Payments were getting processed but the results
confirmation didn't work. This is on Coldfusion 8.
That was exactly the problem, on CF 9 also.
the certificate needed is the Verisign G5 certificate
In my case, the certificate I got from the Paypal site was a Symantec
certificate.
That is
you need to import the certificate to the java
cacerts as a trusted certificate to by-pass the security matching.
That was the trick. I imported the Paypal certificate and now it works.
Thanks a lot.
~|
Order the Adobe
Hi,
I have an application under CF 9 with a paiment module using Paypal.
At the end of the process, Paypal acknowledges the paiement and my app calls a
Paypal page to validate the whole operation. This is done with a CFHTTP call
This application has been working fine for years with no
Hi,
I have an application under CF 9 with a paiment module using Paypal.
At the end of the process, Paypal acknowledges the paiement and my app calls a
Paypal page to validate the whole operation. This is done with a CFHTTP call
This application has been working fine for years with no
Yes, but apparently it was down for several hours.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
Could be PayPal updated their SSL
It must be the problem, because I have other paiement services and they have no
problem.
I'm trying your suggestion, thanks.
~|
Order the Adobe Coldfusion Anthology now!
Is this list working?
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
I am looking to consult with that person off-list
Please don't do it off-list, several of us could be interrested.
I developped a client side javascript error trackink tool and it helped me a
lot to debug my scripts, but I get many errors happening in foreign JS scripts.
I fixed my program to
BTW, I have invites to anyone who wants to try Google Inbox. Yes, you too
can have the opportunity to reply to seven year old threads.
This one also is at least 7 years old ;-)
Any one can get a Gmail address, no invite is necessary ;-)
Hi,
I'm running some tests on tag cffileupload.
Some labels, like Add Files, Clear All... can be supplied in different
language in attributes, but some others, like File Name, Size (KB), ...
cannot.
Has someone find a way to completely localize the tag?
Thanks.
There's no reason that content can't be injected at
serve time.
In this case, there would be a difference in the files delivered to the visitor.
IMO the hack is in the browser, not on the server.
~|
Order the Adobe Coldfusion
but why would it just appear on a login page for the cfadmin?
Who knows what may happen or not happen in some hacker's mind ? ;-)
Perhaps it looks for specific form field names
... especially input fields of type PASSWORD!
The hacker may be more interested in getting access to the CF
One is that, while it doesn't show
up in the view source for a given page, a JS library referenced in the
page has been compromised to rewrite page content.
Of course, this is quite possible in theory, however it would imply that the
hacker has already hacked the server, and one could ask what
Like querying malicious data and using it in another
cfquery without cfqueryparam.
As an extra safety feature, if your application does not use multiSQL
statements at all, and depending on the type of database engine used, you could
also streatly deactivate the multi statement facility.
If
I eventually found that browsers were losing the CFID/CFTOKEN values and as
a result could not locate the session variables
Actually, browsers are not losing cookies and do not locate session variables.
Session variables are managed by ColdFusion.
IMO the problem is that when CF receives TWO
I downloaded the flash installer, then ran the installer, and it went
right ahead and installed two items - the flash player and then without
pause the McAfee crap.
I confirm, I executed directy the installer and I had no opportunity to uncheck
McAfee.
Only after it failed, BECAUSE OF
Hi, I'm having a problem with a scheduled task that chokes my server.
Its role is to analyse bounced messages.
I have been able to identify where it blocks, when analysing a line like this
one with the regex below:
Message-id: 26823262.22036.1411993378646.JavaMail.NS4007563$@127.0.0.1
CFSET
Might be able to get this using Java.
Thanks, I'll dig into this.
I thought that my server chokes because of lack of memory, but I finally found
that it was because of an infinite time taken in a regExp analysis.
I just dropped a post about this.
however try plugging it in here:
It gives me the same result:
Timout for PHP and Python (after about 3 sec)
and a result in Javascript in about 4 sec, because it happens in my computer
and there is no time out.
It looks like the problem is really in the regEx itself.
I'll try to get another
None of them need regular restarts anymore.
