RE: [KCFusion] ColdFusion File Security
Bruce: I am just guessing, but is it maybe that the files that you need to protect are the *.class files that MX produces and not the *.cfm files? Kory Bakken -Original Message- From: Bruce Phillips [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 8:11 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [KCFusion] ColdFusion File Security All: I hope you can provide me some guidance on the following issue and especially if my web host tech support is incorrect. I've run into an interesting security problem with ColdFusion. I am the web master for STFM.org We have protected various directories using our web hosts file permission interface on the control panel for our web site. For several directories we have set the user Everyone access to none for that directory and any files/sub directories in the directory. However, after moving to our new CF MX server, I noticed that the CF files in our protected directories are being served up even though the directory is protected (I checked to ensure it was still protected after the move). If you try to load a non-CF file (for example test.htm) that is located in the same protected directory, the server requests you provide a user name and password before it returns the file to your computer. The server does not do this with the CF file, it just returns the file. According to a phone conversation I had with one of our web host's tech support personnel late on 1 August, CF files are not protected by the file permissions settings on the Windows server since the CF MX server bypasses the web server to return the files to the browser. However, after consulting another very experienced ColdFusion Developer and checking the ColdFusion MX documentation (see http://download.macromedia.com/pub/coldfusion/documentation/cfmx_dev_cf_apps.pdf page 353) I've learned that basic HTTP authentication should protect CF files. I believe that the information I was given by the support technician to be incorrect. Removing the user Everyone's access in some of our sub-directories should also protect the CF files in those sub directories. Any information on your experience in using basic http authentication to protect CF files in a directory from being served up with the user entering a password and username would be appreciated. I really think the tech support is incorrect and there is some other problem on the web server. I don't want to use CFLOGIN or some other application login script if I don't have to. Thank You, Bruce Bruce Phillips Society of Teachers of Family Medicine 913-906-6000 ext 5405 [EMAIL PROTECTED] __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/[EMAIL PROTECTED] Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED] __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/[EMAIL PROTECTED] Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]
RE: [KCFusion] DateDiff in SQL Query
You cannot treat
CustomerEnrollmentDateas a CF Variable until you are
outside of that query. The following where clause should get you what you
need:
WHERE CustomerRefer = #Affiliate_ID#AND
CustomerEnrollmentDate between '#DateAdd('d',-7,createODBCDate(now()))#' and '#DateAdd('d',7,createODBCDate(now()))#'
-Original Message-From: Robert
[mailto:[EMAIL PROTECTED]Sent: Friday, August 01, 2003 11:03
PMTo: [EMAIL PROTECTED]Subject: [KCFusion] DateDiff
in SQL Query
I am running into a problem and I can't figure
out why. I know i've had this problem before with using CF functions
inside of SQL queries, but I can never remember what it was the last time that
fixed it, so I wanted to post this query:
CFQUERY name="getcustomers"
DATASOURCE="x"SELECT CustomerName, CustomerPin,
CustomerRefer,CustomerEnrollmentDateFROM
CustomersWHERE CustomerRefer =
#Affiliate_ID#AND
#DateDiff("w",'#CreateODBCDate(CustomerEnrollmentDate)#','#CreateODBCDate(now())#')#
= 0/CFQUERY
I'm needing to run stats for affiliate programs
and so I want a daily, weekly, monthly view. Datediff in T-SQL didn't
seem to be able to do anything other than generic day, month, etc.
Anyhow, I get the following error:
Error
resolving parameter CUSTOMERENROLLMENTDATE
Obviously I
have the right name, but it bombs right there...if I change around my quotes
and my pound signs, it'll say it's Missing a parameter, Expected 1 or Expected
2. Anyone easily point out what i've got in the wrong place or what I am
messing up because i'm at a loss. BTW, Affiliate_ID is from another
CFOUTPUT from a query that this is all running inside of.
Thanks,
Robert
Re: [KCFusion] DateDiff in SQL Query
Kory,
Thanks for the reply. I was able to figure
out my mistake. It was my own fault of syntax and not having the quotes
and such in the right place. I've abandoned that query, but I will say
thanks to all who helped.
