coldfusion 10

ColdFusion 10 Raymond Camden

This Guy

Developer Evangelist for Adobe Blog: www.raymondcamden.com Email: cfjedimaster@adobe.com Twitter: cfjedimaster

So what’s next in Zeus?

ZEUS! aka: ColdFusion 10

ColdFusion 10

Currently in public beta Along with an update to ColdFusion

Builder NOT TALKING ABOUT:

Release Dates (spoiler: not today)

Prices

Editions

All of the above is way over my pay grade.

ALL FEATURES NOT FINAL!

(but darn close…)

Getting the bits + providing feedback

Download http://labs.adobe.com/technologies/coldfusion10

Discuss http://forums.adobe.com/community/labs/coldfusion10

http://forums.adobe.com/community/labs/coldfusion10/coldfusionbuilder201/

Denounce! (ok, not really…) https://bugbase.adobe.com

ColdFusion 10 Features/Changes

Server level Admin Improvements Security out the Ying Yang Language Improvements Solr Improvements Java Integration REST HTML5 Web Sockets Charting Scheduling Web Service Microsoft Exchange 2010 Caching Updates

Saying goodbye…

No more JRun No more Verity

Server level

Tomcat replaces JRun

Various internal libraries updated (Hibernate, Axis, Solr, etc)

Security improved

Lazy loading for ORM and Flex

Admin Improvements

Hot Fix Installer Template Cache – By Folder Clear Query Cache File Browser IP Addresses for Admin Multiple new pages/fields related to other

features

Demos

Security Enhancements

XSS/CSRF Protection Session Improvements Hash HMAC (Hash-based Message

Authentication Code) File Type Mime Checks And more…

Mail CRLF protection, cflogin strengthened, other services improved

XSS Protection

Cross-site Scripting Open Web Application Security Project's

(OWASP) Enterprise Security API New functions:

encodeForHTML encodeForHTMLAttribute encodeForJavaScript encodeForCSS encodeForURL canonicalize

Demos

/demos/security/xss

CSRF Protection

Cross-Site Request Forgery New functions:

CSRFGenerateToken

CSRFVerifyToken

Demos

/demos/security/csrf/csrftoken.cfm

Session Improvements

httpOnly on by default Secure (default is false) Domain Timeout (days, -1 for killing session when

browser closes) sessionInvalidate and sessionRotate

Example

this.sessioncookie.httponly="true";

this.sessioncookie.secure="true";

this.sessioncookie.domain="value";

this.sessioncookie.timeout="value";

Hash

Hash can now be told to iterate N times: hash(input, "sha", 4)

Demo

/demos/security/hash.cfm

Mime Type Checking

cffile upload getFileMimeType

Demos

/demos/security/fileupload.cfm and filemimetype.cfm

Language Improvements

In no particular order… Cookie via Script

For-in for Queries

Append to file with content

Call Stack

Application Metadata

Disk Space/CPU

App-specific VFS

CFC implicit constructors, method chaining, implicit notation

XPath2

VFS supports app-specific, Zip, HTTP, FTP

dateTimeFormat

cfinclude runonce

Application.cfc - onAbort

cfloop/group

cfpop/secure

JSON support for implicit CFML variables

queryAddRow/queryNew easier!

Oh, and….

CLOSURES!

Demos

/demos/lang

CFC Syntax Sugar…

Implicit constructor

Method chaining

Implicit notation (setting) this.invokeImplicitAccessor = true;

Demo

/demos/cfcs

Solr

Dynamic custom fields (as many as you want, even up to 11!)

ORM based search Data Import Handler (no more cfquery) Other misc things… (more languages for

example)

Demos

Custom Fields demo ORM Search demo

Java Integration

Ability to load Java libraries JavaLoader RIP

Java access to CFC files: CFCProxy myCFC = new CFCProxy(cfcPath,

true);

Demo

/demos/java

REST

RESTful web services are built to work best on the Web. Representational State Transfer (REST) is an architectural style that specifies constraints, such as the uniform interface, that if applied to a web service induce desirable properties, such as performance, scalability, and modifiability, that enable services to work best on the Web. In the REST architectural style, data and functionality are considered resources and are accessed using Uniform Resource Identifiers (URIs), typically links on the Web. The resources are acted upon by using a set of simple, well-defined operations. The REST architectural style constrains an architecture to a client/server architecture and is designed to use a stateless communication protocol, typically HTTP. In the REST architecture style, clients and servers exchange representations of resources by using a standardized interface and protocol.

From: http://download.oracle.com/javaee/6/tutorial/doc/gijqy.html

REST

Who cares what it is – we make it easy! (Btw – I'm kidding. Mostly.)

Extensions to component, function, argument, application.cfc, and the Admin

Demos

/demos/rest

HTML5

CFMAP CFMEDIAPLAYER cfinput won't barf on new items (like

type=range)

Demos

/demos/cfmap /demos/testinput.cfm Oh and the video one too…

Web Sockets

Bidirectional communication One client to all the rest

Server to all clients

Front end support via <cfwebsocket> Back end support for defining listeners

Demo

Charting

All new charting engine Styles are JSON objects Deeper configuration via JSON Lots of new features

Demo

And more…

What next?

You downloaded it already, right? I mean, it's a virtual presentation, you don’t have to pretend to pay attention, so I know you downloaded the bits while I spoke along with doing some mining in World of Warcraft and a bit of client work. Get to it!

Lots of blog entries: www.coldfusionbloggers.org

Questions?