Hi all,
Apologies for the completely OT posting, but I'm in desperate need for a
solution.
Until recently I have been hosting a discussion maillist for one of my
customers. Subscription is required for membership of the list and there is
also an opt-in option on the member profile. So on a
We've looked at both MailChimp and Campaign Monitor, both of whom have
mature APIs and offer similar functionality. I'd recommend either.
Will
On 6 March 2012 11:29, Jenny Gavin-Wear jenn...@fasttrackonline.co.ukwrote:
Hi all,
Apologies for the completely OT posting, but I'm in desperate
+1 for either, but MailChimp is probably the easier option
On Tue, Mar 6, 2012 at 11:36 AM, Will Swain w...@hothorse.com wrote:
We've looked at both MailChimp and Campaign Monitor, both of whom have
mature APIs and offer similar functionality. I'd recommend either.
Will
On 6 March 2012
Just out of curiosity, why can't you have the entire session running under SSL?
Ever since Firesheep came out it is actually suggested to be all encrypted all
the time.
Steve
-Original Message-
From: Robert Rhodes [mailto:rrhode...@gmail.com]
Sent: Tuesday, March 06, 2012 2:20 AM
Hi Will and Russ,
Many thanks for your replies!
I was looking at Mailchimp, but is it only a broadcast/newsletter service or
does it support discussion lists with moderators, etc? I can't find
anything about discussion mail lists on their site.
Jenny
-Original Message-
From: Will
It's a video streaming site for members. I can't believe my only option is
to stream video across ssl. There must be another solution.
-RR
On Tue, Mar 6, 2012 at 7:46 AM, DURETTE, STEVEN J sd1...@att.com wrote:
Just out of curiosity, why can't you have the entire session running under
Thanks Russ!
I looked through everything you suggested, and I can't see anything wrong.
Here's my wsconfig.properties file:
1=IIS,1,false,
1.srv=localhost,cfusion
1.cfmx=true,null
2=IIS,2,false,
2.srv=localhost,Test01
2.cfmx=true,null
So it looks like my #2 site is pointing to the correct
Eric,
This used to happen, on occasion. You can delete your current connectors
and establish new ones using the config tool:
C:\JRun4\bin\wsconfig.exe
You might have a deeper issue, but sometimes it really is that simple.
It usually was for us. (Reminds me just how much I love Apache...)
It's a video streaming site for members. I can't believe my only
option is to stream video across ssl. There must be another
solution.
There is: take the main site out of scope for compliance. The only
parts of a system that have to be PCI compliant are the ones that
handle credit card
Justin, thanks for the reply, and I get your point, but I can't break out
the registration process into a standalone site quickly. There must be a
fairly quick solution to this problem. Surely, I can't be the first to
deal with this.
On Tue, Mar 6, 2012 at 8:44 AM, Justin Scott
Robert, a product like Fuseguard from Pete Freitag or a Web Application
Firewall (or a plugin type of filter to your existing firewall) may help.
I'm currently going through a similar process and thought these options
might help.
Ché
-Original Message-
From: Robert Rhodes
Robert,
This is odd that you are losing the session, are you using CF in
multiserver mode or standalone? The article you referenced was for CF8,
however, we're currently running CF9 Ent in multiserver mode and we've not
had this issue crop up. We are however using a DB with client cookies for
I'll echo what Donnie said. We're actually running CF 8 with the DB client
settings and did not have any issues with the cookies in our PCI audit,
Phil
On Tue, Mar 6, 2012 at 9:24 AM, Donnie Bachan (Gmail)
donnie.bac...@gmail.com wrote:
Robert,
This is odd that you are losing the session,
On Tue, Mar 6, 2012 at 9:07 AM, Robert Rhodes rrhode...@gmail.com wrote:
Justin, thanks for the reply, and I get your point, but I can't break out
the registration process into a standalone site quickly. There must be a
fairly quick solution to this problem. Surely, I can't be the first to
Justin, thanks for the reply, and I get your point, but I can't break out
the registration process into a standalone site quickly. There must be a
fairly quick solution to this problem. Surely, I can't be the first to
deal with this.
Another option might be to ask your scanning vendor for
We have an opening for someone with CF Experience. We advertised it as a
DBA with CF Experience and posted on some free sites and Craig's list and
have not had any bites locally. The powers that be do not want to nut up to
post it to Monster or career builder.
I know that there is the CF-Jobs
Justin, I don't think that would work though, depending on the level of
compliance and the SAQ being completed I don't think any vendor will allow
that exemption regardless of if credit card information is visible or not.
If an attacker is allowed any access to a user session and can harvest any
go to houseoffusion.com
On Tue, Mar 6, 2012 at 10:11 AM, Gerald Guido gerald.gu...@gmail.com wrote:
We have an opening for someone with CF Experience. We advertised it as a
DBA with CF Experience and posted on some free sites and Craig's list and
have not had any bites locally. The powers
Justin, I don't think that would work though, depending on the level of
compliance and the SAQ being completed I don't think any vendor will
allow that exemption regardless of if credit card information is visible or
not. If an attacker is allowed any access to a user session and can
harvest
I know that there is the CF-Jobs list but where else can we post for
free that will get us more coverage?
