0

I'm attempting to run ColdFusion Builder 2016's built-in Security Analyzer. It's not working.

Here's my setup

I installed ColdFusion Builder 2016 along with ColdFusion Server 2016, by using the CF Builder installer on Windows 10. I have a valid registration serial for Builder, so this is not a demo version.

I set up ColdFusion 2016 as a Windows service so that it starts up with Windows on my dev machine, and I connected it to the locally running IIS web server. I added a second registration for a ColdFusion server in my CF Builder servers panel so that I could manage the Windows service from Builder. Both of the servers (one marked as a Windows service, one not) show as running in Builder's "CF Servers" panel.

I've run the Security Analyzer before, and had no errors with it. I don't know why it doesn't work today.

Duplicating the error

When I right-click on my project, a directory, or a file, then navigate to Security Analyzer, and try to run the security analyzer, I receive this message in an alert window:

Server error: Security Code Analyzer is not available in this edition of the ColdFusion Server.

Here's what I've tried

I edited my project properties to choose the service, then to choose the non-service. Both of them produced the same error.

I noticed that CF Builder's server registrations did not have "2016" as the version number. One was blank, the other was set to "11". I changed them both to 2016 and restarted CF Builder. I switched my project to each server, back and forth, with a combination of restarting Eclipse between tests. Same error.

I also tried changing the server's port from 8600 to 80 for the Windows service, but that resulted in an expected 404 error.

I restarted my local ColdFusion server and retried the above items. Same error.

Thought

At first I thought this might be that CF Builder thinks this is a server version error. At this point, I'm wondering if the Security Analyzer does not run on the development CF Server, even though I've had it running locally before. I can't connect it to any other CF2016 servers because we have a very, very large installation of CF11 enterprise servers, and have not begun to make a server infrastructure move to CF2016 yet.

Nathan Strutz
  • 8,095
  • 1
  • 37
  • 48
  • How long ago did you install CF Server? Is it possible the Enterprise trial period just ended and it reverted to Developer Edition? I think the security analyzer only runs on an Enterprise license. – Carl Von Stetten Oct 28 '16 at 20:55
  • @CarlVonStetten So I need an enterprise server license for my local development server to run the security analyzer? Is that true? It sounds insane. – Nathan Strutz Nov 01 '16 at 18:22
  • Yup. I agree. But I believe the EULA allow you to input your production server license key into your development machine, as long as your development machine complies with the terms of the EULA. – Carl Von Stetten Nov 01 '16 at 19:35
  • @CarlVonStetten You might as well write an answer so I can give you the credit. Thanks. – Nathan Strutz Nov 02 '16 at 13:50

1 Answers1

1

The ColdFusion 2016 Code Securiy Analyzer is only available with an Enterprise edition license. However, the EULA for ColdFusion 2016 appears to allow you to use the same license key from a production server to activate a "development" server, so you should still be able to run the Security Analyzer on your development machine.

Carl Von Stetten
  • 1,149
  • 8
  • 13