Thursday, April 9, 2009

Deploying ColdFusion 8 on JRun 4

8 on JRun 4

From : http://bhlms.fltr.ucl.ac.be

When you deploy ColdFusion on an existing version of JRun 4, you must expand the EAR file or WAR files manually before deployment.

If you are updating an existing deployment of ColdFusion MX, ColdFusion MX 6.1, or ColdFusion MX 7 for J2EE, you must undeploy ColdFusion MX, ColdFusion MX 6.1, or ColdFusion MX 7 for J2EE before you deploy ColdFusion 8, as described in Updating from an earlier version for J2EE.

Expand the EAR file

  1. Expand the EAR file by performing the following steps:
    1. Open a console window, navigate to the directory that contains the EAR file, and make a new directory named cfusion-ear:
2.                 md cfusion-ear (mkdir cfusion-ear on UNIX)
3.                  
    1. Change to the cfusion-ear directory and expand the cfusion.ear file with the jar command:
5.                 cd cfusion-ear
6.                 java_home/bin/jar -xvf ../cfusion.ear
7.                  

This expands the cfusion.ear file into cfusion.war and rds.war (rds.war is not included if you specified a context root of / when you ran the installation wizard).

    1. In cfusion-ear, make a new directory named cfusion-war.
9.                 md cfusion-war (mkdir cfusion-war on UNIX)
10.              
    1. Change to the cfusion-war directory and expand the cfusion.war file with the jar command:
12.             cd cfusion-war
13.             java_root/bin/jar -xvf ../cfusion.war
14.              

This expands the cfusion.war file.

    1. (If rds.war exists) Go up one level to cfusion-ear, make a new directory named rds-war.
16.             cd ..
17.             md rds-war (mkdir rds-war on UNIX)
18.              
    1. (If rds.war exists) Change to the rds-war directory and expand rds.war with the jar command:
20.             cd rds-war
21.             java_root/bin/jar -xvf ../rds.war
22.              

This expands rds.war.

    1. Go up one level to the cfusion-ear file, and delete the cfusion.war and rds.war files:
24.             cd ..
25.             del cfusion.war (rm cfusion.war on UNIX)
26.             del rds.war (rm rds.war on UNIX)
27.              
    1. Open the cfusion-ear/META-INF/application.xml file in a text editor.
    2. Change the web-uri element from cfusion.war to cfusion-war (or the name of the directory that contains the expanded cfusion.war file). Change the web-uri element for rds.war to rds-war. A directory name in the web-uri element cannot contain a dot.
    3. Save the application.xml file.
  1. Deploy ColdFusion 8 by copying the cfusion-ear directory structure to the jrun_root/servers/servername directory. If auto deploy is enabled, JRun 4 either deploys the application immediately (if the JRun server is running), or when you start the JRun server.
  2. Review the server log (jrun_root/logs/servername-event.log) to ensure that ColdFusion 8 deployed successfully.

When using WAR deployment, JRun uses the directory name of the expanded cfusion.war file as the context root. You can optionally modify the context root. By setting the context root to slash (/), you do not have to include the context root in the URL when accessing CFM pages.

Set the context root to /

  1. Stop the JRun server that is running ColdFusion.
  2. Delete the jrun_root/servers/servername/default-ear directory and all subdirectories.
  3. Start the JRun server that is running ColdFusion.
  4. Ensure that the admin JRun server is running.
  5. Start the JRun server instance "admin" and browse to http://localhost:8000 from a browser on the computer where JRun is installed to access the JRun Management Console (JMC).
  6. Click the server in the left pane.
  7. Click the cfusion Web Application.
  8. Change the context path to / (instead of /cfusion).
  9. Click Apply.
  10. Restart the JRun server that is running ColdFusion.

You must deploy the rds.war file to a context root of /CFIDE (all uppercase). When deploying on JRun, this means that you should expand the rds.war file into a directory named CFIDE.

Deploy ColdFusion 8 on JRun 4 as a WAR file

  1. Create a directory named cfusion.

The directory can have any name, but these instructions assume a directory name of cfusion under your JRun server instance. This directory becomes the context root into which ColdFusion is deployed. For example, if you are installing ColdFusion in the default JRun server, the directory is /opt/jrun4/servers/default/cfusion.

  1. Create a directory named CFIDE.

This directory is the context root into which the remote development service (RDS) application is deployed, for example, /opt/jrun4/servers/default/CFIDE.

