RE: Strange CFHTTP Problem

[Dave Watts]

> if you know the login/password, can't you use:
> 
>   http://{login}:{password}@{URL}
> 
> in the URL attribute?

That won't work using CFHTTP against a URL secured with NTLM Authentication.
CFHTTP only supports Basic Authentication in CF 4.5.1 and higher. Older
versions of CFHTTP on Windows supported NTLM Authentication, because they
used the Microsoft internet client libraries - but those had their own
problems. For 4.5, Allaire wrote all of the HTTP code from scratch,
essentially.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Strange CFHTTP Problem

[Dylan Bromby]

if you know the login/password, can't you use:

http://{login}:{password}@{URL}

in the URL attribute?


-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:55 PM
To: CF-Talk
Subject: RE: Strange CFHTTP Problem


> I've got a strange problem going on here with using cfhttp tag.
>
> Environment is NT4.0 IIS4 CF4.51 (Allow anon users disabled -
> Windows Challenge/Response) I've also tried on Win2k IIS5 with
> same problem arising.
>
> I keep getting an "Access denied" message (cfhttp.filecontent)
> and was wondering what exact permissions settings I should have
> to fix this. I've tried allowing access to the relevant directories
> and even changed the user under which CF Server runs
>
> I've already tried passing valid NT account details in the username
> and password attributes of the tag. No proxy is involved here as
> the cfhttp is calling a script residing on the same site and server.
> CFServer is running under the system account.

CFHTTP can't be used to retrieve pages that require NTLM authentication
(Windows Challenge/Response).

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: can cfhttp access to https?

[Dave Watts]

> > Can cfhttp access to https site and get the files with username
> > and password provided?
> 
> https://www.blah.com";
> method="GET"
> port="443"
> username="DOMAIN\USERNAME"
> password="**"
> resolveurl="TRUE"
> throwonerror="YES">
> 
> 
> I've been following this thread and had a question. I thought 
> I had read that the code above would only work on NT if the Web 
> server was not using NT Challenge/Response for security. Is that 
> correct? 

That is correct. If you're using HTTPS, there's no reason to use NTLM
Authentication anyway; Basic Authentication will do.

> Also, does that mean that it work won't on the server if it is 
> running or only for the directory you choose to secure that way? 
> Ok, that's two questions.

Web server authentication can be set on a per-directory (and for IIS, a
per-file) basis. Only those directories and files secured using NTLM
Authentication will require that authentication.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Strange CFHTTP Problem

[Dave Watts]

> I've got a strange problem going on here with using cfhttp tag.
> 
> Environment is NT4.0 IIS4 CF4.51 (Allow anon users disabled - 
> Windows Challenge/Response) I've also tried on Win2k IIS5 with 
> same problem arising.
> 
> I keep getting an "Access denied" message (cfhttp.filecontent) 
> and was wondering what exact permissions settings I should have 
> to fix this. I've tried allowing access to the relevant directories 
> and even changed the user under which CF Server runs
> 
> I've already tried passing valid NT account details in the username 
> and password attributes of the tag. No proxy is involved here as 
> the cfhttp is calling a script residing on the same site and server. 
> CFServer is running under the system account.

CFHTTP can't be used to retrieve pages that require NTLM authentication
(Windows Challenge/Response).

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Seeking advice on correct way to handle long transactions

[Dave Watts]

> We have a CF application through which users complete a form. 
> When they submit, data is inserted into an Access database using 
> logic like this:
> 
>   
>   
>   
>   
>   >>delete any existing records for this user...<<
>   
>   
>   
>   
>   
>   
>   
>   
>   >>insert new record from form data<<
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
>   
> 
> The problem we're hitting is that the delete/insertion process takes a
> few seconds and when two users click the button almost simultaneously,
> one of them is locked out and his data is never written.
> 
> Is there a sensible way to queue the delete/insertion so that it works
> correctly once the database lock is cleared, rather than failing?

