as a consequence cfhttp calls will be slow.

Fortunately for people who deploy Coldfusion-10 on linux machines this is not a reason to worry. Just do one of the following:

1. Set this system property to your JVM – if you are using standalone CF installation, you would set it in jvm.config.

“-Djava.security.egd=file:/dev/./urandom”

or

2. In $JAVA_HOME/jre/lib/security/java.security file, change the value of securerandom.source to file:/dev/./urandom 

 

You can also refer to this post by Shilpi, from the ColdFusion team which talks about this issue

 


 


ColdFusion 10 update 5 - security update - now available

November 19, 2012 / Rakshith Naresh

  Administrator | Adobe ColdFusion 10 | Rapid Application Development | Application Server | web application security | productivity | Tomcat | Announcements

The ColdFusion 10 Update 5 is now available for install within your administrator. Update 5 is a security update that resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation.

Refer the security bulletin for all the details associated.


Tuning ColdFusion 10 IIS Connector configuration

November 17, 2012 / Kiran Sakhare

  Administrator | Connector | Tomcat | General | ColdFusion | Tuning | Performance

Replacing JRun with Tomcat is a fundamental change in ColdFusion 10 and with that comes the new connectors for IIS and Apache. That also makes it very important to know the different configuration options available for the connectors as an incorrectly configured connector can easily lead to “Service Not available” or “Server is too busy” errors for your site.

During IIS connector configuration, user can choose to configure connector for individual sites or for “ALL” sites.

When connector is configured with individual sites, separate connector for each site will be placed under {CF-Home}/config/wsconfig/{some no}/ , Similarly for “ALL” configuration the connector is configured at global level, which means the same connector binary will be used across multiple sites.

In most of the cases server administrators wish to go for configuring connector for “ALL” sites as it is very convenient.

In this blog post we will talk what are the parameters needs to be tuned appropriately to make CF connector works flawlessly.

I will be covering three most important parameters which decide the scalability of the connector.

There are other parameters which CF connector inherits from Tomcat AJP connector. Please find the details of those settings from AJP documentation (http://tomcat.apache.org/connectors-doc/reference/workers.html )

Connection pool size: - This setting determines the maximum number of connections that can be created in the connection pool. When multiple requests arrive to the connector from IIS, connector creates  new connections in the connection pool only if there are no free connections available in the pool.  The connector will not create a new connection if connections reach the connection pool size limit.

Re-use connections: - This setting determines the count of connections that can be re-used.  . When Tomcat connector makes a connection with Tomcat server, it does not close the connection even after it finished serving the request. Instead it keeps the connection alive, so that for the next request, the same connection can be re-used. This increases the performance by minimizing the overhead of creating new connection with tomcat server for every request.

Note: - The default re-use connection count is same as connection pool size which is 200.

Connection pool timeout: - This setting determines the timeout value (in seconds) for idle connections in connection pool.  This value must be in sync with the connectionTimeout attribute of your AJP connector in Tomcat's server.xml.

Let us discuss more about how these 3 parameters can be tuned properly to make your server with varying load on your server.

1.       Connection pool size: - When connector is configured with “ALL” sites, the same connection pool will be used to serve the request for all sites.  So the default value of the connection pool size, works well with the single site configuration, but fails to work well with “ALL” site configuration in some scenarios. Hence this value should be increased carefully based on the need and number of sites that are present in IIS. 

2.       Max Re-use connections: - This settings needs to be used for connector configured with multiple sites.  The max value for the re-use connection is determined based on the number of sites configured with same CF server and the load on each site.

Let us consider use case where site 1 configured with CF server, now site 2 is also configured with the same CF server. By default each connector will have 200 re-use connections.

Now consider site 1 is running under heavy load make all 200 re-usable connections with CF server. Now CF server is not left with any new connection in its connection pool, hence any request for new connection from site 2 will be ignored by CF server.

 Hence it is required to make site 1 re-use connection count  to optimal value, so that site 2 does not starve for new connection. This can be achieved by configuring optimal value of max re-use connection count.

For the above use case, if site 1 is allowed to use 100 re-usable connections, there will be 100 more connections available for site 2 at the tomcat server connection pool.

3.       Connection pool timeout: - This timeout value helps in recycling connections that are being re-used when they are not used for a long time.  This is proved very useful when sites runs under varying load and makes overall improvement in the server performance. By default timeout for connection is indefinite.

Below we will discuss steps to follow to configure the above parameters


Learn CF in a Week!

November 07, 2012 / Rakshith Naresh

  Adobe ColdFusion 10 | Rapid Application Development | web application | web application development | web programming | productivity | Adobe ColdFusion | ColdFusion | Announcements

I am pleased to announce a brand new community driven training program for ColdFusion - Learn CF in a week!

It is great to see Learn CF In a Week live from what started out as a conversation about training resources for ColdFusion between Simon and me at cf.Objective() this year.

Huge shout-out to Simon Free and other community experts for making this happen. I would like to call out all contributors from the community for this traning program that walks you through various concepts of ColdFusion as you build a fully functional ColdFusion website

Authors
• Emily Christiansen
• Tim Cunningham
• David Epler
• Sam Farmer
• Dave Ferguson
• Simon Free
• Paul Hastings
• Guust Nieuwenhuis
• Dan Skaggs
• Nic Tunney
• Adam Tuttle
• Dan Wilson
Editors
• Mark Esher
• Kristin Ferguson
• Tiffany Goebel
Designers
• Nick Borden
• Jim Priest

Go try out the training for yourself! And help spread the word!

 


Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog