How I created a back-end XML service from BlogCFC

Bruce Phillips asked me about the code I used to generate the XML that feeds Surfing Stats. I wanted to look it over before I released it, thinking I would clean it up some. Plus, there was an annoying order bug I wanted to fix. I've fixed it now and am ready for others to use the code as they see fit.

How It Works

When a request comes in, statsexport.cfm looks for a value in the url scope called dataset which then is evaluated inside a large switch statement. If the passed value matches a case, then one or more queries are run. If not, the default case runs and an empty query is generated. The Blog Totals dataset actually runs a number of queries and uses the fancy Query functions in ColdFusion (QueryNew, QuerySetCell etc) to create and populate a query. (I used the queries that were in the stats.cfm page so there should be no difference between the table structure of your blog and mine.)

At the very bottom of the page we:

  1. reset the content (XML hates stray whitespace)
  2. convert the query to XML using queryToXML by Nathan Dintenfass
  3. set the content type to text/xml
  4. return the response to the client
  5. view plain print about
    1<cfcontent reset="true" type="text/xml"><cfoutput>#queryToXML(theQuery)#</cfoutput>

    You can download the file using the download link at the end of this post. I've also included it in the latest SurfingStats zip file located at the download link at the bottom of the Intro to Surfing Stats post. If you make something interesting with this file, let me know.

    Download Download

What does the New Kids on the Block have to do with 360|Flex?

I've interviewed John Wilker, who along with Tom Ortega, founded 360Conferences. John is an interesting guy who came up through the ranks as a ColdFusion programmer and later moved over to also developing Flex applications. Not mentioned in the interview, John has taken a co-host spot alongside Jeffry Houser on the Flex Show podcast. Be sure and tune in regularly.

360|Flex Atlanta is February 25-27, 2008. I went to the first ever 360|Flex conference in San Jose. It was a really Good Conference

Not academic nor dry, 360|Flex is alive, unpretentious and exciting! I learned more in some 1 hour sessions than I did in a week of pouring over Flex documentation. The food was always good. The conference was packed with lots of interesting people. You should get your ticket before they are all gone.

So you wanna build a Flex application - Part 6 - Tables Bar Charts and Pie Charts

To date, in our series on Surfing Stats, we have covered the intent, directory structure, data sets, main application file, ChartToggle component, states, implicit getters/setters, navigational elements and ViewStacks. (download the code using the download link at the bottom of the the Intro to Surfing Stats post). In this series, we'll discuss the 3 display components, TableView, BarChart and PieChart.

[More]

Flex 3 Release World Tour Hit Raleigh/Durham

Last night, Ben Forta came to Cary, North Carolina to showcase the soon to be released Flex 3 and AIR products from Adobe.

Flex Builder 3 is a compelling upgrade for the product. The IDE offering has actually gone down in price even while adding nice new features like Improved Designer/Developer workflow, a memory profiler, advanced components, and support for the AIR platform.

For more complete information on Flex 3 Features see the labs.adobe.com page.

Also soon to be released is the long awaited Abode Integrated Runtime product. AIR, as it is known for short, offers a cross-operating system runtime that allows developers to leverage their existing web development skills (Flash, Flex, HTML, JavaScript, Ajax) to build and deploy rich Internet applications (RIAs) to the desktop.

This means your application can now access the local file system, accept drag and drop assets from the desktop, run outside of the browser and actually run completely offline. The product even contains the SQLite database to help handle offline data.

Many people have not fully grasped one of the most interesting features of AIR. You can write a desktop application using the AIR platform, HTML and Javascript. This will level the playing field by allowing existing web developers and designers to use their current skilling to create functionally relevant desktop applications.

Honors of the night go to the Anthropologie demonstration. The premise of the application is to show how the Anthropologie catalog of apparel can be displayed in an offline mode. The user can search for an article of clothing based on standardized parameters. The user can also drag an image onto the application and use a color dropper to select a color and use that color as search criteria using very intuitive workflow. When Ben actually drug a picture onto the application, selected a color and the search results automatically filtered, the collective breath left the room. See for yourself at this video of the Anthropologie Catalog AIR application.

