ShiftInsert.nl

Coldbox and VueJS untangled

Category: Coldbox (Page 2 of 3)

Event.buildLink: query params vs path variables

December 8, 2020 / / 0 Comments

I had some issues with how event.buildlink() in Coldbox is generating a URL. To understand what’s my problem let me introduce the old-fashioned way to hit a coldbox application

http://mysite.ext/index.cfm?event=user&age=30
or
http://mysite.ext/index.cfm?event=user.index&age=30

With some rewrite magic this last form can be written as

http://mysite.ext/user/index&age=30
or even
http://mysite.ext/user/index/age/30

So all four forms are behaving the same, if you apply the correct rewrite rules in your webserver and the default rules in the Coldbox router. The coldbox manual has some info on rewrites for several webservers. So in most cases the web is rewriting your url’s in such a format that coldbox will receive this:

http://mysite.ext/index.cfm?user/index/age/30

Coldbox itself is smart enough to hand this over to the router, which has some default rules enabled which translate the user/index/age/30 to:

  • event = user.index
  • age=30
Continue reading

Cfcookie or cookieStorage?

December 1, 2020 / / 0 Comments

Coldbox has the cbstorages module which can be used as an API for accessing persistent storage such as cookie, session, application, cache and more. The question is: why should I use such storage if there is cfcookie or something simple as as session struct?

Let me explain with some code. I was working on updating the cbi18n module where we can use session, client, cookie or request scope to store the currently selected locale. In code this is getting ugly soon, with code like this

switch(instance.localeStorage){
  case "session" : { storage = session; break; }
  case "client"  : { storage = client; break;  }
  case "cookie"  : { storage = cookie; break;  }
  case "request" : { storage = request; break; }
}

and in other places in the code:

<!--- Storage of the Locale in the user storage --->
<cfif instance.localeStorage eq "session">
  <cfset session.DefaultLocale = arguments.locale>
<cfelseif instance.localeStorage eq "client">
  <cfset client.DefaultLocale = arguments.locale>
<cfelseif instance.localeStorage eq "request">
  <cfset request.DefaultLocale = arguments.locale>
<cfelse>
  <cfcookie name="DefaultLocale" value="#arguments.locale#" />
</cfif>
Continue reading

Using bCrypt in cbsecurity

December 1, 2020 / / 0 Comments

In a previous post I explained why bCrypt is a good choice for hashing your passwords. In this post I will show were you can hash and check your passwords: in your handlers, in a service layer or in some entity model. When using cbsecurity I will show you why it fits best in your service layer or entity model.

But let’s start with some hashing and checking in a handler. Make sure bcrypt is installed by using commandbox and execute the command:

box install bcrypt

Let’s say you want to store your password in a db table. Bcrypt has two important methods for hashing and checking called hashPassword() and checkPassword() but you have to call them on a bcrypt instance, so you can inject bcrypt in a handler:

property name="bCrypt" inject="BCrypt@BCrypt";

or getting your instance directly by calling getInstance("BCrypt@BCrypt"). But you don’t have to do this, by installing the module some mixin helpers are created so you can just call bCryptHash() or bCryptCheck(). These handy functions will be available in all handlers, views, layouts or even interceptors. So let’s say we want to save a user in some handler it will look like this:

Continue reading

cbOrm: populating new objects

November 22, 2020 / / 0 Comments

In the past I’ve been using cborm a lot, since it makes handling coldfusion (hibernate) ORM so much easier. But lucee support for ORM was less than optimal in a multi-datasource environment, so I decided to rewrite this application more or less according to the fluent API approach as demonstrated by Gavin Pickin at ITB 2020. In this coding style I have two quite efficient ways of populating a new object:

property name="UserService" inject;

//populate
var user = populateModel(
  model=UserService.new(), 
  memento=myUserData 
);

//vs a shorter method
var user = UserService.new( myUserData );

Both should return the same populated user object, but the second one does the population within the new() method, so I got used to using this handy method.