There is the HoF CF-Jobs mailing list, as mentioned. I would also
recommend contacting Ricardo Parente at http://cfdevelopers.net/ as he
runs a ColdFusion job site/blog that gets pretty
Gerald Guido gerald.gu...@gmail.com wrote:
We have an opening for someone with CF Experience. We advertised it as a
DBA with CF Experience and posted on some free sites and Craig's list and
have not had any bites locally. The powers that be do not want to nut up to
post it to Monster
For both Phillip and Donnie -- I just set the site up for database storage
for the client session in the cf admin (server settings - client
variables), and I see data going in those two tables, but I am still losing
the session state when moving from https to http. I have this set in my
Are all your sites running under CF or do you have another Java-based app
server, like Tomcat/JBoss, running portions of your site as well? That
happened to me. Someone turned on sessions for a Tomcat app that didn't
need it and users would drop sessions as they moved around the site from
the CF
Nope. Just CF on this sever, and just this one site running.
On Tue, Mar 6, 2012 at 10:37 AM, Phillip Duba phild...@gmail.com wrote:
Are all your sites running under CF or do you have another Java-based app
server, like Tomcat/JBoss, running portions of your site as well? That
happened to
Hi Robert,
I'm not sure if I'm missing something but shouldn't you have
setClientCookies to Yes? Otherwise you'd have to pass the JSESSIONID in the
url on each request.
Best Regards,
Donnie Bachan
Nitendo Vinces - By Striving You Shall Conquer
I just put back the jrun setting to pass cookies securely, and am sending
the jsessionid securely again. And I am set up to use the database for
client storage.
It's still losing the session when I switch between http and https.
I do have setclientcookies to no, because that sets cfid and
http://cfdevelopers.net/page.cfm/job-offers is where you post it.
On Tue, Mar 6, 2012 at 10:26 AM, Justin Scott leviat...@darktech.org wrote:
I know that there is the CF-Jobs list but where else can we post for
free that will get us more coverage?
There is the HoF CF-Jobs mailing list, as
On Tue, Mar 6, 2012 at 11:13 AM, Robert Rhodes rrhode...@gmail.com wrote:
I just put back the jrun setting to pass cookies securely, and am sending
the jsessionid securely again. And I am set up to use the database for
client storage.
It's still losing the session when I switch between
I believe you should wrap your data with cfprocessingdirective tag.
I tried cfprocessingdirective with the following pageencodings with no change
in behavior: windows-1252, windows-950, windows-936, big5, utf-8. Same thing
happens - if I put any sort of html tag around the Chinese
Your issue is more likely the fact that you are switching between https and
http. I don't believe that the cookies can cross that barrier.
However as to your cookies not being secure check out the article by Pete
Freitag : Adobe developer connection / ColdFusion Developer center / Securing
I believe you should wrap your data with cfprocessingdirective tag.
I tried cfprocessingdirective with the following pageencodings with no change
in behavior: windows-1252, windows-950, windows-936, big5, utf-8. Same thing
happens - if I put any sort of html tag around the Chinese
Hi Robert,
You are caught in a bit of a catch 22 here. If you want to set the secure
attribute on session cookies delivered over SSL, but also have it use the
same cookie values over non-ssl - then that defeats the purpose of adding
the secure attribute. If you want to do that you can't use the
sorry must have misread, if your looking for discussion lists then there is
always google apps which gives you google groups using your own domain.
On Tue, Mar 6, 2012 at 12:51 PM, Jenny Gavin-Wear
jenn...@fasttrackonline.co.uk wrote:
Hi Will and Russ,
Many thanks for your replies!
I
I hear you, but there are issues preventing me from going all https. It's
a long story.
Is there a way to copy, with some code in the application.cfm, the
jsessionid between http and https so we don't lose the session state?
-rr
On Tue, Mar 6, 2012 at 11:24 AM, Pete Freitag p...@foundeo.com
Make certain that the job is posted on indeed.com . If you're not familiar
with the site they scan all the major job sites and listings on major corp
sites. But they've added the ability for employers to directly post
jobs on the site.
Concerning your opening are they open to telecommuting?
On Tue, Mar 6, 2012 at 11:55 AM, Robert Rhodes rrhode...@gmail.com wrote:
I hear you, but there are issues preventing me from going all https. It's
a long story.
Is there a way to copy, with some code in the application.cfm, the
jsessionid between http and https so we don't lose the
the regular cf handlers that point to jrun_iis6.dll actually do nothing,
they don't even work.
the Wildcard handler jrun_iis_wildcard.dll is the only one you actually
need and which works, so this is the one you need to check is point to the
right connector.
If you still can't get it working
you could also try
www.odesk.com
www.freelancers.com
On Tue, Mar 6, 2012 at 5:30 PM, Rick Mason rhma...@gmail.com wrote:
Make certain that the job is posted on indeed.com . If you're not
familiar
with the site they scan all the major job sites and listings on major corp
sites. But
Ok, I am going to try to make the site work all ssl. I am concerned about
the video streaming over ssl, but I guess we will see how it goes.
