Protected: ColdFusion : Error Handling – Part 2

This content is password protected. To view it please enter your password below:

Share

ColdFusion : Error Handling – Part 1

NOTIFICATION: These examples are provided for educational purposes. Using this code is under your own responsibility and risk. The code is given ‘as is’. I do not take responsibilities of how they are used.

Errors are unforseen. They are a result produced by coding and they are unplanned and/or unanticipated by the developer.
However, we can manage these errors and used them to our advantage.

Errors are handle by the server is the following fashion:

  1. The first level are the system errors.
    System error are generated when some components are not working properly.
    For example, if your application requires access to a database and this database is at a server which is down, then this could generate your application to fail.
  2. The second level are the code level errors. These errors (or exceptions) include logic, syntax and other type of errors that we will see later
  3. The third level of errors are at the application level
  4. The last level of errors are at the server level.

Error Flow Diagram:

Figure 1
Figure 1

As you may notice from the figure 1, we have a classification for all the errors that can be generated:

  1. Logic: These kind of errors are generated from some fault in the design of the code.
    For example, you could have an infinite loop:

    <CFSET counter = 0>
    <CFLOOP CONDITION='counter GTE 10'>
        <CFOUTPUT>
            Counter: #counter# <BR/>
        </CFOUTPUT>
    </CFLOOP>

    This loop will work while the counter is not greater or equal (GTE) to 10.
    The problem is that there is no part of this code that increases the counter.
    Since the variable counter is always 0, the loop is considerate infinite and can affect the server

  2. Syntax: These errors are related with misspelling, invalid data types, invalid parameters, and everything related with the language syntax. This kind of errors are caught on the application server and server level.
    For example:

    <CFOUTPUT QUERY='yourQuery'>
        <CFOUTPUT>Count of Records: #yourQuery.recordCount# <BR/></CFOUTPUT>
        <CFOUTPUT>#yourQuery.nonExistentField# <BR/></CFOUTPUT>
    </CFOUTPUT>

    The second like is going to work; however, the third line is asking for a field that doesn’t exist in myQuery structure.
    Another Example:

    <CFOUTPUT QUERY='yourQuery'>
        <CFOUTPUT>Count of Records: #yourQuery.recordCount# <BR/><CFOUTPUT>
    <CFOUTPUT>

    Here you are forgetting to close both CFOUTPUTs.

  3. Runtime: These are unforseen conditions such as data type mismatches, out of scope issues, server-side form validation errors, etc.
    For example:

    <CFPARAM NAME='user_age' default='My name is Alejandro'>
    <CFPARAM NAME='legal_driving_age' default=21>
    <CFIF Int(user_age) GT legal_driving_age>
        <CFOUTPUT>This user can apply for a regular driving licence</CFOUTPUT>
    <CFELSE>
        <CFOUTPUT>This user cannot apply for a regular driving licence.</CFOUTPUT>
    </CFIF>

    This example fail on: <CFIF Int(user_age) GT legal_driving_age>
    Because user_age is a string without numbers while the function Int() is expecting a string with number.
    Since Int() cannot convert the string, a runtime error will be generated.

    There are three way to caught these exceptions which we would see later:

    1. Via code-level
    2. Via application-level
    3. Via server-level
  4. Validation: We can see validation errors as of the runtime errors that we are going to have to deal with.
    This kind of erros happens when Coldfusion server-side form catches a problem with the submitted data.
    Example:

    <FORM ACTION='process.cfm' METHOD='POST'>
        <INPUT TYPE='text' NAME='age_integer' value='only text, no integers here'>
        <INPUT TYPE='submit' value='Submit' />
    </FORM>

    You may ask: where is the error here?
    Well, in coldfusion we can do integer validation of the input by adding “_integer” to the name of the input field.
    In this case, “age_integer” means that we have a input name “age” which should be validated for integers.
    Since the value is “only text, no integers here” which is pure string, this will fail the validation. 
    For more information you can go to the following link:
    http://www.co.multnomah.or.us/cfdocs/
    Developing_ColdFusion_MX_Applications_with_CFML/
    formatData8.html#1135213

    Lets clarify that these kind of errors can only be caught via error handlers at the aplication-level.

  5. System: Errors related with the system are always about inaccessible databases, unavailable resources, incorrect or invalidly configured servers, and file system errors such as lack of permissions.
    For example:

    <CFINCLUDE TEMPLATE='non_existent_file.cfm'>

    These errors can be caught:

    1. Via code-level handlers
    2. Via applicatoin-level handlers
    3. Via server-level handlers
  6.  Request: These errors occurs when the client request for invalid resources not available from the server side.
    Example:Such errors can be caught via server-wide error handlers.
Share

Introduction to Network Security – Part 3

NOTIFICATION: These examples are provided for educational purposes. The use of this code and/or information is under your own responsibility and risk. The information and/or code is given ‘as is’. I do not take responsibilities of how they are used.