  1. Stop the JRun server to which you want to deploy ColdFusion by using the JRun Launcher (jrun_root/bin/jrun) or type jrun_root/bin/jrun stop server_name in a console window.
  2. If you haven't done so already, open a console window, navigate to the cfusion directory, and use the jar utility to uncompress the cfusion.war file, by using the following commands:
5.           cd jrun_root/jrun4/servers/servername/cfusion 
6.           java_home/bin/jar -xvf cfmx_install_directory/cfusion.war

The directory jrun_root refers to the directory in which you installed JRun 4, for example, C:\JRun 4 or /opt/jrun4. Replace servername with the name of the server to which you are deploying ColdFusion. For example, if you installed ColdFusion in the default JRun server, replace servername with default.

  1. Navigate to the CFIDE directory and use the jar utility to uncompress the rds.war file, using the following commands:
8.           cd jrun_root/jrun4/servers/servername/CFIDE (or cd ../CFIDE)
9.           java_home/bin/jar -xvf cfmx_install_directory/rds.war

  1. Configure JVM settings through the Settings panel of the JRun Management Console (JMC) or by using a text editor to modify the jrun_root/bin/jvm.config file.
  2. To enable COM support (Windows only), add the following jIntegra binary directories to the JVM's native library path (java.library.path):
12.       WEB-INF/cfusion/jintegra/bin
13.       WEB-INF/cfusion/jintegra/bin/international

  1. (optional) To enable CORBA support, copy the vbjorb.jar file to the WEB-INF/cfusion/lib directory and define the following argument:

-Xbootclasspath/a:"cf_webapp_root/WEB-INF/cfusion/lib/vbjorb.jar"

  1. To enable charting (UNIX only), define the following argument:

-Djava.awt.graphicsenv=com.gp.java2d.ExGraphicsEnvironment"

and specify

com.gp.java2d.ExHeadlessGraphicsEnvironment

instead of

com.gp.java2d.ExGraphicsEnvironment.

  1. In addition to enabling sandbox security in the ColdFusion Administrator, the application server must be running a security manager (java.lang.SecurityManager) and you must define the following JVM arguments:
17.       -Djava.security.manager 
18.       -Djava.security.policy="cf_webapp_root/WEB-INF/cfusion/lib/coldfusion.policy" 
19.       -Djava.security.auth.policy="cf_webapp_root/WEB-INF/cfusion/lib/neo_jaas.policy"

  1. To use cfregistry in Windows, to use the cfreport tag for Crystal Reports, and to use any C++ CFX custom tags, you must add cfusion/lib to the Java library path. Add the following directory to the JVM's native library path (java.library.path):

WEB-INF/cfusion/lib

  1. If you are running Solaris without X Windows, to use the cfdocument tag, you must set the headless switch to true in the jvm.config file, as follows:

java.awt.headless=true

  1. Start the JRun server the way you stopped it in step 3, either by using the JRun Launcher or by typing jrun_root/bin/jrun start server_name in a command window. If autodeploy is enabled, JRun 4 deploys the application automatically when you start the JRun server.
  2. Review the server log (jrun_root/logs/servername-event.log) to ensure that ColdFusion deployed successfully.
  3. Start the ColdFusion Administrator to run the Configuration Wizard.

Friday, April 3, 2009

Analysis Services and cube processing overview

SQL Server Analysis Services

SQL Server Analysis Services

Microsoft SQL Server 2005 Analysis Services (SSAS) delivers online analytical processing (OLAP) and data mining functionality for business intelligence applications. Analysis Services supports OLAP by letting you design, create, and manage multidimensional structures that contain data aggregated from other data sources, such as relational databases. For data mining applications, Analysis Services lets you design, create, and visualize data mining models that are constructed from other data sources by using a wide variety of industry-standard data mining algorithms.

Analysis Services Concepts and Objects

Microsoft SQL Server 2005 Analysis Services (SSAS) delivers online analytical processing (OLAP) and data mining functionality through a combination of server and client technologies, further reinforced through the use of a specialized development and management environment coupled with a well-defined object model for designing, creating, deploying, and maintaining business intelligence applications. For more information, see the Additional Resources section on the SQL Server 2005 – Analysis Services page on the Microsoft TechNet Web site.

Analysis Services Architecture

Microsoft SQL Server 2005 Analysis Services (SSAS) uses both server and client components to supply online analytical processing (OLAP) and data mining functionality for business intelligence applications:

* The server component of Analysis Services is implemented as a Microsoft Windows service. SQL Server 2005 Analysis Services supports multiple instances on the same computer, with each instance of Analysis Services implemented as a separate instance of the Windows service.