Thanks,
Robert
- Original Message -
From:
Kory Bakken
To: [EMAIL PROTECTED]
Sent: Monday, August 04, 2003 8:10
AM
Subject: RE: [KCFusion] DateDiff in SQL
Query
You cannot treat
CustomerEnrollmentDateas a CF Variable until you are
outside of that query. The following where clause should get you what
you need:
WHERE CustomerRefer = #Affiliate_ID#AND
CustomerEnrollmentDate between '#DateAdd('d',-7,createODBCDate(now()))#' and '#DateAdd('d',7,createODBCDate(now()))#'
-Original Message-From: Robert
[mailto:[EMAIL PROTECTED]Sent: Friday, August 01, 2003 11:03
PMTo: [EMAIL PROTECTED]Subject: [KCFusion] DateDiff
in SQL Query
I am running into a problem and I can't figure
out why. I know i've had this problem before with using CF functions
inside of SQL queries, but I can never remember what it was the last time
that fixed it, so I wanted to post this query:
CFQUERY name="getcustomers"
DATASOURCE="x"SELECT CustomerName, CustomerPin,
CustomerRefer,CustomerEnrollmentDateFROM
CustomersWHERE CustomerRefer =
#Affiliate_ID#AND
#DateDiff("w",'#CreateODBCDate(CustomerEnrollmentDate)#','#CreateODBCDate(now())#')#
= 0/CFQUERY
I'm needing to run stats for affiliate programs
and so I want a daily, weekly, monthly view. Datediff in T-SQL didn't
seem to be able to do anything other than generic day, month, etc.
Anyhow, I get the following error:
Error
resolving parameter CUSTOMERENROLLMENTDATE
Obviously I
have the right name, but it bombs right there...if I change around my quotes
and my pound signs, it'll say it's Missing a parameter, Expected 1 or
Expected 2. Anyone easily point out what i've got in the wrong place
or what I am messing up because i'm at a loss. BTW, Affiliate_ID is
from another CFOUTPUT from a query that this is all running inside
of.
Thanks,
Robert
[KCFusion] Monthly Meetings
Hey All: I just wanted to chime in my two cents. I know I am not very active on this list, mainly just to see if I can help out with anyone else's problems and obviously to post some of mine when they occur. I am living in Topeka, and i'm not opposed to traveling to KC for the meetings, but does anyone have objections to having them in Lawrence or Topeka sometimes? I'd be willing to help out with organizing a meeting based in Topeka, finding a meeting place, etc...and i'm not volunteering anyone, but I know Adaryl is here in Topeka and may be willing to help out as well...what does everyone think? I haven't attended any meetings, but I am curious, how many people usually attend? Can we get some chatter going about organizing something? Thanks, Robert __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/[EMAIL PROTECTED] Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]
[KCFusion] Introduction
Hello all, My name is Ben Edwards and I'm moving to KC, from Atlanta, in September. I'm actually a native of the area but have been down here in Atlanta for the past five years. I just wanted to introduce myself and say hello. I met some of you from the KC CFUG in Washington, DC at CFFUN-03 and I'm looking forward to meeting more of you. Hal Helms is a good friend of mine (we do training and Mach-II together) and we'll be offering a special class in KC together in September (Object Orientated Development with CFCs). While he's up there I've convinced him to speak at that month's CFUG meeting (if a speaker is not already scheduled). Would you guys be interested in having Hal as a speaker? Who do I need to talk to try to work out some details to get him in KC? Also, would anyone be interested in learning more about the training? Thanks, Ben Edwards __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/[EMAIL PROTECTED] Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]
[KCFusion] Hal Topeka/Lawrence
Ben Group, It would be great if Hal could speak to us in September. We can probably use a meeting room at UMKC that can seat 50 or so. We'll have to make sure we reserve the projector in advance, and supply our own Ethernet patch cable to connect to the DHCP in the wall. Ben, you can work with me on this to set it up. Ryan 913-317-8350, [EMAIL PROTECTED] As for meetings in Topeka or Lawrence... Sounds good, but if our recent attendance is any indication, we will have a very sparse room. If we can get a good speaker that will draw a small crowd I am up for it. Ryan __ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives http://www.mail-archive.com/[EMAIL PROTECTED] Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe mailto:[EMAIL PROTECTED] To Unsubscribe mailto:[EMAIL PROTECTED]
