You need to be careful with references to objects or structs. I was looking at some old code the other day and I noticed I hadn't var'ed some local variables - very naughty of me. So I fixed the code but it no longer worked.
In ColdFusion Securing Databases (part 1) we looked at restricting what sql statements can be run with a datasource and partitioning applications to use multiple datasources and multiple users to improve security. In this article we'll look at setting the permissions on the database tables.
The most common problem I've run into with applications slow performance is the lack of indexes on the databases. Sometimes this is just because the application ran fine with a small amount of data but now is working off a larger amount, or the application is being used in unexpected ways (running less 'common' queries run more often), or the production environment doesn't have the same indexes as the development environment or worse case the indexes were never created in the first place.
Without indexes queries can take seconds with indexes they take milliseconds!
Most ColdFusion applications I'm come across tend to use a single datasource or if they use more than one the same user credentials are used. As well as causing possible performance and scalability issues this can be a security risk.
It's quite easy to restrict what SQL statements a datasource will run with the ColdFusion administrator.
Last week when I looked at databases pools I got a few suggestions re master/slaves databases. In this configuration you set up a single database (called the master) and have it replicate to one or more other databases (called the slaves).
With a discussion with Sammy he suggested that my ColdFusion database pool DSN component could be extended to select the current datasource with the least no of connections rather than just randomly picking one.
Here's the modified code.
Using ColdFusion it's fairly straight forward to make web pages appear in more than one language.
First off you need to detect what language you want the page to be in, next you load the strings you want to display from a resource file and lastly display the page in the required language.
You've tuned your databases queries, added all of the indexes you can think of and cached all of the queries you can but your database still isn't giving you the performance you need.
So it's time to split up your database into several databases and move each of these new databases off onto separate database servers. Or perhaps a RAID database is the solution to your performance issues.
No matter how secure your server is there exists the potential for someone to upload their own pages or modify existing pages on the server via an exploit of some sort. How can you detect this or stop this from happening?
A little ColdFusion code can help detect modified or unknown pages and stop these pages from running.
What's wrong with this bit of code?
Well nothing as long as the page is viewed with a browser. However a cgi variable in your code may not exist if a spider rather than a browser looks at your site. This includes spiders like google. Your site may not be indexed by search engines if you don't handle CGI variables correctly.