Well, one thing you can do is minimize the amount of time spent in the
transaction. For example, it's probably not necessary to have a loop from 1
to 255, unless you're absolutely sure you're going to have exactly 255
records inserted every time. You might also decide that it's not really
necessary to contain all of this logic within a single transaction; if, for
example, you're sure that people aren't going to be editing the same records
simultaneously, you might do without the transactional logic entirely in
this case.

You'll also get better transactional performance out of a database that
supports locking at a more granular level than the entire table.

Finally, I don't see the purpose of all of the CFTRY and CommitIt logic in
the above code; if any of the queries fail, the entire transaction will fail
- that's the primary purpose of using the CFTRANSACTION tag!

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: loops learning difficulties (was Re: looping insert) (was re: looping problem)

[Dick Applebaum]

Seamus

Some people take to the concepts of loops naturally... for others it 
is a mental block.

Not to worry!

The classic programming problem which illustrates the need for loops 
is the "Native American" Problem:

   The Dutch purchased Manhattan Island from the "Native Americans" 
for $18.00 in
   er, ah... lets say 1624.  If the money were invested at 4%, compounded
   annually, what would it be worth today.

To solve you could write out:

   Year: 1624  Value: $18.00
   Year: 1625  Value: $18.00 * 1.04
   Year: 1626  Value: $18.00 * 1.04 * 1.04
.
.
.

so we would do the 375 steps to get to 2001

Now if we look closely, we notice a certain consistency in the 
operations performed in each step:

   the year is incremented by 1

   the amount is incremented by 4& ( Amount * 1.04 )

Regardless of which step (year) the calculations are always the 
same... the 2 operations are repeated over and over.

To write this out abstractly we could say:

   Start with an amount of $18,00

   Start at a year of 1624

 Repeat

   Add 1 to the year

   Multiply the amount by 1.04

 until the year is equal to 2001

What controls the number of times we repeat, is the year (incremented)


Now, we take this and rewrite this in CF"





  



Now if you compare the two, you see that the  tag combines 
the operations of:

 setting the starting and ending values for year

 setting the increment for year

 testing for the end value of year.

So all we have to do is compute the amount and indicate the end of the loop.

Now, if you change the problem slightly:

   The Dutch purchased Manhattan Island from the "Native Americans" 
for $18.00 in
   er, ah... lets say 1624.  If the money were invested at 4%, compounded
   annually, when would the value exceed $200,000?

 we'll cover that in the next installment,

HTH

Dick


At 11:17 AM +1000 7/13/01, Seamus Campbell wrote:
>Many thanks  again.
>
>Slightly OT - I have learnt CF without any background in programming - I
>have a huge problem getting loops and lists  to work - I can understand the
>general principles but just can't seem to be able to learn to implement
>specific code.
>
>For instance I can see what you are doing in the code below and I can adapt
>code that other people have done (often by trial and error rather than logic)
>BUT i have huge problems coding loops and lists on my own.
>
>Is this normal - or am I just slow???
>
>Any ways to learn how to "roll my own"  ???
>
>Many thanks
>Seamus
>

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: view source tag

[stas]

I was thinking more in terms of re-running the page surrounded by
 on request, parse it to color-code/pretty print it, and
output un-interpreted HTML to a window - only for debugging purposes, never
on production. Even if it was on production, I don't understand why this
would be a security risk if all a person would see would be HTML.

I am not sure what the other guy was suggesting about using Bjork's tag. All
I want to do is to be able to include a custom tag at the bottom of the page
that will spawn (by clicking a "view source"  link) a window containing all
produced HTML as an alternative to "View Page Source."



-Original Message-
From: Russel Madere [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 5:47 PM
To: CF-Talk
Subject: RE: view source tag


Be real careful with this.  The source viewer provided as a sample
application on the Cold Fusion install is a HUGE security hole.

I would suggest that you put any code you want to view like that in a
database and not use CFFILE to read the code from a disk.  A bad guy could
pretty easily pull your registry from your windows server (if that is your
OS).

