Setup your application with setupApplication()

  • 19 Mar 2019
  • Michael Hnat

When you install a new site in Preside you will find a Application.cfc file in your root directory containing a few lines of code:

component extends="preside.system.Bootstrap" {
    super.setupApplication( id = "IdOfYourSite");
}

As you can see the Application.cfc is extending the file /preside/system/Bootstrap.cfc. Let's have a look into this function:

    public void function setupApplication(
          string  id                           = CreateUUId()
        , string  name                         = arguments.id & ExpandPath( "/" )
        , array   statelessUrlPatterns         = [ "^https?://(.*?)/api/.*" ]
        , array   statelessUserAgentPatterns   = [ "CFSCHEDULE", "(bot\b|crawler\b|spider\b|80legs|ia_archiver|voyager|curl|wget|yahoo! slurp|mediapartners-google)" ]
        , boolean sessionManagement
        , any     sessionTimeout               = CreateTimeSpan( 0, 0, 40, 0 )
        , numeric applicationReloadTimeout     = 1200
        , numeric applicationReloadLockTimeout = 0
        , string  scriptProtect                = "none"
        , string  reloadPassword               = "true"
        , boolean showDbSyncScripts            = false
    )  {...}

There are some more parameters you can set for your application. They are self explaining and don't need to be changed in the most cases.

But there's one parameter I'd like to explain: reloadPassword.

Whenever you do a ?fwreinit=true to re-initialize your application (e.g. after a DB update), the password in this setting will be used and validated against.

Is this a security issue? No, it's not. But script kiddies, re-initializing your application every five minutes are annoying.

The recommendation is to change this value to a more secure value that only you know. So if you set reloadPassword="MySuperSecretPassword" you can re-initialize your application with: ?fwreinit=MySuperSecretPassword

You can also set this value to a dynamic value. For example super.setupApplication( reloadPassword=Hour(now())  ) is absolutely valid.

Author

Michael Hnat

Web Application Developer