Continue reading

Arguments in arguments…

November 21, 2020 / / 0 Comments

I have to admit. This is not the most useful post I ever wrote, but today I discovered something funny but interesting when I tried to fix some small bug. I was working with the bcrypt module. If you don’t know what this module is doing: it is a very secure way for hashing passwords, and since checking the validity of your password is relatively slow it is quite useful to prevent password cracking. Before diving into bugfixing let’s see what bcrypt is doing. It is a coldbox module and only has a few relevant functions:

  • hashPassword(password, [ workfactor], [salt]) which generates a password hash based on a salt and a workfactor. If you don’t supply a workFactor or salt, the coldbox module will generate a salt with a default workfactor of 12. The higher the workfactor, the longer it takes to check for a valid password. (on my system a workfactor means it takes 200 milliseconds to check for a valid password.
  • checkPassword( candidate, bCryptHash) will check a password candidate agains a (stored) bcryptHash.
  • generateSalt( workFactor ) will generate a salt, based on a workFactor. Increasing a workfactor by 1 will mean it takes double the time to check your bCryptHash. This way you can prevent password attacks, because generating and checking is relatively slow.
Continue reading

Protecting your passwords with bCrypt.

November 21, 2020 / / 0 Comments

We all know. We should never ever store a plaintext password in a database. If a hacker gains access to your data you will be in serious trouble. There are many ways to protect your data, but at least you should make sure your passwords are not readable. In the past we did this by some simple hashing, but modern computers are so fast it is easy to do some password cracking. In time it even gets easier because processors are becoming faster and faster. Another disadvantage: simple hashing will reveal some records with the same passwords. These are often the easiest to guess or crack by brute force. So we need something better.

Coldbox has a nice little module called bcrypt, which is just a wrapper to the jBcrypt java library which is a Java™ implementation of OpenBSD’s Blowfish password hashing code. Wikipedia has a nice description of the bcrypt password hashing algoritme. Bcrypt hash some strong points:

  • generating a hash for the same string will always return different results
  • comparing a password candidate with the stored hash is relatively slow, which makes brute force attacks harder.
  • the hash can be generated with different workfactors. The higher the workfactor, the more time it takes to compare your hash with a password candidate. By increasing the workfactor in time you can account for faster processors, so brute-force attacks remain unattractive.
Continue reading

qb: Autodetecting your bind variables in SQL

September 22, 2020 / / 0 Comments

In an ideal world, everyone is using qb or quick, and you really don’t know what a bind variable is. Before you discovered this ideal world, maybe you were using queryExecute and were executing queries like this one.

var q =queryExecute("Select * from users where userId = #url.UserId#");

This kind of code ( don’t do this in production ! ) is wide open for sql injection attacks. This post is not about sql injection, so we assume you were already so smart to use queryparams, so something similar to this.

var q = queryExecute(
  sql="Select * from users where userId = :myId",
  params =  { myId: { value = rc.UserId, cfsqlType = "integer" }
)
Continue reading

Cfcompile to the rescue (part 2)

September 12, 2020 / / 0 Comments

A few days ago I blogged about some annoying lucee or coldbox behaviour. On syntax errors in components often I didn’t get feedback on the offending file or line numbers. This makes it very hard to debug your application if you made changes in several files at once. After my post I was contacted by Zac Spitzer who asked me if I could file a bug. I already did this a few months ago, but they couldn’t reproduce my case. So we talked about this bug and I digged a little deeper to find out what was wrong.

Continue reading

Cfcompile to the rescue

September 9, 2020 / / 1 Comment

This is a story about sloppiness, dislexia, or maybe my touch typing skill are just lacking when coding. I also hear friends telling me their cat is sleeping on the keyboard. To add to this disaster, Lucee is not very helpful when trying to decipher my typo’s. I wonder if you ever saw a screen like this:

We all see these ugly screens sometimes, but usually they provide some information on an error. But not this time…

Continue reading

CbValidation: UDF or Customvalidator?

August 11, 2020 / / 0 Comments

Yesterday someone had an interesting use case for the cbvalidation library. I presented at ITB2020 about cbvalidation, and I’ve contributed some code so I thought it had no secrets anymore. But when trying to solve this case I discovered cbvalidation still had some hidden lines for me. When discussing this validation problem we tried to solve it with UDF validators, but -spoiler alert-finally we agreed it was not powerful enough. So time to build a CustomValidator, which is a lot easier than you might think.

Continue reading
« Older posts Newer posts »

© 2024 ShiftInsert.nl

Theme by Anders NorenUp ↑