Russel

> -Original Message-
> From: stas [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 4:42 PM
> To: CF-Talk
> Subject: view source tag
>
>
> Hello all,
>
> I would like to make an on-demand view-source tag... basically
> something to
> include in a footer for debugging - a link that will reprocess
> the page with
> all the parameters that were passed to it and output HTML (not
> interpreted)
> to the window. The reason I want it is that a regular view-source
> returns a
> lot of garbage and doesn't have any color-coding in it. Does something
> similar exist already so that I can add features to it?
>
> Thanks
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: CFAnyWhere or CF on CD

[Dick Applebaum]

The company that made CFAnywhere and  JRun was purchased a few years 
ago, by allaire.  AFAIK they killed CFAnywhere.

I, too, was intriqued with the possibilities of a single-user desktop 
version of CF on any platform.

HTH

Dick

At 9:25 PM -0400 7/12/01, Duane Boudreau wrote:
>All,
>
>What ever happened to CFAnyWhere? I need that tool or something similar for
>a CD project.
>
>Duane

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

CFAnyWhere or CF on CD

[Duane Boudreau]

All,

What ever happened to CFAnyWhere? I need that tool or something similar for
a CD project.

Duane


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

loops learning difficulties (was Re: looping insert) (was re: looping problem)

[Seamus Campbell]

Many thanks  again.

Slightly OT - I have learnt CF without any background in programming - I 
have a huge problem getting loops and lists  to work - I can understand the 
general principles but just can't seem to be able to learn to implement 
specific code.

For instance I can see what you are doing in the code below and I can adapt 
code that other people have done (often by trial and error rather than logic)
BUT i have huge problems coding loops and lists on my own.

Is this normal - or am I just slow???

Any ways to learn how to "roll my own"  ???

Many thanks
Seamus

At 11:37 pm 12/07/01 , you wrote:
>There's a couple of ways this can be handled. But, here's what I usually do.
>
>
>
>Delete * from tblClientCategory WHERE clientid=#form.clientid#
>
>
>
>(UPDATE tblClientCategory SET CategoryID=#listgetat(form.categoryid, i)#
>WHERE
>tblClientCategory.ClientID=#form.clientid#)
>
>
>
>
>Essentially, instead of trying to test for the existence of the categoryid,
>you're just deleting the old and then inserting all the new. 
>is optional here. It ensures that if your second (looped) query doesn't
>work, that you haven't lost your original data. However, if you're
>potentially looping through lots of fields, with non-critical data, you
>might consider the tradeoffs.
>
>-Deanna
>
>
>
>
>Deanna Schneider
>Interactive Media Developer
>UWEX Cooperative Extension Electronic Publishing Group
>103 Extension Bldg
>432 N. Lake Street
>Madison, WI 53706
>(608) 265-7923
>
>
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Forms+SQL+Params

[Lee Moore]

I'm assuming that the form is posting to itself since you did not give the
name of the file. I will give you back your code with some changes and some
clarification on variable scoping by scoping explicitly. It seems that you
were also filling the name attribute in your forms with wha.t should be the
value attribute. I replaced "name" with "value" and added what I assume is
the correct name attribute for each one. This isn't tested but I hope you
get the idea.

Perhaps I'm a bit anal but I like to scope all variables that aren't
"Variable" scope. It makes things easier to understand and ColdFusion
processes explicitly scoped variables faster.

Hope this helps.








...

Name or
Alias:













INSERT into Guestbook(Name,Email,Location,URL,Section,Contribute,Comments)
Values('#form.Name#','#form.Email#','#form.Location#','#form.URL#','#form.Se
ction#','#form.Contribute#','#form.Comments#')















#getguest.date#
#getguest.name#
mailto:#getguest.email#";>Email
Me
#getguest.location#
Visit My
Website
#getguest.section#
#getguest.contribute#
#getguest.comments#






~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Emailing CC info

[Dick Applebaum]

One technique I often use is:

   insert the CC info into a db (it's probably already there).

   Send the email with a link in it with an encrypted key (db record id)

   The link resolves to a  page requesting login

   After login the CC info is retrieved is served to the authorized 
user with SSL

   The user copy/pastes, saves, whatever...