If you do need restart, it could be because you have a problem in your code.
I have a task scheduled every 2 hours, it scans mail rebounces with regular
expressions
and who knows why, after one year with no problem, I recently got a certain
string
Hi,
Would any one know some trick to get the amount of memory occupied by a
structure like query, etc.?
Thanks
~|
Order the Adobe Coldfusion Anthology now!
I wonder why browsers caching Javascript and CSS files at least do not check if
the date of the file on the server is still the same as the one in their cache.
Since I implemented a Javascript errors log, I catch many errors showing that
the old file in the cache was used days after the error
Try CF Static (http://cfstatic.riaforge.org/), it appends a unique string
to the end of the file requests,
Ok, good technique.
But instead of downloading 262 files, I developped this simple CF_script custom
tag:
CFSETTING ENABLECFOUTPUTONLY=Yes
CFSET scriptFile = expandPath(attributes.src)
The easiest way is to simply expire the page using cfheader.
The problem with this technique is that you will force a reload even if the
file was not changed.
~|
Order the Adobe Coldfusion Anthology now!
I notice that your site is reachable both through www.whitevalegolfclub.com and
whitevalegolfclub.com.
I had the same problem with one of my sites.
It looks like two different cookies are created, one for
www.whitevalegolfclub.com and the otheone for whitevalegolfclub.com
and this this goofs
close up shop and move to a cabin in Montana
That's the best suggestion I got on that matter ;-)
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
There's nothing magically sacrosanct in HTTP or HTML to prevent
this sort of thing.
You're right, but as a developper, I have to modify my code every day, because
every day comes up a new version in which something has been cancelled or
disabled, like accessing the clipboard by Javascript, or
If you do find a way to detect all scripts running on a page I would be very
interested in seeing how it works. At least you could then inform the user
that there are unwanted processes running in the browser.
I'm working on that, may be not for all visitors, but at least for
administrators
against your will as it were.
Indeed, so I'm considering adding some tests in my bad bot detector based on
some strings seen in javascript errors.
May be also there is a way to get the list of all scripts in a page, I'll dig
into that.
I think your idea is excellent though - a way to trap
so it becomes a part of the client side page request
against your will as it were.
Yes, but this rises a question:
If my window.onerror can get events from some plugin code, this means that this
code is embeded and is treated as if it belonged to my window.
Thus, it has access to everything in
They don't call it Malware for nothing
Ok, but if a malware does mal to a moron client side, in a pinch, this is not
our problem, but if it can get pass words so easily, it can also do mal to any
server any time.
I just got one tonite that allows itself to define cookies under MY domain!
If
This is not really CF related, but since this list is mainly read by Web
developers, I thought it could be interesting anyway.
First, let me say that my system logs CF executions error in a database with
many details that help a lot to clean my code.
However it does not trap Javascript errors
Multi-recipient email will not generate a bounce or undeliverable message
in CF if the CF spooler can deliver to at least one recipient.
I think the failto address is not used by CF to bounce messages, only to
provide a Return-Path: address in the message header, and the bounce is
generated
Hi,
I'm havin someting weird hapening on mt CF 9 / Windows Web Server 2008 / IIS 7.5
My site is returning an error 404 status when some requested page does'nt
exists.
For instance http://myDomain.com/index.cfm?p=pageid=21 return normaly page 21
which exists,
but
IIS Manager [Site] Error Pages 404 - Uncheck Insert content from static
file in to the error response and/or reconfigure as fits your need.
Ok, I've seen that, but the problem is that I still have to give a URL to be
executed or Respond with 302 redirect.
In fact I just need IIS to do
I finally solved the problem this way:
1. if the page nb. does not exists:
cfheader statuscode=404 statustext=Page not found
CFABORT
2. in IIS I defined a URL to be called in case of error 404, this page displays
a friendly message, then it also has to declare
cfheader statuscode=404
I think you replied to the wrong thread there
Ooops... sorry ;-)
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
More than likely, you are trying to send a true/false value to a
char(1) field.
... or even more likely to a boolean field.
~|
Order the Adobe Coldfusion Anthology now!
