Fun with strings and hashes in ColdFusion

At work we do a bit of web development using ColdFusion and earlier this week I got stumped by a problem which I thought I would share.  We are currently working on a RESTful API which requires an API signature similar to how flickr does. When it came to writing my unit tests I created a signature grabbing a private key out of the database to test against. I ran the test and BAM! it failed, now this was half expected it was the first time I’d run the test. So it turned out that the code was syntactically fine, then I thought  maybe I had made a mistake in the process of creating a signature.

With that ins mind the next step I took was comparing the raw pre-hashed version of both signatures, to my surprise I found that the test passed.  This was beginning to not make sense, it wasn’t until I altered the test to fail that I saw what the issue was: when I retrieved the key from the database all of the characters were uppercase however when coldfusion retrieved the key all of the characters were lower case. After updating the test to use a lower case version of the key it passed successfully.

So it turns out that ColdFusion is not case sensitive when it does string comparisons, but the hash function does care what case the characters are, as you can lead to a frustrating situation.  Now I’m not expecting you to take my word for it so I have quickly coded up some example code showing the issue.

<cfset original = "secret-key" />
<cfset upperCase = "SECRET-KEY" />
<cfset match = "secret-key" />
<cfset random = "5q2up0awet530" />

<cfset originalHash = Hash(original) />
<cfset upperCaseHash = Hash(upperCase) />
<cfset matchHash = Hash(match) />
<cfset randomHash = Hash(random) />

<cfoutput>
	<h1>String Matching</h1>
	<table border="1" style="width: 30%">
		<tr><th></th><th>Upper case</th><th>Match</th><th>Random</th></tr>
		<tr>
			<th style="text-align: left">Original</th>
			<td style="text-align: center">#original eq upperCase#</td>
			<td style="text-align: center">#original eq match#</td>
			<td style="text-align: center">#original eq random#</td>
		</tr>
	</table>

	<h1>Hash Matching</h1>
	<table border="1" style="width: 30%">
		<tr><th></th><th>Upper case</th><th>Match</th><th>Random</th></tr>
		<tr>
			<th style="text-align: left">Original</th>
			<td style="text-align: center">#originalHash eq upperCaseHash#</td>
			<td style="text-align: center">#originalHash eq matchHash#</td>
			<td style="text-align: center">#originalHash eq randomHash#</td>
		</tr>
	</table>
</cfoutput>

When you run the code this is the output you should get.

As I found the hard way when ColdFusion says two strings are the same it may not necessarily be true.

Tags: ColdFusion, Programming, Work
Category: Programming  |  Comment

theCloud Blog

So it would seem that I might be starting to go a little theme happy. Not one week after releasing the new theme to my own blog I’ve tried my hand at another theme. At work we are gearing up for the release of theCloud our hosted services platform and I had the pleasure of designing the blog theme that we are using for theCloud blog which was launched yesterday there over the next little while you will be able to find posts related to hosted services, cloud computing and other related topics. I’m hopefully going to try and squeeze in some posts about customising the software we have available through coding.

Tags: Blog, LayerX, Programming, theCloud, theme, Work, worpress
Category: Programming, Projects, Work  |  Comment

Update

Well it would appear that I’m not dead yet and rumors to that effect may be slightly exaggerated. The main reason I have not been posting lately is because I’ve been in a bit of a funk where I haven’t had the motivation to work on any of my personal projects. With nothing new to show off I have had no real reason to make a post.

What is different with today you might ask? Well not a lot in relation to the lack of motivation to work, however enough semi-interesting – and one important – things have happened which together warrant me writing something.  Yesterday I finally upgraded to WordPress 2.8 any issues the site might be having will probably have been caused by the upgrade.  Last week I brought a HTC Magic (which runs Google’s android phone OS) I plan to do a post in the next couple of days about how the phone is working out for me so far.

Most importantly, a month ago I quit my job (that was the required notice I had to give) because I was approached with an offer I felt that it would be foolish of me to refuse.  Today was my first day at my new job working for LayerX, a small software company based here is Hamilton.  Like my last job I’m a software developer and I am looking forward to the oppurtunities that this new position has.  Due to this happening I finally got around to updating the about page, it still is not anything fantastic but at least it is up to date.

Tags: LayerX, The site, upgrade, wordpress, Work
Category: Me, The site  |  2 Comments