HTH

Dick

At 11:59 AM -0400 7/12/01, Duane Boudreau wrote:
>All,
>
>I need some suggestions on emailing credit card info securely for a friend.
>He looked into PGP but the commercial version is now 8k???
>
>Thanks,
>Duane
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Unrelated

[bajaria aslam]

Hi All,
sorry to post a question that is not related to
coldfusion.

Does anyone know of any mailing list for Docushare (
it is document management software product from a
product from Xerox).
I could not find any books on it either. I need to
make a report on whether it is good to have it for the
company or not.

Any suggestion is welcome
Can anyone help me on this.

Thanks All and again. Sorry to put an unrelated
question.

AB
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: select box on mac

[Dick Applebaum]

At 1:17 PM -0700 7/12/01, Jann VanOver wrote:
>I sincerely disagree.  I'm just a home user of Mac (my work is all Windoze)
>and I keep TRYING to like IE 5 for the mac, but it bombs out, locks up, and
>is a whole lot slower than 4.5.  Each time they come out with a new 5.0
>version I try it out, and each time I've ended up going back to 4.5.

Not to start a flame war, but one of the reasons IE4.5 Mac is so fast 
is that it arbitrarily uses the cached copy of a page when that page 
has changed.

You might try giving IE 5.0 more memory than the default.

I have (grudgingly) found IE 5.0 to be more reliable than any current 
Mac browser.

It would be my browser of choice except NN has better JavaScript debugging...


this from one who is no fan of Microsoft and their products


HTH

Dick

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Which OS to use? Win98 or WinME?

[Benjamin S. Rogers]

We use all 2000/NT workstations for development and such, but one division
of our company sells PCs and they are strongly recommending ME over
98...unless you have a need to run older/non-ME compliant applications.

ME does not allow applications to touch (and screw up) many system files.
Consequently, these application do not run on ME. I don't know if there is
really a difference in stability between the two or if is just a result of
this behavior, but ME seems quite a bit more stable than 98.

We've seen several ME machines lose the sound card drivers and there was a
bug with the recovery mechanism, but for the most part, it is fairly clean.
It has certainly resolved a lot of 98's outstanding issues (such as hung
shutdowns and uncommitted network changes).

Benjamin S. Rogers
http://www.c4.net/
v.508.240.0051
f.508.240.0057

-Original Message-
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 4:27 PM
To: CF-Talk
Subject: OT: Which OS to use? Win98 or WinME?


hey guys, i have a friend who is doing small development stuff on his win 98
box.  He wants to upgrade to the latest consumer version of windows (WinME),
but wants to know if WinMe was more buggy than win98!  thanx!
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Dead ?

[Russel Madere]

Or a bunch of ghosts ;)

Sorry, I couldn't resist.

> -Original Message-
> From: Michael Dinowitz [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 4:44 PM
> To: CF-Talk
> Subject: Re: Dead ?
> 
> 
> If it is then we've got a lot of mediums here. :)
> 
> 
> > Is the list dead again ?
> >
> > Uwe
> >
> >
> > SD Solutions
> > Fon: +49 8122 903791
> > Fax: +49 8122 903792
> > Mail: [EMAIL PROTECTED]
> > Web: www.sdsolutions.de
> >
> >
> >
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Dead ?

[ccook22]

No but I'm getting 3-5 copies of each e-mail.

CC




<[EMAIL PROTECTED]> on 07/12/2001 04:40:00 PM

Please respond to [EMAIL PROTECTED]

To:   CF-Talk <[EMAIL PROTECTED]>
cc:
Subject:  Dead ?


Is the list dead again ?

Uwe


SD Solutions
Fon: +49 8122 903791
Fax: +49 8122 903792
Mail: [EMAIL PROTECTED]
Web: www.sdsolutions.de
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Dead ?

[Jochem van Dieten]

[EMAIL PROTECTED] wrote:

> Is the list dead again ?


Probably you patched your CF Server to late ;)

Anyhow, can we please stop these "it doesn't work" meaasges. If it 
doesn't work on the list side nobody gets your message anyway, and if 
the problem is on the client side you don't get the answers anyway. It 
doesn't serve much purpose that way.