CF only transmit what the database driver reports.
Many drivers will report an error, but not which field caused the error, which
is quite frustrating.
Sometimes, one can have more details by copying the SQL statement and execute
it in the database itself.
Got at bit of a weird thing going on in my code...
Pretty hard to tell without seing that code...
If you transfer the query result into a list and if there is one empty column,
you might shift all the values after the empty valu indeed.
maybe he's a bot?
If he is, sure he didn't programed it himself.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
I need one to test true for:
I doubt you can do this with only one test, but using 3 tests is easy:
10 to 20 Characters in length
3 numeric characters in any order
1 special character from basic list ~!@#$%^*()_+
This should do it:
CFSET stringOK = (len(form.text) GTE 20 AND len(form.text)
there are potentially many connections,
like in any database system.
so the fact that it's only one user is irrelevant -
It is, because the principal argument of Access detractor is that it is not
good in a multiuser environment.
you still have concurrency issues.
like with any database
But transfer the data to an actual database
I was expecting this clever answer! ;-)
Access has a bad reputation in a LAN multiuser APPLICATION.
But it is only when the application is also an Access application.
All requests cause many accesses to the disk, both for code and for data, which
CF 10 introduces a updater in the CFAdmin, and an auto update function
God ! ... And it works?
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
I'm attempting to create a dynamic query name inside a Custom Tag.
If you create anything in the scope variables, from inside a custom tag, it
will be created in the custom tag scope only.
You must use the caller scope, ie:
cfquery name=caller.ConvertedFields_#attributes.QueryName#
Sorry, I was too fast reading your message.
If you cfdump var=ConvertedFields_#attributes.QueryName#,
I suppose the CFDUMP is still inside the custom tag, so the query should be
defined.
But if it says Variable CONVERTEDFIELDS_ is undefined it looks like
attributes.QueryName is empty.
Are you
but how to do this on the users desktop?
If it was possible, any one could reformat you disk from a web page, can you
imagine? ;-)
I doubt Internet would be so much popular ;-)
~|
Order the Adobe Coldfusion Anthology now!
but I suppose we could offer to build it
for them into the CF app we are possibly installing.
That's your best option, provided all the data is on the server, not on client
side.
~|
Order the Adobe Coldfusion Anthology now!
Does anyone actually use CF Builder for multiple projects?
Nothing beats good old CF Studio ! ;-)
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Here is what solved it for me:
I'm glad you could work it out.
The more we go and the more we are having issues harder and harder to solve :-(
~|
Order the Adobe Coldfusion Anthology now!
This also means you will have hosting problems, as Windows is 64bit only
since Server 2008, so you wont be able to setup a CF DSN unless the host is
willing to also do this workaround for you or unless they are still running
Windows 2003.
Actually, I do have Access databases on my Window Web
then you must have set them up manually using the workaround.
Yes, I think so, it was a long time ago.
~|
Order the Adobe Coldfusion Anthology now!
One alternative would be to create a random number, say between 0 and 9,
then add 20 to it and store the result in a session variable.
Personnaly, I consider such methods that require the visitor to do something
quite unfriendly, especially for blind people, even insulting.
It is much
Thought this was interesting in the context of the thread.
I'm pretty sure Google has the resources to develop such algorithms, would it
be juste for the fun of it, but spammers in general have neither the ressources
neither the time and probably no interest at all to develop character
+1 for the honeypot.
+ another one.
You can also use an onclick on the submit button to fill a hidden field with
some key text also hidden in your javascript.
If the field is not set properly, dont process.
~|
Order the
Image captchas are undetectable by screen reading packages
Exact, and anyway, do spamers really care about character recognition? Do these
characters really have to look su ugly?
These captchas really look ridiculous.
~|
Problem is that signature can be faked.
Of course, I don't use it to maintain security on my sites, but to insure that
pages are displayed correctly.
If a visitor using Firefox fakes his signature to look like MSIE, it's his
problem.
