Update: Oracle has released an emergency patch after stating they weren’t breaking their cycle. Download the Java 7 security patch here: http://reviews.cnet.com/8301-13727_7-57503787-263/oracle-patches-java-7-vulnerability/
If you haven’t heard the news recently, then you should probably take a minute to read this and find out if you’re at risk from the latest security vulnerability found in Java 7 update 6. This is known as the zero-day vulnerability and is considered to be an “extremely critical” Java vulnerability by Secunia.
Java’s latest release had quite a few vulnerabilities. 19 vulnerabilities to be exact, with the zero-day vulnerability being one of them. Oracle is saying it was aware of the vulnerabilities the whole time, but isn’t going to release anything until their next scheduled patch release, which is in October. You can read more about Oracle’s claims, here.
From what I’ve been able to find out, this vulnerability put’s anyone at risk who is using Java 7 along with Internet Explorer, Google Chrome, FireFox and Safari. Don’t expect to be safe if you’re on a Mac either. It’s been confirmed that anyone with a Mac that has Java 7 installed, is susceptible to the same attack as a Windows users. If exploited, the attacker could run a Trojan known as “Poison Ivy” to attack the computer without any knowledge or required permissions. A quote from Carsten Eiram, Chief Security Specialist at vulnerability management firm Secunia, “This vulnerability is not a ‘memory corruption’ type vulnerability, but instead seems to be a security bypass issue that allows running untrusted code outside the sandbox without user interaction. In this specific case a file is downloaded and executed on the user’s system when just visiting a web page hosting a malicious applet.”
So how do you fix the zero-day Java 7 vulnerability? Well, there’s an unofficial patch, but I’d highly recommend uninstalling the latest update of Java from all of your computers until further notice from Oracle. It is safe to revert back to Java 6 as a replacement, but there’s a chance some of your newer programs or Internet browser plugins may break as a result, but it’s better to be safe and deal with it for the time being.
A quick follow up to the part 1 of caching queries in Ehcache with ColdFusion.
In ColdFusion 9, we were forced to work the long way of figuring out if a query object was in the cache and if it wasn’t then to use cachePut() and insert it. With ColdFusion 10, we’ve got some improved caching features that makes the default cache be the Ehcache layer.
Instead of writing:
<!--- check for the query object in the cache---> <cfset getAllMembers = cacheGet("qry-getAllMembers")></cfset> <!--- check to see if the cache object has any data ---> <cfif isNull(getAllMembers)> <!--- query for some data ---> <cfquery name="getAllMembers" datasource="local_sample"> SELECT first_name,last_name,email,zip FROM member LIMIT 30 </cfquery> <!--- insert the query into the cache ---> <cfset cachePut("qry-getAllMembers",getAllMembers,CreateTimeSpan(0,1,0,0))></cfset> </cfif> <!--- dump the query object ---> <cfdump var="#getAllMembers#"></cfdump>
All we’re going to need to write is the query, with one new attribute: cacheId.
<!--- query for some data and cache the query ---> <cfquery name="getAllMembers" datasource="local_sample" cacheid="qry-getAllMembers" cachedwithin="#CreateTimeSpan(0,0,12,0)#"> SELECT first_name,last_name,email,zip FROM member LIMIT 30 </cfquery> <cfdump var="#getAllMembers#"></cfdump>
I’ve been spending a lot of time trying to figure out where I can improve the overall speed of web pages and websites in general and it’s come to my attention, that a lot of ColdFusion developers have not worked with some of the new caching capabilities available to us. I believe most of the reason is that their company is still on ColdFusion 8 and hasn’t found a reason or has the capital to upgrade to at least CF9, let alone CF10.
Whether you’re preparing yourself for when you’re working with at least CF9 or maybe you need a quick refresher on some syntax, I’m going to provide a small example that can be used in a number of applications.
For the first part of these blog posts, we’re going to take a look at how to store a query object in Ehcache with ColdFusion 9.
There are three functions in particular you should remember; cacheGet(), cachePut() and cacheRemove(). They’re used exactly how they’re named and their purpose is for accessing the Ehcache layer.
<!--- check for the query object in the cache---> <cfset getAllMembers = cacheGet("qry-getAllMembers")></cfset> <!--- we're going to set a message just to see what runs ---> <cfset message = "Data came from the cache"></cfset> <!--- check to see if the cache object has any data ---> <cfif isNull(getAllMembers)> <!--- query for some data ---> <cfquery name="getAllMembers" datasource="local_sample"> SELECT first_name,last_name,email,zip FROM member LIMIT 30 </cfquery> <!--- insert the query into the cache ---> <cfset cachePut("qry-getAllMembers",getAllMembers,CreateTimeSpan(0,1,0,0))></cfset> <cfset message = "Data came from the query"></cfset> </cfif> <!--- output the message just to confirm you're retrieveing the data from the correct source---> <p><cfoutput>#message#</cfoutput></p> <!--- dump the query object ---> <cfdump var="#getAllMembers#"></cfdump>
At a previous job I was trying to help a fellow developer out with what they were trying to accomplish and in doing so, I came up with what you’re going to see below. Just as a note, they never ended up needing this at all ^_^!
So what’s this post about? Well, I’m going to try and show you another option for collecting and saving content. I’ve heard some magazine and newspaper websites are doing things like this, but I haven’t seen it anywhere except for analytics tracking. As a note, this is not at all a polished nor finished demo, but I’d like to see what kind of examples other developers can or maybe have already done with this. I hope you’ll find my code as a good starting place for getting started with your own tests.
Read the rest of Highlight and Capture Text Using jQuery »
It’s been way too long since I’ve last posted anything on development! While recently being laid off, it’s allowed me to really think about where I am and what I’m doing now. It seems I’ve lost touch with a lot of the things I’ve wanted to accomplish and I’m going to try and get myself going with blog posts, open source development, self learning and answering any questions some of you might have.
As a good start, I’ve finally got with the program and updated my blog with WordPress so I can push out content faster and it also just allows me to become more familiar with the blogging software. I apologize for the ads you might see, but as you read above, I’m currently unemployed.
To give you an idea of some of the content I’m planning on sharing, I’ll give you some brief hints:
Until next time..
Switch to our mobile site