For action="list" it states:
"list: returns a query result set, named from the name attribute value, of the attributes of the collections that are registered by ColdFusion. If you have Solr and Verity collections and omit the engine attribute, ColdFusion lists information for both types of collections."
The last statement is not true. If you omit the engine attribute, verity is the default. There is currently no way to get a complete list of collections using cfcollection.
 |  |
I've been working with Solr a lot more lately. Its worked fine locally. I decided to try a standalone installation on our dev server so that all developers can access the same collection. However it seems the Solr installer isn't as robust as Verity's.
One issue is that in CFAdmin, Data & Services > Solr Server, you can type in any text or IP, and there is no indication as to whether CF was able to connect at all. It always returns a positive message: "Solr Server Configuration information updated.". Either way, I typed the FQDN of the dev server.
I then went to the Data & Services > ColdFusion Collections page, and it cleared out my old Solr collections, but there was also no error here – it would be nice to know if it wasn't able to connect!
So I tried the URL, http://<FQDN>:8983/solr/, and it didn't connect, so I supposed it was a firewall issue. So I hopped on the dev server, which is a Windows 2008 R2 OS, and went to the firewall area. No entry for Solr!
I suppose that since Verity uses specific ports like 9953, and that its not a web server returning data, its not as big a security risk. You'd have to know the specifics on the proprietary protocol. But, since Jetty is returning data on port 8983, and its a web server, this is where you need some security. It would have been nice though to see CF Solr as an entry in the firewall unchecked, and all you had to do was enable access to your subnet (domain) for the standalone to be complete.
To me, the standalone installer is locked into the server, unless you open it up. And the installer doesn't do any of the work for you, nor does it notify you that you may need to make the following changes for standalone to work properly. Sigh.
Anyways, so I added inbound and outbound entries for the firewall and I am still unable to connect. Does anyone have any clues on any additional setup that is needed for a standalone Solr to accept remote connections? I am able to run the Solr web interface locally on the dev server just fine, just not from my workstation, and the firewall isn't the issue, because I tried turning the firewall off completely and still no-go.
UPDATE: Looks like Jetty is set to block all NON-LOCAL connections. This makes the standalone installer pretty useless. We went to \coldfusionsolr\etc\jetty.xml, and changed -Set name="Host"-127.0.0.1-/Set- to -Set name="Host"-0.0.0.0-/Set- (substitute dashes with <>). But now its open to everyone, and ideally you'd like to enter just your subnet or set of IPs. Looks like I have to drive into Jetty now!
| |
Pre-CF 9.0.1, the CGI scope acted funky – but maybe you never noticed.
For example, if you ran:
<cfdump var="#cgi.someRandomString#" /><cfdump var="#StructKeyExists(cgi,"someRandomString")#">
It would result in:
[empty string] YES
You'll note, the 2nd DUMP is incorrect, as that struct key does NOT exist. As far as I know, this has always been the case for CGI. Well, with CF 9.0.1, bug #82425 was fixed.
The same code now produces this result:
[empty string] NO
Just an FYI.
| |
In the CF 9.0.1 list of What's New and Changed, the last item listed in the "other enhancements" area is a small note that "CFID, CFTOKEN, and jsessionid are marked httpOnly". This is a small but significant step in the right direction.
What is httpOnly mean? Well, the OWASP website has a nice explanation. Basically it means: "If the HttpOnly flag (optional) is included in the HTTP response header, the cookie cannot be accessed through client side script (again if the browser supports this flag). As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits this flaw, the browser (primarily Internet Explorer) will not reveal the cookie to a third party."
In plain english, I think it means these cookies are basically read-only, meaning you can't write something in the browser to manipulate them. The big caveat being that the browser must support the optional flag to have this functionality.
Lots of people have started posting wish lists for enhancements to CF10. Read more on Pete Freitag's blog and Jason Dean's as well.
| |
The new release includes (among other things):
It is also noted: "In addition, there are some enhancements related to Language, Caching, Ajax, SpreadSheet, Solr, and Logging and scores of bug fixes."
Read more @ http://kb2.adobe.com/cps/847/cpsid_84723.html.
Download files @ http://www.adobe.com/support/coldfusion/downloads_updates.html#cf9.
| |
8-27-2010
8-26-2010
8-23-2010
8-19-2010
8-9-2010