Socket Programming

In networks applications, communications are almost always done using a client-server model.

A client will perform request for a service to the server, and receive a service from the server (which should be usually on). The only thing that the client needs to know is the address of the server and which port to use. Once the connection between the client and the server is establish, then the client and the server can send and receive information back and forwards. Eg. FTP client to a FTP server

The client usually should communicate with only one server at a time; however, there are exceptions such as the web browser. In today web browsers, a web browsers could connect to different servers in order to download all the elements of a page faster. A page could indicate that the images are from one server, while the flash animation is coming from a different server.

In order to a client and a server to communicate they must use sockets in order to send and receive messages from each other. A socket is used by a sending process to send a message to the transport infrastructure which deliver the message to a receiving process which also is using a socket to receive the message.

The first step for a process that is receiving a message is to have an identifier. This identifier must include the IP address and a port number. The port number must be associated with the process. The port number is a 16-bit number used to identify the application process. Notice that an IP address do not identify a process but the port does, so you can have more than one process running at the host which means different ports can be used at the same time with the same IP address.

IP Address

Right now, October 27 of 2010, there are two Internet Protocols (IP) available: IPv4 and IPv6.

  1. IPv4 (IP version 4) is a 32-bit binary number represented by using 4 decimal values, separated by periods, in dotted decimal notation. Each decimal value is an octed (8-bits) which range between 0 to 255. Example: 192.168.1.101  would be 11000000.10101000.00000001.01100101.
    1. 192 → 11000000
    2. 168 → 10101000
    3. 1      → 00000001
    4. 101 → 01100101
  2. IPv6 (IP version 6) is designed to succeed IPv4 (IP version 4). Instead of a 32-bit binary number, IPv6 use 128-bits. This means that the use of Notation Address Translation (NAT) is not needed as in IPv4. Network security such as IPSec (http://en.wikipedia.org/wiki/IPsec) which allow to authenticate and encrypt IP packages have being incorporated.

Ports

As explained previously a port is a 16-bit identifier number which identify the type of application process, this means that there are a total number of 65535 ports number available. For more information you can go to the Internet Assigned Numbers Authority (IANA) <http://www.iana.org> . This institution is in charge of the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.

  1. Ports from 0 to 1023 are called well-known ports.
    1. Examples of reserved ports: HTTP (Port 80), FTP (Port 21), Telnet (Port 23), STMP (Port 25), etc.
  2. Ports from 1024 through 49151 are called reserved ports.
  3. Ports from 49152 to 65535 are called Dynamic ports, Private ports, or Ephemeral ports.
  4. For more information you can go to <http://www.iana.org/assignments/port-numbers>

TCP Socket on Client Side.

  1. Create a socket to create an endpoint for communication.
    1. (In Linux) ANSI C:
      int socket(int domain, int type, int protocol);
    2. For more information: <http://linux.die.net/man/7/sockets>
  2. Specify the server’s IP address and port to connect
  3. Establish a connection initiate a connection on a socket with the server.
    1. (In Linux) ANSI C:
      int connect(int sockfd, const struct sockaddr *addr,  socklen_t addrlen);
    2. For more information: <http://linux.die.net/man/2/connect>
  4. Send data to the server and receive data from the server
  5. Close the connection
Here is an example of a client/server program using ANSI C in Linux: <http://www.acarlstein.com/?p=891>
TCP Socket on Server Side
  1. Create a socket to create an endpoint for communication.
    1. (In Linux) ANSI C:
      int socket(int domain, int type, int protocol);
    2. For more information: <http://linux.die.net/man/7/sockets>
  2. Bind the socket with an address to specify the server’s IP address and port.
    1. (In Linux) ANSI C:
      int bind(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
    2. For more Information: <http://linux.die.net/man/2/bind>
  3. Listen form incoming connections.
    1. (In Linux) ANSI C:
      int listen(int sockfd, int backlog);
    2. For more information: <http://linux.die.net/man/2/listen>
  4. Accept the connection with the client.
    1. (In Linux) ANSI C:
      int accept(int sockfd, struct sockaddr *addr, socklen_t *addrlen);
    2. For more information: <http://linux.die.net/man/2/accept>
  5. Send data to the server and receive data from the server
  6. Close the connection

Here is an example of a client/server program using ANSI C in Linux: <http://www.acarlstein.com/?p=891>

Share