Now if MSIE looks pretends to be Mozilla, it's a problem
Hi, I discoverd today that MSIE 11 is putting Mozilla/5.0 (Windows NT 6.1;
WOW64; Trident/7.0; rv:11.0) like Gecko
Until now, i thouht HTTP_USER_AGENT could be used in cfml to identify the
browser, but apparently this does not work any more.
According to this page:
http://msdn.microsoft.com/en-us/library/ie/hh869301(v=vs.85).aspx
The like Gecko token has been added (for consistency with other browsers).
C'mon, how can they talk about consistency with other browsers about a string
which is intended to be a signature for all browser?
Application servers are inherently complex, and it takes a certain
level of expertise to set them up. There's no getting around that.
You're right.
However, there are two approches that can be taken in installation procedures.
One year ago I had to move from a W2003 to a W2008 server and to a
1. out of the box install, not secure, but your site works just fine..
This is the Adobe's approach
2. out of the box, locked down and secure, but site may break, so you have
And this is Microsoft's
You're quite right.
Imagine a family buys a car, and by default the airbags and anti-lock breaks
are not enabled.
Indeed, they are in the trunk, under the spare tire, but it's up to you to go
to the manufacturer's site and download instructions to install them ;-)
but for CF to have a
backdoor entry point as standard in the install is plainly stupid and it has
not helped sell CF as an option.
This is exactly the point.
~|
Order the Adobe Coldfusion Anthology now!
It's Microsoft's approach ... now. But it took them a long time to get there.
You're probably right. The point here is that it is taking even a longer time
to Adobe.
~|
Order the Adobe Coldfusion Anthology now!
Development servers don't need a secure setup if
they're not exposed to untrusted networks.
Obviously we are was not talking about development servers in this thread ;-)
~|
Order the Adobe Coldfusion Anthology now!
And why is it such a pain in the rear to keep CF up to date/patched?
What I mean is that Adobe recommands that CFIDE should be moved to a safer
place, but, after several versions, CFIDE is still installed the same way.
~|
It's up to you to understand how web servers and web applications work, and
set it up
My point is that I'm pretty sure everything I've done by hand to move
CFIDE/administrator and declare a virtual directory to some special web site
could be done by the installer.
It's daft to facilitate the [potentially dangerous thing]
And I don't know if everyone knows why is was insecure to have the
Administrator in a conventional place.
I got my server hacked like many of us, and I checked in the logs how the guy
had access to the administrator.
I discovered that
ignore a public facing server, you are asking for trouble
We all have public facing applications, including banks, CIA, FBI, etc, simply
protected by a password, but we usually do not have undocumented backdoors ;-)
If the CF administrator dindn't have this undocumented function allowing to
I like this analogy... You buy a new Ford Fusion. Ford tells you about how
closing the doors and locking it is a security feature.
Then, you go park in a high crime area with the car running, keys in the
ignition and the doors wide open.
Except that in your analogy, it is obvious that one
9.0.2 is not and update it is a separate version without verity which is no
longer supported.
Exact, and since I've never been able to get Solr to work under 9.0.1, no
chance I ugrade to 9.0.2 !
~|
Order the Adobe Coldfusion
so some people think it is not real code
... and these people are real morons ;-)
Being tag oriented, compatible with HTML, makes CF the most developper friendly
language ever.
~|
Order the Adobe Coldfusion Anthology now!
You don't find the CC installer to be a heck of a lot simpler?
Excuse my ignorance, but what is CC?
~|
Order the Adobe Coldfusion Anthology now!
Give it's unlike any other language one might already know,
Come on, can you imagine a CF developper who wouldn't know at least HTML?
how is it being tag-oriented a dev-friendly thing?
Just because the code and the HTML it is intended to produced are integrated
within the same syntax.
That
But the bulk of your *code* should be separate from your views.
Well, if you really like masochistic constraints like MVC just to make things
more accademic, you can, but you will still use CF to code the views and the
data, and working with the same language in the SGML family simply makes
I completely agree with you, on all points.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
If the Railo Company would do some marketing
If they would above all produce some documentation!
I wanted to give it a try a couple of years ago, but the documentation was just
an arrid desert, so I gave up.
Is it any better now ?