Why am I even posting this?

Jochem



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: view source tag

[Russel Madere]

Be real careful with this.  The source viewer provided as a sample
application on the Cold Fusion install is a HUGE security hole.

I would suggest that you put any code you want to view like that in a
database and not use CFFILE to read the code from a disk.  A bad guy could
pretty easily pull your registry from your windows server (if that is your
OS).

Russel

> -Original Message-
> From: stas [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 4:42 PM
> To: CF-Talk
> Subject: view source tag
>
>
> Hello all,
>
> I would like to make an on-demand view-source tag... basically
> something to
> include in a footer for debugging - a link that will reprocess
> the page with
> all the parameters that were passed to it and output HTML (not
> interpreted)
> to the window. The reason I want it is that a regular view-source
> returns a
> lot of garbage and doesn't have any color-coding in it. Does something
> similar exist already so that I can add features to it?
>
> Thanks
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: view source tag

[Hinojosa, Robert A]

You can take a look at the source browser tag, it does a whole lot more than
what you are wanting.  It was written primarily for fusebox apps but will
work with any.

info:
http://www.bjork.net/taggallery/index.htm

demo:
http://www.bjork.net/sourcebrowser/index.cfm

Robert Hinojosa
[EMAIL PROTECTED]
972.243.4343 x7446


-Original Message-
From: stas [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 4:42 PM
To: CF-Talk
Subject: view source tag


Hello all,

I would like to make an on-demand view-source tag... basically something to
include in a footer for debugging - a link that will reprocess the page with
all the parameters that were passed to it and output HTML (not interpreted)
to the window. The reason I want it is that a regular view-source returns a
lot of garbage and doesn't have any color-coding in it. Does something
similar exist already so that I can add features to it?

Thanks
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Dead ?

[Michael Dinowitz]

If it is then we've got a lot of mediums here. :)


> Is the list dead again ?
>
> Uwe
>
>
> SD Solutions
> Fon: +49 8122 903791
> Fax: +49 8122 903792
> Mail: [EMAIL PROTECTED]
> Web: www.sdsolutions.de
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Forms+SQL+Params

[Russel Madere]

Craig, You're welcome.

If you want, get the book _Code Complete_ by Steve McConnell.  It isn't a
Cold Fusion book, but I finished reading it about a month ago and it help my
coding style immensely.  One tip I found extremely useful is to layout the
structure of you code before you begin writing any code.  I'm going to do a
presentation on that for the New Orleans Cold Fusion User's Group in the not
too distant future.

Russel

> -Original Message-
> From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 3:49 PM
> To: CF-Talk
> Subject: RE: Forms+SQL+Params
>
>
> Russel-
>
> Thanks a bunch!
> This is the type of email I will save, because it is a bit
> general, so that
> I can use it again, and in different apps.
> I guess you could call it the steps or logic to go through.
> Once again, thanks! :)
>
> Sincerely,
>
> Craig S. Kiessling
> http://www.angelfire.com/ga2/stepstoinsanity/index.html
>
>
> >From: "Russel Madere" <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: CF-Talk <[EMAIL PROTECTED]>
> >Subject: RE: Forms+SQL+Params
> >Date: Thu, 12 Jul 2001 15:38:21 -0500
> >
> >Craig,
> >
> >Here is a quick tip, try to use some more white space (both in your code
> >and
> >in your email).  Both your code and the email were tough for me to read.
> >Since I'm on the clock when I check this mailing list, I usually skip
> >messages that I find hard to read.
> >
> >That said, let me see if I can help you out some.
> >
> >What it looks like you want to do is have a form at the top of the page
> >that
> >submits to itself and below the form display the resulting guest book
> >entries below it.  If I'm wrong, tell me.  The key to making this work,
> >especially if you are new to Cold Fusion, is to liberally use comments to
> >describe what the intent of the code is, not what the code is
> doing.  Then
> >you can look at the comments and the code and see if they don't match.
> >
> >Try using this structure:
> >
> >Set defaults for form variables
> >
> >Was this a form submission? (Use a hidden field that has a
> CFPARAM to FALSE
> >but a submitted value of TRUE)
> > Yes - Insert data into database
> >
> >Display for header
> >Display form hidden fields
> >Display guestbook fields
> >Display form footer and buttons
> >
> >Get the Guest book entries
> >
> >Display the guestbook entries
> >
> >
> >
> >Let me know if you have some questions.
> >
> >
> > > -Original Message-
> > > From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, July 12, 2001 10:39 AM
> > > To: CF-Talk
> > > Subject: Forms+SQL+Params
> > >
> > >
> > > Hello folks,
> > >
> > > I am fairly new in the CF arena, and am in need of some simple help
> >here.
> > > I have an Access database (pretty small), and a form on a
> > > template, to add
> > > an entry into a "Guestbook."
> > > I would like for the database to updated with the new
> > > information, then the
> > > form is submitted and takes them to the "View the Guestbook"
> page, which
> > > should now show their new entry.
> > > Any help would be surely appreciated!
> > > Sincerely,
> > > Craig S. Kiessling --->Code Below
> > > I am doing something wrong, but can not figure out what. Here
> is what I
> > > have:
> > > [snip]
> >
> >
> >
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Dead ?