On a related subject: is there a way to make the jsessionid cookie secure
without making the jrun change? I ask because doing so affects all sites
on
Yes. If it were me, I would turn setClientCookies=false in the
Applciation.cfc|cfm and then set them manually using:
cfcookie name=cfid value=#session.cfid# secure=true/
cfcookie name=cftoken value=#session.cftoken# secure=true/
If you google around a bit you can probably find some sample code
sorry must have misread, if your looking for discussion lists then there is
always google apps which gives you google groups using your own domain.
Yes, and Apps does have an API that lets you do quite a bit.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
That works for cfid and cftoken, thanks. But it won't work for jsessionid,
because once that is selected in the administrator, it shows up as an
unsecure cookie, even if you have setclientcookies turned off. That's a
bummer, I wanted to use jsessionids.
On Tue, Mar 6, 2012 at 1:59 PM, Cameron
Try this:
http://www.12robots.com/index.cfm/2009/5/6/Making-the-JSESSIONID-Session-Token-Cookie-SECURE-and-HTTPOnly-and-settings-its-PATH
-Cameron
On Tue, Mar 6, 2012 at 2:39 PM, Robert Rhodes rrhode...@gmail.com wrote:
That works for cfid and cftoken, thanks. But it won't work for
...also - make sure you've cleared out cookies in your browser after you've
made CF code changes. Old cookies could be hanging out and screwing up
your testing.
-Cameron
On Tue, Mar 6, 2012 at 2:39 PM, Robert Rhodes rrhode...@gmail.com wrote:
That works for cfid and cftoken, thanks. But it
On a related subject: is there a way to make the jsessionid cookie
secure without making the jrun change? I ask because doing so
affects all sites on the server, and I had planed to run other sites
on this particular server.
Be careful with this... if your billing system is on this server
Yes, I saw that. But he does not say how he made the new jsession id
string. I am sure it is not some random string he pro
grammatically generated. So, there must be a way to get at the jsessionid
even if you don't have jsessionidenabled in the administrator.
On Tue, Mar 6, 2012 at 2:44 PM,
On Tue, Mar 6, 2012 at 2:56 PM, Robert Rhodes rrhode...@gmail.com wrote:
Yes, I saw that. But he does not say how he made the new jsession id
string. I am sure it is not some random string he pro
grammatically generated. So, there must be a way to get at the jsessionid
even if you don't
If jsessionids are enabled, CF appears to set that cookie, no matter what.
I know of no way to prevent that from happening.
And yes, even those the site being loaded by https, the jsessionid cookie
is still being set insecurely.
As I said before, this should be easier than it is. Or maybe
Hi Dave,
I had a look at Google Groups hoping for an API.
It seems they are revamping it and there is currently no API. There is an
option to use the all new and sparkling Google Groups, but much of the
interface is still in development.
Jenny
-Original Message-
From: Dave Watts
I used Topica for many clients... Pricing and whitelisting is about
the same as mailchimp or api.jangomail.com
On Tue, Mar 6, 2012 at 7:35 PM, Jenny Gavin-Wear
jenn...@fasttrackonline.co.uk wrote:
Hi Dave,
I had a look at Google Groups hoping for an API.
It seems they are revamping it and
Hi Brian,
I looked at Topica, but it appears to be a marketing mail list service, not
discussion mail list, or am I wrong?
Also, I couldn't see any evidence of an API?
Many thanks,
Jenny
-Original Message-
From: Brian Thornton [mailto:br...@cfdeveloper.com]
Sent: 07 March 2012 00:38
You can pay a small fee to post it on Ben Nadel's job board. I believe he
donates the money to charity.
andy
-Original Message-
From: Gerald Guido [mailto:gerald.gu...@gmail.com]
Sent: Tuesday, March 06, 2012 9:12 AM
To: cf-talk
Subject: (ot) Places to post a CF opening
We have an
this is probably the most widely used open source solution.
http://www.gnu.org/software/mailman/index.html
On Wed, Mar 7, 2012 at 1:03 AM, Jenny Gavin-Wear
jenn...@fasttrackonline.co.uk wrote:
Hi Brian,
I looked at Topica, but it appears to be a marketing mail list service, not
Can I ask what were the pros and cons of hibernate with CF9 compared
to other frameworks?
I get that for instance coldbox integrates with hibernate but wanted
to hear some feedback from the framework architecture, deployment and
development time was handled.
BT
Thank you all for your responses. To answer some inquiries, we are located
in Tallahassee Fl.
The skinny: It is a decent gig. Great bosses that look out for you. Good
bennies. Very pleasant professional work environment. Good peeps all
around. Mostly Intranet type development with enough new
I had a look at Google Groups hoping for an API.
It seems they are revamping it and there is currently no API. There is an
option to use the all new and sparkling Google Groups, but much of the
interface is still in development.
I assume the other frameworks you're talking about are the MVC frameworks
(ColdBox, Model-Glue, FW/1, Mach-II, etc.)? If so they really have nothing
to do with each other. Some of them (like ColdBox) have optional features
that work with Hibernate, but any of the MVC frameworks will work fine
57 matches
Mail list logo