Hi,
In the administrator, there is a check bor that makes possible to
Specify whether ColdFusion tags can pass non-standard attributes in the
attributecollection structure.
But apparently it does not make posssible to pass non-standard attributes in an
ordinary tag in the code.
For instance,
No.
Too bad :-(
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:358038
The docs about functions and tags are the same as the CF docs
I could work using the CF docs, but if there is the slightest difference, plus
or minus, I need to be easily aware of it.
It is so important in my mind that I finaly prefered to buy the CF 9 server.
However, this will work:
CFPARAM NAME=attributes.MyAttribute TYPE=string --- REQUIRED=no ---
Ugly, but it works.
~|
Order the Adobe Coldfusion Anthology now!
Better than nothing, but still not very developer friendly.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
like cfcomponent and cffunction (cfargument too I think).
cfmodule as well.
Yes, but not cfparam unfortunately.
~|
Order the Adobe Coldfusion Anthology now!
I'd *much* rather have CF complain than
silently ignore a bad argument.
I must admit I agree with you ;-)
~|
Order the Adobe Coldfusion Anthology now!
Www.railodocs.org
Much better than the last time I tried indeed.
Thanks.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
I think this hack is known since a long time ago. I remember having installed
my CF administrator in a safe place at least 2 or 3 years ago.
The adobe document which describes what to do is dated Mai 2010, almost 4 years
old.
and then when their site gets owned, CF gets the blame.
On another hand, why Adobe hasn't change the way CF is installed if its not
safe?
~|
Order the Adobe Coldfusion Anthology now!
I love developing in CF as I can build complex apps in 1/2 the time as it
takes in PHP.
And I will add the PHP is the uglyest language I've ever seen in about a 40
years career!
~|
Order the Adobe Coldfusion Anthology
You cam run the same checls on an oframe as You can om ypur ma8n dic
Sich as document.loaded etc
Oh boy ! Did you spilled your coffee on your keyboard this morning ?
~|
Order the Adobe Coldfusion Anthology now!
lol, I was on my phone,
... and they call that an « intelligent telephone » ? ;-)
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
Why are people so vehemently opposed so to CFForm?
Mainly for historical reason. I don't know how is CFForm nowadays, but when it
first appeared in CF, it was really week, missing a lot of essential features,
and every message coming out of it was only in English, making it not an option
for
considering all the
(well documented) problems it caused previously.
Yes, I remember now.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Is it possible to run scheduled tasks in CF10 Standard Edition?
It sure is.
However, there is now a restriction on the extension for the log file. It can
only be .txt or .log, for so called secirity reason (?).
~|
Order the
Hi,
I have CF 9.0.1 installed, and I'm not able to define a Solr collection.
I get this error in the Administrator:
An error occurred while creating the collection:
org.apache.solr.common.SolrException. Check the Solr logs for more detail.
And in the Solr log, I get this:
JNDI not configured
might be a problem with the port being used, do you have anything else
running, other CF versions, other instances or anything like that ?
Nope. Nothing like that.
I noticed in solrConfig.xml something like
maxMergeDocs2147483647/maxMergeDocs
I thought It could be a too big number to read for a
I've got a lot of large CF sites I have to move because my host is not up to
what we've grown to be.
Have you considered having your own dedicated server ?
I certainly do not have as large CF sites as you have, but except if you run
all these site for free, a dedicated server is worth the
there is no way to isolate sites from each other on a shared hosting setup.
For instance, from time to time I've encountered a situation when I have to
stop and restart the CF service, ie: dead lock, local file kept open after an
error, etc.
You can'nt do this on a shared server.
works fine for missing variables however is there a way to identify context
validation errors such as missing /cfif etc.
missig variables are execution time errors, but missing /CFIF are syntax
errors.
CFERROR can trap execution errors, but not syntax errors since they happen
during
Why would I choose a CF Framework over a CF CMS system?
I'm affraid you are comparing apples and oranges.
You would use a CF framework to develop a CMS system but you wouldn't have to
develop anything if you use a CMS system.
1 - 100 of 518 matches
Mail list logo