[cf-talk]

Is the list dead again ?

Uwe


SD Solutions
Fon: +49 8122 903791
Fax: +49 8122 903792
Mail: [EMAIL PROTECTED]
Web: www.sdsolutions.de


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

view source tag

[stas]

Hello all,

I would like to make an on-demand view-source tag... basically something to
include in a footer for debugging - a link that will reprocess the page with
all the parameters that were passed to it and output HTML (not interpreted)
to the window. The reason I want it is that a regular view-source returns a
lot of garbage and doesn't have any color-coding in it. Does something
similar exist already so that I can add features to it?

Thanks


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Jann VanOver]

Well, you should wait at least a day or two before you whine.  Your question
just showed up this morning.

-Original Message-
From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:45 PM
To: CF-Talk
Subject: RE:


Dylan-
1) Probably so - I posted it previously though, and was trying to see if 
people just perhaps missed the message.
2) I understand that completely - I too work - or rather have been thrown 
into a contract position where it's all ASP, which I know nothing about and 
am having a lovely time with that.
3) So I should instead just be quiet and be satisfied that the question was 
not?
+ The Bonus #4) Whine

>From: "Dylan Bromby" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE:
>Date: Thu, 12 Jul 2001 13:26:08 -0700
>
>1) posting the code in this e-mail would have made sense.
>2) a lot of people here work in addition to helping people out so respect
>that we can't drop everything for you.
>3) don't whine.
>
>-Original Message-
>From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 1:20 PM
>To: CF-Talk
>Subject: RE:
>
>
>Why is it that no one will even attempt to answer my question? It is way
>lower level than that of the other questions being posted - c'mon folks.
>some help me out.
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

CFCONTENT

[Alex Nguyen]

I just read a post on the alt.comp.lang.coldfusion that suggests that use of CFCONTENT 
is disastrous in a shared environment.

Is this because of load on server or what?  Also, anyone know where a list of these 
gotcha's are published?  I'm refreshing my CF knowledge, and something like that would 
be quite handy.

Thanks.


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Craig Kiessling]

Dylan-
1) Probably so - I posted it previously though, and was trying to see if 
people just perhaps missed the message.
2) I understand that completely - I too work - or rather have been thrown 
into a contract position where it's all ASP, which I know nothing about and 
am having a lovely time with that.
3) So I should instead just be quiet and be satisfied that the question was 
not?
+ The Bonus #4) Whine

>From: "Dylan Bromby" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE:
>Date: Thu, 12 Jul 2001 13:26:08 -0700
>
>1) posting the code in this e-mail would have made sense.
>2) a lot of people here work in addition to helping people out so respect
>that we can't drop everything for you.
>3) don't whine.
>
>-Original Message-
>From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 1:20 PM
>To: CF-Talk
>Subject: RE:
>
>
>Why is it that no one will even attempt to answer my question? It is way
>lower level than that of the other questions being posted - c'mon folks.
>some help me out.
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Forms+SQL+Params

