I just received notice that my proposal for MXEurope 2005 has been accepted. I’ll be speaking on creating e-mail agents in ColdFusion MX to assist with customer support. MXEurope is in London from January 31 through Februrary 2 next year.

Read more about my topic, CFMX E-Mail Agents.

Read more about MXEurope 2005.

This will also be my first time attending MXEurope so I’m really excited for the opportunity.

Both Chafic and I are speaking at CFUN-04 this year. One thing they’re doing new to provide more information about the conference is interviews with all the speakers. My interview is now available online.

Read my interview about integrating ColdFusion with Microsoft Office.

Last year was my first time at CFUN and I thought it was a great conference with lots of topics covering all skill levels in a variety of CF-related areas. If you’re in the DC-metro area or are just looking for a great CF-specific conference, I highly suggest it. This year it’s June 26 & 27 in Rockville, MD. Read more about the conference.

FYI: If you’re coming from out of town, the conference is at the DoubleTree which is fairly expensive. There’s a Ramada Inn across the street.

Sapien released a new build of our favorite IDE over the weekend, PrimalScript 3.1.437. This minor update adds PrimalSense (aka Tag-Insight or Intellisense) to createObject calls to list all installed COM ProgID’s. This is a pretty nifty feature if you work with COM in ColdFusion.

PrimalScript users can download the latest software by using the Help: Check for Updates… command inside PrimalScript.

We’re working on an XML import routine and needed to first validate the incoming documents against an XML Schema. Since I wasn’t able to find a working example on the web I pieced together this UDF from the many posts on the subject.

xmlPath

A URI to the XML file to be validated. Required.

noNamespaceXsdUri

A URI to the XML Schema file to validate content that is not namespace qualified. Optional.

namespaceXsdUri

A list of whitespace delimited namespaces and XSD URI pairs to provide schemas for validating namespace qualified content. Optional.

parseError

An empty structure that is populated with details about the validation error, if any. This argument can be ommitted if all you want is the boolean result.

The URI parameters must be valid URLs and not OS file names. To facilitate this I’m also including a UDF, makeUriFromPath, that convers a fully-qualified OS file name to a true URI.

To use this UDF you must have the Xerces parser installed which can be downloaded here.

This UDF was put together primarily from information in Rob Rohan’s post on this cf-talk thread and from Massimo Foti’s UDF to validate an XML file against a DTD.

I’ll submit both of the above to cflib shortly.

There was some discussion today on CF-Talk about using CGI variables to secure an application and some confusion as to which CGI variables can be spoofed and if some are safe. Particularly there’s interest in blocking out specific IP addresses from accessing a web-application.

After some testing, I confirmed that even REMOTE_ADDR, the client’s IP address, and REMOTE_HOST, the client’s host name, can be spoofed very easily. ColdFusion can do this with the CFHTTP and CFHTTPPARAM tags and I’m sure other tools are available.

These spoofs worked with JRun’s built-in web server and through IIS. I’ve also spoofed REMOTE_HOST previously with an iPlanet installation to demonstrate poor security in a client’s application.

So if you’re thinking about using CGI variables to secure a site, you need to think again. If you need to secure by IP address, then do it at the router and not in application code.