If you want to enable AES-192 or AES-256 on ColdFusion 7/8/9 Enterprise, you will need to download the "Sun Unlimited Strength Jurisdiction Policy Files". The download can be found at the bottom of this page http://java.sun.com/javase/downloads/index.jsp. Once you download the .zip file, you will extract it to: [java-home]\lib\security. Then restart the ColdFusion services. More information about the update can be found at http://java.sun.com/javase/technologies/security/

If you run across this error: "The key specified is not a valid key for this encryption: Illegal key size", most likely it is because you need to install this security update. What I found was that AES with a 128 bit key worked fine, then with a 192 bit and 256 bit key it did not work. The only thing I could find about it was in ColdFusion 7 document located at http://kb2.adobe.com/cps/546/e546373d.html.

You would think Adobe would make sure this note was in the ColdFusion 8 and ColdFusion 9 documentation under the "Encrypt" function. But things get lost, it happens. And you might wonder why this is not in ColdFusion by default, but this is because of US Export rules not allowing certain types of encryption out of the United States.

Update: Download fixed

Here is a little intro to our (Lance Smith and myself) proposed presentations on error handling for CFUnited and MVCFUG....
Most developers know the importance of having error handling on their site. But, many do not know how extensible error handling can be and the control they have over it with the power and ease of ColdFusion.

Macromedia and now Adobe has been kind enough to provide us these error handling files. ColdFusion uses these files to output the errors to the browser. These files are:
        {CFRoot\wwwroot}\WEB-INF\exception\detail.cfm
        {CFRoot\wwwroot}\WEB-INF\debug\classic.cfm
        {CFRoot\wwwroot}\WEB-INF\exception\exception_en.xml
        {CFRoot\wwwroot}\WEB-INF\exception\gettemplate.cfm
        {CFRoot\wwwroot}\WEB-INF\exception\errorcontext.cfm
My question goes out to all ColdFusion programers, why do we use <CFDump/> or other solutions in our error handling emails? Yes, <CFDump/> provides a lot of information, but have you looked at the size of those emails? All that extra HTML and CSS really adds up quickly. In my case, I am on a corporate Exchange server that only allows for a certain maximum size of my Exchange folders. And when you implement this <CFDump/> mindset into a legacy application that has never had error handling before, what do you get? You get a over capactiy Inbox in a couple days. Or in my case the first time I tried this, I had an over capacity Inbox in under 4 hours. (No wonder the ColdFusion server was unstable.)

So my solution to this problem was to use ColdFusion's classic.cfm and combine it with all of the other default ColdFusion error handling pages into a single template that can easily be copied from application to application or server to server. This template provides all of the error handling output that ColdFusion displays to browser but is ouput to an email. Here is an example of what it outputs:

At the top of the file, I have provide a way to customize the behavior of the error handling code.

Change the Name of the Application.

Users who receive this email.
Who is this email from?
DevUser=0. The template will email the error and display a nice user friendly error message to the enduser. DevUser=1 will output it to the screen.
This code is used to display a nice user friendly error message to the enduser.

For 2009, Liz Frederick at CFUnited is doing a call for topics and speakers, Lance Smith, Mike Harman, and I (Aaron Wolfe) are going to put in some topics we'd like to present at the conference this year.  We will be entering six topics, listed below.  You can vote for one or all of the topics you think would be a good presentation.

“Have a Site that Forgets Users More than the Stock Market Changes? - Cookie/Session Problems Solved” – Aaron Wolfe and Lance Smith
Is your site getting lots of timeouts or are users complaining they are continuously logging in?  Are you ready to learn how sessions, cookies, and different browsers really work in an application?  Look no further.  In this track, we’ll start with the basics of sessions and cookies and go all the way through to more advanced session management techniques.  We’ll demonstrate how to deal with pesky persistence problems, debug those problems, and ultimately prevent unwanted session timeouts.  We’ll also show how session management can make or break an application and detail how to prevent major headaches by using server logs and other tools to your advantage.

“Got an SLA problem? ColdFusion Enterprise’s Load Balancing has the Solution so You Can Get Some Sleep at Night” – Aaron Wolfe and Lance Smith
Tired of emails/phone calls at 3 a.m. on Sunday morning telling you the server is down?  Rest easy, ColdFusion Enterprise’s load balancing, sticky sessions, and session replication features will come to the rescue.  In this session, we’ll show you the advantages and pitfalls of using these features without any expensive network hardware.  We’ll also show you how to properly load balance multiple ColdFusion instances while getting the best performance you possibly can by using web server stress testing tools. If you ever need to admin a ColdFusion server and like your personal life, you won’t want to miss this session!

“Inheriting Legacy Applications – Dealing with That Application from 1999” – Aaron Wolfe, Lance Smith, and Mike Harman
Just about every developer has had to deal with that “10 year old site” that’s been online since the dawn of the Internet (or at least your company’s Internet department).  We’ve all been there.  Many of us deal with legacy applications in our every day job—full of spaghetti code, no code formatting, no cfc’s, bad or no security, or all of the above.  In this session you will learn how to stop wrestling with those old sites and get them under control.  Not all of us have the budget, time, or luxury of building sites from scratch in a fancy new framework, and we’ll provide the knowledge to make old applications better.

“Not Just Another Security Presentation” – Aaron Wolfe, Lance Smith, and Mike Harman
A lot of talk has been going around lately about site security, yet many developers don’t feel they have the time or ability to add the necessary extra security to their sites.  Yet, every day sites fall victim to SQL injection, cross-site scripting and other common and not-so-common hacks and attacks.  With each passing day, hackers find new ways to bring even the biggest and best sites to their knees.  In this session, we’ll cover some simple yet effective methods of using ColdFusion to your advantage to make your site more secure in an increasingly more dangerous Web.

“Handling Errors with Error Handling” – Aaron Wolfe and Lance Smith
Most developers know the importance of having error handling on their site.  But, many do not know how extensible error handling can be and the control they have over it with the power and ease of ColdFusion. In this presentation, we’ll show you how to use Application.cfc and custom error pages to their full potential to handle custom errors, missing pages, and other common site errors without using <CFDump/> that cause massive emails in your Inbox.

“CF User Groups – Worth the Investment” – Lance Smith and Aaron Wolfe
Have you thought about starting a CF user group in your area, but aren’t sure how?  The benefits of managing a user group are numerous.  User groups receive many opportunities single individuals normally don’t, including access to training, materials, software, and reduced conference rates.  While it might seem like too much work for some, it is well worth the effort.  We’ll show you how to go about starting a user group in your area, what is involved once you start a group, and how to attract and keep members. We’ll also cover how to avoid common pitfalls that many failed user groups tend to fall into.

We will post a link to where to vote as soon as it's available.  Remember, the speaker(s) who get the most votes will win something extra special--possibly another free CFUnited ticket.  If you're interested in attending the conference for free this year, be sure and vote for us!

In reference to the Date Loop, this is a perfect example of when using multiple <cfoutput> on a page can actually slow down the processing of page. (Every so slightly.)

Test Case 1: Loop over date for 1200 months or 100 years with one <cfoutput>. The execution time averages ~360ms.

Test Case 2: Loop over date for 1200 months or 100 years with a >cfoutput< for each variable that needs outputed. The execution time averages ~375ms.

Just a reminder, you can loop over a date with <cfloop> as long as you step by the day.

Example:

Output:
June 2008
16 17 18 19 20 21
22 23 24 25 26 27 28
29 30
July 2008
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
August 2008
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
September 2008
1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16