While reading through some of the ColdFusion blogs the last couple of days, I think one issue has been missed: The security vulnerability in FCKEditor exists outside of ColdFusion. In other words, if you are using the FCKEditor tool outside of ColdFusion, or your ColdFusion site uses the stand alone version (and not the embedded version with ColdFusion), this issue can leave your site open to an attack. The major error on Adobe’s part seems to be that the 8.0.1 updater introduced this issue by enabling uploads in the file upload connector. The embedded version of this editor in ColdFusion does not allow file uploads, so this feature should be disabled.

For those of you who own or maintain sites that use Authorize.NET to process transactions, you may have noticed a severe outage of the service over the weekend. Twitter was abuzz with the issues that according to the folks at Authorize.Net was due to a fire at their main data center. Apparantly this affected all of the company’s systems, even their backup systems. Whatever happened to someone making sure their was not a single point of failure?

Before I had dinner last night I grabbed my BlackBerry and checked out my Twitter feed. There I saw the breaking news that Michael Jackson was on his way to the hospital and then a few minutes later it was reported he had passed away. On my way to work this morning I realized just how much my collecting of the latest news has changed since I have been using Twitter. I rarely visit the front page of websites I browsed frequently in the past (CNN, FoxNews, etc…). Now I just check my Twitter stream and I am immediately informed by many different news sources. Most all the major news networks have various Twitter accounts these days.

Sports information is another area that I find myself using Twitter for instead of browsing various sites as well. I know way too much information about the New York Mets now, from what happens before, during and after the games, by following the Mets beat writer for the NY post. Same thing for other sports and teams I follow as well.

It’s just amazing how 140 characters at a time keeps me more up to date with my news and interests than ever before.

This is just a quick little tip I came across yesterday. I was reading a Guid value out of a database and then passing it to .NET service along with some other data. The column type in the SQL Server database was a standard VARCHAR field, while the service itself was expecting a Guid data type to be passed in. My first thought was that there was a little convert function that would do the work of converting my string to a Guid type, in the same way you can convert variables to integers, strings etc… Quickly I found out this was not the case, and after searching online I came across a solution that was just as simple:

 C# | 
 copy code |
?
 
1
2
Guid id = new Guid(yourStringValue);
3

Easy enough, and now I had my Guid data type to pass into the service.

I have been interested lately in the various areas of warfare in our current times. The major focus of current situations WILL involve cyber warfare as part of any conflict. Many folks are under the impression that conflicts between other countries than their own really will not change their lives that much. If you are of this belief, read the post titled Collateral Damage written by Robert X. Cringely on is blog. He lays out the ripple effect of a cyber warfare in other countries, for example a conflict between India and Pakistan. With a great deal of large companies outsourcing work to these countries, any type of cyber attack could be devastating. As Cringely points out an attack could cripple customer support for many banks and PC companies or even attack source code repositories.

It is a well written post that will leave most people stunned once they consider the “what if” scenarios. I totally agree with Cringely that any conflict in the modern era will have a cyber warfare component. I would also argue that the first “shots” fired in a conflict could very well happen in the cyber world.

Yesterday I was working on a .NET website that has a couple of cost calculators in them. The user inputs 10 or so data points and the application will calculate their costs and savings. While working on some validation of the user submitted data, I need to make sure all fields were numeric in value. Well guess what? C# does not have an easy built in function to check for a numeric value. Most of the things I came across were hacks, try/catches or trying to cast the value to something numeric and then seeing the result. I then came across a nice little tip. VB does have a simple IsNumeric function (as does classic ASP). So how can you use this in your C# code?

The answer is very simple. All you need to do is add a reference to a .NET library and then tack on a using statement for the library. You can then use some of the VB functions right inside your C# code.

To add a reference in Visual Studio, just right click on the root item of your project and select Add Reference. From the .NET tab scroll down and find Microsoft.VisualBasic. Then click the OK button. At the top of your code behind file add:

 C# | 
 copy code |
?
 
1
2
using Microsoft.VisualBasic;
3

That’s it! In my application I can now use the VB function for IsNumeric like so:

 C# | 
 copy code |
?
 
1
2
if (Information.IsNumeric(Field1.Text) && Information.IsNumeric(Field2.Text))
3
{
4
     //Do something here
5
}
6

It’s been awhile since I have added a new post to the series that compares code in ColdFusion & .NET. Today’s post covers something I use quite a bit throughout some of my applications: storing values in a list type format. If you have programmed in ColdFusion for years, you take the built in list functions for granted. Today’s example covers storing a simple list of ID’s in a variable. You could use this for storing user group associations or something like that. The example will show you how to add an item to the list and then search the list to see if a certain value is stored within it.

First up the ColdFusion code:

 ColdFusion | 
 copy code |
?
 
01
02
<cfset variables.newID = CreateUUID()>
03
<cfset variables.idList = "">
04
<cfset variables.idList = ListAppend(variables.idList, variables.newID)>
05
 
06
<cfif ListFindNoCase(variables.idList, variables.newID)>
07
	Value Found
08
<cfelse>
09
	Value Not Found
10
</cfif>
11

This code is fairly simple. We create a UUID, use the ListAppend function to add the value to our list, then use ListFindNoCase to see if our value is in the list.

Now for the .NET code:

 C# | 
 copy code |
?
 
01
using System;
02
using System.Collections.Generic;
03
using System.Web;
04
using System.Web.UI;
05
using System.Web.UI.WebControls;
06
using System.Collections;
07
 
08
public partial class list_test : System.Web.UI.Page
09
{
10
    protected void Page_Load(object sender, EventArgs e)
11
    {
12
        Guid newID = System.Guid.NewGuid();
13
        ArrayList idList = new ArrayList();
14
        idList.Add(newID);
15
 
16
        if (idList.Contains(newID) == true)
17
            foundLabel.Text = "Item Found";
18
        else
19
            foundLabel.Text = "Item Not Found";
20
    }
21
}

This code is fairly simple as well. The big difference between the two languages is that .NET treats the list as an array, so we first set uo our ArrayList object, add our Guid value to the ArrayList, then search for our value using the Contains function. We then update the value of a label on our front end page depending on our results.

So as you can see using lists is easy no matter which language you use. Both languages also allow you to store your lists in the session scope as well. The one pointer for doing this in .NET is you must cast your value back out to an ArrayList object when reading it from the session:

 C# | 
 copy code |
?
 
1
2
ArrayList newsList = (ArrayList)Session["newsList"];
3

Just a quick note to let everyone know that WordPress 2.8 has been officially released and is available for download. So upgrade away, or install fresh. WordPress is the best blogging platform available.

I have been creating a lot of ASP.NET websites lately, and have been using LINQ for most of the database interaction throughout the sites. One frustrating piece about LINQ is debugging. In order for me to see what the query was running and returning, I would have to turn on the trace features and then use a logger to log the LINQ query to the trace. I could then copy and paste the generated SQL code into SQL Management Studio and see the results. I came across a blog entry this morning that mentioned a free tool named LINQPad, that in a simple explanation is like a SQL Management Studio for LINQ queries. You can create a connection to your database and test out your LINQ code from there. It also shows you the result set of your query.

One other nice little feature of the tool, is it includes code samples from a couple of different books, and they have added support to allow even more samples for more books. If you program with LINQ, give this a quick try. It can make writing and debugging your LINQ queries a little simpler.

Download LINQPad here.