Archive for April, 2012



Here we are again with another ColdFusion lesson learned. The thought that came to my mind when i was working with a CFLayout tab, was how do i refresh the tab’s contents other then using the standard ways of submitting a form.

In this case i had a button that would make an Ajax call to process a selection Asynchronously. After that call i was looking to see how we can display those changes on the tab using Javascript. Well lucky us, ColdFusion Layout objects are accessible using JavaScript. Here is an example:

   <script type="text/javascript">
      ColdFusion.Layout.hideTab('mainLayout', 'userPerm');
      ColdFusion.Layout.showTab('mainLayout', 'userPerm');
      ColdFusion.Layout.selectTab('mainLayout', 'userPerm');
  </script>

What we are doing here is pretty self explanatory. We are hiding the tab first which basicly, removes the tab from the layout. Then we show the tab in the layout which does a call to refresh the contents of the tab. This is the same as doing an Ajax call to get contents of a page except we are using ColdFusion to do it. Then we select the tab in the last step which brings us back to where we started.

Now i will warn you that my experience with this method is flaky at best. The method i found to work without doing a form submission or doing a new pageload, was to do the Ajax call myself instead of relying on ColdFusion.

Now i know it is not easy to run JavaScript that is part of a tab contents, but if you know what calls are needed then you can have your JavaScript functions included on the parent page, which gives you the ability to call those functions within the tabs. What this does is allow you to wrap your tab HTML in a div, then call Ajax to retrieve the contents again, and set the innerHTML of the div equal to the new content. All this done without a whole pageload. Now i am certain there are many ways to skin this cat, but you will see i am a fan of Ajax. I like the experience of processing data in the background which provides clean HTML reloads. If anyone would like to add to this, or critique the method, by all means let me know. I am always open to learning something new!.

Advertisements

A good friend of mine today showed me that you can teach an old dog new tricks. When you have been in the game a while you would like to think that you know just about all there is to know about a programming language. Then someone comes along and shows you something that is amazing. How did I not know this?. The two things you can do is 1 deflect and act like you knew it all along or 2 you can accept the fact that someone out there might have a good idea that is useful and admit you don’t know everything. Well i digress, the point of this was to teach all of you that no matter how long you have been in the game, be open to learning something from someone, it is ok. Trust me they won’t think you are an idiot for not knowing, they may think better of you for admitting you don’t know everything.

So on to the point. What I learned today was that using CFHTTP which is the equlivalent of opening your browser and going to a URL, you can invoke a CFC method as long as the access=”remote” in your cffunction

EX:


<cfhttp url="http://192.168.0.0/test/test.cfc?wsdl" method="post">
   <cfhttpparam name="method" value="methodname" type="formfield">
   <cfhttpparam name="methodarg" value="#arg1#" type="formfield">
</cfhttp>

I am looking at this example amazed. Understnding the potential security implications this can have. Essentially anyone can open a web browser and pass the method name with the arguments to a CFC in your directory and this will execute your CFC from an unknown user.

ColdFusion has made it so easy for developers to implement code and make remote calls, that they opened up a can of worms that could lead to serious issues. These days many hackers have the patience to figure out the holes in our systems. It is our job to ensure that they are not the ones that test out and find exploits in our code. This means closing the gaps. Be thorough not complacent with making sure that your application from top to bottom is balanced between being secure and yet very easy to use. This proves to be a very valuable lesson. Be very careful with allowing remote access to your CFC’s. If you need to allow remote access, make sure you validate your data and authenticate it before allowing it to be executed.

I would like to open up the lines and ask for comments on this. Let me know your experiences with this.


One issue I seem to run into more and more now that I have a VMWare virtual environment, is Ghost Nic’s. yes it can be a little scary, but easily resolved. So what is a Ghost Nic?. It is when a Nic card is removed from a VM or physical box prior to removing it’s settings. So when another Nic is installed it shows as Nic #2 , and windows will complain that the IP is already in use by another Nic if you are trying to reuse the IP from the old one. Here is the odd part, there is no other Nic at least not anymore so how could this be?. Well by removing a Nic before uninstalling it, the windows registry will continue to map to a Nic that is no longer present. It holds it’s settings in the registry so that if it is ever put back in, then all your settings will show back up. Each device in windows has a unique ID that identifies it within windows and this is what windows ties the settings to.

This seems to be more of an issue now because in VMWare all your devices are now virtual to the VM, and If anything happens to your VMWare tools or you need to P2V a machine it is very easy to forget to uninstall your Nic cards before re installing or virtualizing your physical box. Of course I always forget to do this. Now if it is a physical box, the easy fix is just pop in the old Nic and uninstall the drivers and settings by going to device manager >> uninstall device then you are all set. In VMWare, well you can’t pop in a virtual Nic and uninstall the drivers because every time you install a new Nic in a VM, it is given a new UUID. So I will show you how to take care of it another way.

First goto your command prompt and run this command

Then right click on My Computer >> click on Properties >> then goto Device Manager.

Once you are in Device Manager click on the View menu option, then select “Show Hidden Devices”. You should see your ghost Nic in the list of devices in your Device Manager window. At this point right click the device, and select uninstall. Now your Nic settings are freed up and you can assign your static IP along with your other settings without having any issues.

If you have any problems, questions, comments. Feel free to leave me a comment or email me.


We have owned a pair of Kemp 2500 Network Load Balancer for some time now. One thing I noticed after an update was I was getting alerts from the load balancer telling me that my primary balancer was unresponsive. Being a production balancer you can imagine no one wants to get this kind of message during peak times. The first time I recieved this message I was very anxious not knowing what to do. However there is plenty of information on the internet on how to resolve this issue. Being that the Kemp Load Balancer’s are built on a Linux server, the suggestions out on the internet helped tons. So I called support and they helped me to increase the values of GC_Thresh1,2 and 3. This was pretty simple and straight forward, but far from over.

So I won’t make the how to’s that are already widely available more redundant, instead I am writting this to put out a scenario where after these values were increased, I started to get that same issue happening again.

I could not believe it. I thought for sure this was fixed by increasing the values. According to Kemp they had tested these balancer’s on a class A network. So how is it that my class B is throwing everyone off and in fact freezing up again due to an overflow of the ARP table.  After running a TCP dump of only ARP requests on the balancer for 14 hours, we noticed that each ARP request were getting tripled because 3 of the 4 Nic’s on the balancer had address’ assigned to them that all go back to a single switch.

Being that the network design is flat with no VLAN’s, all ARP requests will come in every NIC. If the NIC’s were on seperate VLAN’s then the issue would not have happened, however it is very hard to go back and change a network design after it has been in place for several years. So how could this happen? it is like a broadcast storm or an ARP flood, but we found out that actually it was a utility that was being run to find all MAC address’ on the network and it’s associated IP address. This program CC Get MAC Address, floods the network with ARP requests. While every server and PC seem to handle this flood fine, the balancer’s on the other hand struggle. I would have thought that the balancer would dispose of the packets if the requests do not pertain to it, but in fact it caches the request, at an alarming rate causing the table to overflow.

So in short if you have this happening even after your threshold values have been increased, make sure no utilities are being run that will flood the network. It will save you some serious time and headaches.

%d bloggers like this: