Entries for month: “November 2012”

ColdFusion 10 Server Lockdown Guide

Posted By: Rakshith Naresh 21 Comments November 28, 2012

Adobe ColdFusion 10 · Rapid Application Development · Application Server · web application development · web application security · Tomcat · ColdFusion · Announcements

The server lockdown guide for ColdFusion 10 is now available on the Adobe website. The ColdFusion 10 Server Lockdown Guide will help server administrators secure their ColdFusion 10 installations. You will also find several tips and suggestions intended to improve the security of your ColdFusion server. 

You can access the lockdown guide here.


Optimizing CFHTTP calls on Linux systems

Posted By: Altamish Ahmad 10 Comments November 21, 2012

While making a cfhttp call to a coldfusion server the apache httpclient library tries to generate a secure random number. It is an operation which depends on the "entropy" of the system.

In case of linux systems (mainly the ones which are freshly installed) it is observed that this operation can be quite time consuming because the system "entropy" is apparently quite low. Hence, as a consequence cfhttp calls will be slow.

Fortunately for people who deploy Coldfusion-10 on linux machines this is not a reason to worry. Just do one of the following:

1. Set this system property to your JVM – if you are using standalone CF installation, you would set it in jvm.config.

“-Djava.security.egd=file:/dev/./urandom”

or

2. In $JAVA_HOME/jre/lib/security/java.security file, change the value of securerandom.source to file:/dev/./urandom 

 

You can also refer to this post by Shilpi, from the ColdFusion team which talks about this issue

 


 


ColdFusion 10 update 5 - security update - now available

Posted By: Rakshith Naresh 52 Comments November 19, 2012

Administrator · Adobe ColdFusion 10 · Announcements · Application Server · productivity · Rapid Application Development · Tomcat · web application security

The ColdFusion 10 Update 5 is now available for install within your administrator. Update 5 is a security update that resolves a vulnerability affecting ColdFusion on Windows Internet Information Services (IIS), which could result in a Denial of Service condition. Adobe recommends users update their product installation.

Refer the security bulletin for all the details associated.


Tuning ColdFusion 10 IIS Connector configuration

Posted By: Kiran Sakhare 55 Comments November 17, 2012

Performance · Administrator · ColdFusion · Connector · General · Tomcat · Tuning

Replacing JRun with Tomcat is a fundamental change in ColdFusion 10 and with that comes the new connectors for IIS and Apache. That also makes it very important to know the different configuration options available for the connectors as an incorrectly configured connector can easily lead to “Service Not available” or “Server is too busy” errors for your site.

During IIS connector configuration, user can choose to configure connector for individual sites or for “ALL” sites.

When connector is configured with individual sites, separate connector for each site will be placed under {CF-Home}/config/wsconfig/{some no}/ , Similarly for “ALL” configuration the connector is configured at global level, which means the same connector binary will be used across multiple sites.

In most of the cases server administrators wish to go for configuring connector for “ALL” sites as it is very convenient.

In this blog post we will talk what are the parameters needs to be tuned appropriately to make CF connector works flawlessly.

I will be covering three most important parameters which decide the scalability of the connector.

There are other parameters which CF connector inherits from Tomcat AJP connector. Please find the details of those settings from AJP documentation (http://tomcat.apache.org/connectors-doc/reference/workers.html )

Connection pool size: - This setting determines the maximum number of connections that can be created in the connection pool. When multiple requests arrive to the connector from IIS, connector creates  new connections in the connection pool only if there are no free connections available in the pool.  The connector will not create a new connection if connections reach the connection pool size limit.

Re-use connections: - This setting determines the count of connections that can be re-used.  . When Tomcat connector makes a connection with Tomcat server, it does not close the connection even after it finished serving the request. Instead it keeps the connection alive, so that for the next request, the same connection can be re-used. This increases the performance by minimizing the overhead of creating new connection with tomcat server for every request.

Note: - The default re-use connection count is same as connection pool size which is 200.

Connection pool timeout: - This setting determines the timeout value (in seconds) for idle connections in connection pool.  This value must be in sync with the connectionTimeout attribute of your AJP connector in Tomcat's server.xml.

Let us discuss more about how these 3 parameters can be tuned properly to make your server with varying load on your server.

1.       Connection pool size: - When connector is configured with “ALL” sites, the same connection pool will be used to serve the request for all sites.  So the default value of the connection pool size, works well with the single site configuration, but fails to work well with “ALL” site configuration in some scenarios. Hence this value should be increased carefully based on the need and number of sites that are present in IIS. 

2.       Max Re-use connections: - This settings needs to be used for connector configured with multiple sites.  The max value for the re-use connection is determined based on the number of sites configured with same CF server and the load on each site.

Let us consider use case where site 1 configured with CF server, now site 2 is also configured with the same CF server. By default each connector will have 200 re-use connections.

Now consider site 1 is running under heavy load make all 200 re-usable connections with CF server. Now CF server is not left with any new connection in its connection pool, hence any request for new connection from site 2 will be ignored by CF server.

 Hence it is required to make site 1 re-use connection count  to optimal value, so that site 2 does not starve for new connection. This can be achieved by configuring optimal value of max re-use connection count.

For the above use case, if site 1 is allowed to use 100 re-usable connections, there will be 100 more connections available for site 2 at the tomcat server connection pool.

3.       Connection pool timeout: - This timeout value helps in recycling connections that are being re-used when they are not used for a long time.  This is proved very useful when sites runs under varying load and makes overall improvement in the server performance. By default timeout for connection is indefinite.

Below we will discuss steps to follow to configure the above parameters


Learn CF in a Week!

Posted By: Rakshith Naresh 13 Comments November 07, 2012

Adobe ColdFusion 10 · Rapid Application Development · web application · web application development · web programming · productivity · Adobe ColdFusion · ColdFusion · Announcements

I am pleased to announce a brand new community driven training program for ColdFusion - Learn CF in a week!

It is great to see Learn CF In a Week live from what started out as a conversation about training resources for ColdFusion between Simon and me at cf.Objective() this year.

Huge shout-out to Simon Free and other community experts for making this happen. I would like to call out all contributors from the community for this traning program that walks you through various concepts of ColdFusion as you build a fully functional ColdFusion website

Authors
• Emily Christiansen
• Tim Cunningham
• David Epler
• Sam Farmer
• Dave Ferguson
• Simon Free
• Paul Hastings
• Guust Nieuwenhuis
• Dan Skaggs
• Nic Tunney
• Adam Tuttle
• Dan Wilson
Editors
• Mark Esher
• Kristin Ferguson
• Tiffany Goebel
Designers
• Nick Borden
• Jim Priest

Go try out the training for yourself! And help spread the word!

 


Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog