A thread on House of Fusion’s CF-Talk about Regular Expressions consumed me for a few hours yesterday. Someone asked an innocent question about creating a pattern to ensure that a string of characters between 6 and 12 characters in length would contain at least one number. He didn’t specify, but I assumed this was for a password field.

I ended up with at least 5 versions of my final solution that I was sure were right – until I tested them. Sometimes I didn’t even test them correctly and posted an invalid pattern to the list. I finally went to one of my favorite sites, Regular-Expressions.info and had to re-read the lookahead section a few times. Then after a few false starts I was finally able to develop something that works.

This will ensure that a password has only alphanumeric characters and no whitespace.

^(?=.*[A-Za-z])(?=.*[0-9])(?!.*[^A-Za-z0-9])(?!.*\s).{6,12}$

This pattern will allow any non-whitespace character passwords

^(?=.*[A-Za-z])(?=.*[0-9])(?!.*\s).{6,12}$

If you want to get really crazy, you can start enforcing strong passwords where at least one character must be lower case alpha and one must be upper case.

^(?=.*[A-Za-z])(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?!.*[^A-Za-z0-9])(?!.*\s).{6,12}$

I’ve had a few people contact me in the last two weeks about problems starting up their JBoss-ColdFusion installation because of errors with Apache Commons Logging. This, unfortunately, is a common problem and it’s not an easy 1-2-3 fix. The problem arises when a third-party library or application is loaded that uses a newer version of commons logging than ColdFusion does.

In Java application servers, there’s an order in which applications are deployed. In JBoss, the default is alphabetical order inside the server directory. Let’s assume you have an app called BaseballStats stored in baseball.war. Then another application, such as the JMX Console that comes with JBoss, is in jmx-console.war.

The baseball.war application is deployed first with the commons-logging.jar file in ColdFusion’s classpath (WEB-INF\cfusion\lib) which is version 1.0.2, I believe. Then the jmx-console application tries to deploy and it needs version 1.0.7 located in jboss\server\default\deploy\lib.

This type of situation leads to CLASSPATH exceptions such as –

• org.apache.commons.logging.LogConfigurationException: java.lang.ClassCastException
• You have more than one version of ‘org.apache.commons.logging.Log’ visible

What you need to do in situations like this is ensure that ColdFusion loads the latest version of the Apache Commons Logging library available to it before it attemtps to load the one with which it shipped. You designate this in your web.xml file. Search for the text cf.class.path in this file and ensure that the location of the latest Commons Logging library is the first entry in the classpath.

For example, if you need to use the one shipped with your version of JBoss, an sample entry would look like this. I added the path to the JBoss lib directory before the references to the ColdFusion lib directory. This ensures that it will look at JBoss first to find a library before it looks in its own collection.

<-- Comma-delimited list of classpath locations relative to app root  -->
<context-param id="macromedia_context_88">
	<param-name>cf.class.path</param-name>
	<param-value>
		../../lib,
		./WEB-INF/cfusion/lib/updates,
		./WEB-INF/cfusion/lib,
		./WEB-INF/cfusion/gateway/lib.,
		./WEB-INF/cfform/jars
	</param-value>
</context-param>

I got an XBox 360 a while back and haven’t had a single complaint about it. I tried to convince one of my buddies to succumb to peer pressure and buy a 360 along with the rest of the gang, but he insisted he wanted to wait for the PS3. I read all the hype leading up to the PS3 release: how it was going to change the world, total immersive experiences, eliminate traffic jams and smog, make my toast for me.

Now, after reading some reviews from people who have played it heavily since it came out, I’m glad I went with the 360 and have been able to play great games for the past year instead of waiting for a, reportedly ho-hum system.

The New York Times has a typical review of the one’s I’ve been seeing.

I’ve one word for you, just one word… frames.

Amazing how simple it is to completely bust the CFLOCK tag. First, you create a simple page that has frames and loads another page into each frame.

<html>
<head>
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="expires" content="tue, 04 jan 2000 1:00:00 gmt">
	<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">
</head>
<frameset rows="1" cols="*,*">
	<frame src="thread.cfm?id=1">
	<frame src="thread.cfm?id=2">
</frameset>
</html>

Now for the code that is supposed to lock in the first frame, then release and then get picked up subsequently by the second frame.

<cfoutput>
<html>
<head>
	<meta http-equiv="pragma" content="no-cache">
	<meta http-equiv="expires" content="tue, 04 jan 2000 1:00:00 gmt">
	<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">
</head>
<body>
	<cflock name="globallockthatbreaks" type="exclusive" timeout="10" throwontimeout="true">
		#id#: got lock @ #timeformat(now(), "hh:mm:ss")#-#gettickcount()#<p>

		
		<cflock name="globallockthatbreaks" type="exclusive" timeout="10" throwontimeout="true"/>

		 
		<cflock name="stall_out_#id#" throwontimeout="yes" timeout="1" type="readonly">
			<cftry><cflock name="stall_out_#id#" throwontimeout="no" timeout="2" type="exclusive" /><cfcatch/></cftry>
		</cflock>

		#id#: give up lock @ #timeformat(now(), "hh:mm:ss")#<p>
	</cflock>
</body>
</html>
</cfoutput>

If you run this simple code, you’ll see that the lock is not honored and the threads in each frame are run simultaneously.

Sean Tierney is one of those people who actually took the time to read one of those ubiquitous medical privacy forms that are shoved in our faces everywhere we go these days. Lo and behold, he discovered a clause in the form that’s basically just another middle finger to American citizens’ privacy.

Read his article to see exactly how HIPAA wrote the policy so that they could thumb their noses at privacy any time they want to.