 

Are you prepared for the upcoming RIA arms race? It promises to be interesting!

Note: I've been keeping up to date with the blog chatter on the meeting. A local TV station even interviewed Ben Forta! See my article on ria.dzone.com for more content./p>

3674 Views Print Print Comments (1) Flex, AIR

So you wanna build a Flex application - Part 5 - States - ViewStacks and Getters

To date, in our series on Surfing Stats, we have covered the intent, directory structure, data sets and the main application file. (download the code using the download link at the bottom of the the Intro to Surfing Stats post). Now we examine ChartToggle.mxml.

[More]

So you wanna build a Flex application - Part 4 - The Layout

To date, in our series on Surfing Stats, we have covered the intent, directory structure, data sets and the main application file. (download the code using the download link at the bottom of the the Intro to Surfing Stats post). Now we will look more in depth at our main application file and examine the layout.

[More]

So you wanna build a Flex application - Part 3 - The Datasets

To date, in our series on Surfing Stats, we have covered the intent, directory structure and the main application file. (download the code using the download link at the bottom of the the Intro to Surfing Stats post). Now we will look at the datasets.

[More]

ColdFusion style List Functions In ActionScript

Shannon Hicks just released an ActionScript library that makes working with delimited lists in ActionScript as easy as working with delimited lists in ColdFusion.

Now you can operate on delimited data with such familiar and handy functions as:

  • listAppend
  • listContains
  • listFirst
  • listLast
  • listLen
  • listToArray
  • and More!

Thanks Shannon!

4142 Views Print Print Comments (1) Flex, AIR

Flash Security with Off-Root CrossDomain.xml files

Bruce Phillips (You should check out his interesting Flex posts) let me know that my Surfing Stats data didn't load when the swf was located off my http://www.nodans.com domain. I want others to take the code and do with it as they please so I need to make the data available across domains. This is done through the use of a crossdomain.xml file. The file I used looks like this:

view plain print about
1<?xml version="1.0"?>
2<cross-domain-policy>
3 <allow-access-from domain="*" />
4</cross-domain-policy>

This is a very promiscuous file. It allows anyone anywhere to load any data in the containing directory and all subdirectories. Such a promiscuous file also opens up security vectors. In the words of Lucas Adamski on DevNet:

As an example, a user is logged in to an e-commerce site that uses cookies for authentication. On the site is a user account settings page where you can see information such as your mailing address and other personally identifiable information. If this site has an overly permissive cross-domain policy file like *, a SWF file that is hosted on another domain could silently load the account settings data and send it elsewhere. This is because the browser appends the cookies for the e-commerce site to the request from Flash Player.

By default, the SWF looks for the crossdomain.xml file in the root of the website but with a little code, you can put it anywhere you please. I used this command to tell the SWF where to find the crossdomain.xml file:

view plain print about
1Security.loadPolicyFile("http://www.nodans.com/custom/surfingstats/crossdomain.xml");

Now, only the directory containing SurfingStats is enabled, reducing the surface area of attack. If you want to read more on the security issues with crossdomain.xml files, check out these links:
Poking new holes with Flash Crossdomain Policy Files
Cross-domain policy file usage recommendations for Flash Player
The Dangers of Cross-Domain Ajax with Flash

So you wanna build a Flex application - Part 2- Main Application File

In our series on Surfing Stats, we have covered the intent and the directory structure. (download the code using the download link at the bottom of the Intro to Surfing Stats post) We will now cover the main application file. It is important to note Surfing Stats does not use a framework. Frameworks are powerful code organization tools that contribute to rapid development and maintainability. Since the goal of Surfing Stats is to teach development of a simple application in 4 hours, I made the decision to avoid discussing or implementing any framework. After all, if you do not have the skills to build an application without using a framework, you probably do not have any business using a framework to build an application.

[More]