* Clients communicate with Analysis Services using the public standard XML for Analysis (XMLA), a SOAP-based protocol for issuing commands and receiving responses, exposed as a Web service. Client object models are also provided over XMLA, and can be accessed either by using a managed provider, such as ADOMD.NET, or a native OLE DB provider.

* Query commands can be issued using the following languages: SQL; Multidimensional Expressions (MDX), an industry standard query language for analysis; or Data Mining Extensions (DMX), an industry standard query language oriented toward data mining. Analysis Services Scripting Language (ASSL) can also be used to manage Analysis Services database objects. Related topics: Key Concepts in MDX (MDX), Multidimensional Expressions (MDX) Reference, Analysis Services Scripting Language (ASSL), Data Mining Extensions (DMX) Reference

Analysis Services Concepts

Microsoft SQL Server 2005 Analysis Services (SSAS) provides online analytical processing (OLAP) and data mining functionality for business intelligence solutions. Before designing a business intelligence solution using Analysis Services, you should familiarize yourself with the OLAP and data mining concepts required for a successful solution.

Analysis Services combines the best aspects of traditional OLAP-based analysis and relational-based reporting by enabling developers to define a single data model, called a Unified Dimensional Model (UDM) over one or more physical data sources. All end user queries from OLAP, reporting, and custom BI applications access the data in the underlying data sources through the UDM, which provides a single business view of this relational data.

Analysis Services provides a rich set of data mining algorithms to enable business users to mine their data looking for specific patterns and trends. These data mining algorithms can be used to analyze data through a UDM or directly from a physical data store.

For more information, see the Additional Resources section on the SQL Server 2005 – Analysis Services page on the Microsoft TechNet Web site.

Analysis Services Objects

A Microsoft SQL Server 2005 Analysis Services (SSAS) instance contains database objects and assemblies for use with online analytical processing (OLAP) and data mining.

  • Databases contain OLAP and data mining objects, such as data sources, data source views, cubes, measures, measure groups, dimensions, attributes, hierarchies, mining structures, mining models and roles.
  • Assemblies contain user-defined functions that extend the functionality of the intrinsic functions provided with the Multidimensional Expressions (MDX) and Data Mining Extensions (DMX) languages.

In This Section

The following topics describe objects shared by both OLAP and data mining features in Analysis Services.

  • Data Sources (Analysis Services) Describes a data source in Analysis Services.

  • Data Source Views (Analysis Services) Describes a logical data model based on one or more data sources, in Analysis Services.

  • Cubes (Analysis Services) Describes cubes and cube objects, including measures, measure groups, dimension usage relationships, calculations, key performance indicators, actions, translations, partitions, and perspectives.

  • Dimensions (Analysis Services) Describes dimensions and dimension objects, including attributes, attribute relationships, hierarchies, levels, and members.

  • Mining Structures (Analysis Services) Describes mining structures and mining objects, including mining models.

  • Roles (Analysis Services)Describes a role, the security mechanism used to control access to objects in Analysis Services.

  • Assemblies (Analysis Services) Describes an assembly, a collection of user-defined functions used to extend the MDX and DMX languages, in Analysis Services.

Wednesday, April 1, 2009

Secure your ColdFusion application against SQL injection attacks

written by Ryan Wagener(Adobe)
from http://www.adobe.com

While not any more vulnerable than any other server side language, ColdFusion does have many options to help you protect your site against SQL attacks. The thing to remember is it is not ColdFusion that is vulnerable or any other language that is at fault but it is the way in which the application is coded that causes the issues.

Developers that have spent any significant amount of time building websites quickly realize that security issues are a vital consideration. Malicious users can target your site at any time, forcing you to spend time identifying and fixing the vulnerability that has been exposed. If they made changes to your site, you'll need even more time to restore the site to its original condition, and in the meantime legitimate users' perception of your site may be tarnished irrevocably.

When someone has gained unauthorized access to your site, they can damage it any number of ways, including:

* Redirecting visitors to another site
* Deleting, changing, or adding dynamic content
* Deleting or modifying tables in your database
* Disabling web pages or introducing errors

You can take some basic steps to significantly decrease the chance of your website being altered without your consent. In this article I will explore some tips and tricks that you can use to help protect your websites. Although there are many other aspects of security to understand and steps you can take, this will give you a better understanding of what can be done right now to protect your sites.

Note: The examples used in this article are based on ColdFusion and Microsoft SQL Server. It is important to note that these products are no more vulnerable than any other server-side software. It is the way the application is coded, rather than the underlying technology, that causes most security problems.