[Craig Kiessling]

Russel-

Thanks a bunch!
This is the type of email I will save, because it is a bit general, so that 
I can use it again, and in different apps.
I guess you could call it the steps or logic to go through.
Once again, thanks! :)

Sincerely,

Craig S. Kiessling
http://www.angelfire.com/ga2/stepstoinsanity/index.html


>From: "Russel Madere" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE: Forms+SQL+Params
>Date: Thu, 12 Jul 2001 15:38:21 -0500
>
>Craig,
>
>Here is a quick tip, try to use some more white space (both in your code 
>and
>in your email).  Both your code and the email were tough for me to read.
>Since I'm on the clock when I check this mailing list, I usually skip
>messages that I find hard to read.
>
>That said, let me see if I can help you out some.
>
>What it looks like you want to do is have a form at the top of the page 
>that
>submits to itself and below the form display the resulting guest book
>entries below it.  If I'm wrong, tell me.  The key to making this work,
>especially if you are new to Cold Fusion, is to liberally use comments to
>describe what the intent of the code is, not what the code is doing.  Then
>you can look at the comments and the code and see if they don't match.
>
>Try using this structure:
>
>Set defaults for form variables
>
>Was this a form submission? (Use a hidden field that has a CFPARAM to FALSE
>but a submitted value of TRUE)
>   Yes - Insert data into database
>
>Display for header
>Display form hidden fields
>Display guestbook fields
>Display form footer and buttons
>
>Get the Guest book entries
>
>Display the guestbook entries
>
>
>
>Let me know if you have some questions.
>
>
> > -Original Message-
> > From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 12, 2001 10:39 AM
> > To: CF-Talk
> > Subject: Forms+SQL+Params
> >
> >
> > Hello folks,
> >
> > I am fairly new in the CF arena, and am in need of some simple help 
>here.
> > I have an Access database (pretty small), and a form on a
> > template, to add
> > an entry into a "Guestbook."
> > I would like for the database to updated with the new
> > information, then the
> > form is submitted and takes them to the "View the Guestbook" page, which
> > should now show their new entry.
> > Any help would be surely appreciated!
> > Sincerely,
> > Craig S. Kiessling --->Code Below
> > I am doing something wrong, but can not figure out what. Here is what I
> > have:
> > [snip]
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Forms+SQL+Params

[chaack]

Craig,

>> I am doing something wrong, but can not figure out what.

Any specifics? Error message? Or what? Normally error message from
the CF server give you a hint where to search for the "something
wrong"

Birgit



Thursday, July 12, 2001, 11:39:10 AM, you wrote:

> Hello folks,

> I am fairly new in the CF arena, and am in need of some simple help here.
> I have an Access database (pretty small), and a form on a template, to add 
> an entry into a "Guestbook."
> I would like for the database to updated with the new information, then the 
> form is submitted and takes them to the "View the Guestbook" page, which 
> should now show their new entry.
> Any help would be surely appreciated!
> Sincerely,
> Craig S. Kiessling --->Code Below
> I am doing something wrong, but can not figure out what. Here is what I
> have:


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Russel Madere]

Craig did post his code under a different subject.  So give him a break on
that.  He probably is agrivated because one question got answered and his
simple one didn't.

Craig, please do understand that most of us are at work when we read this
list.  If there is a delay in answering your question it means either it
will take more work than we can give it to answer immediately, but we plan
on answering it, OR we are as lost as you OR we really don't understand the
question.  Please don't give up on us, we are usually pretty busy.  But we
do try to answer most newbie questions.

Russel

> -Original Message-
> From: Dylan Bromby [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 3:26 PM
> To: CF-Talk
> Subject: RE:
>
>
> 1) posting the code in this e-mail would have made sense.
> 2) a lot of people here work in addition to helping people out so respect
> that we can't drop everything for you.
> 3) don't whine.
>
> -Original Message-
> From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 1:20 PM
> To: CF-Talk
> Subject: RE:
>
>
> Why is it that no one will even attempt to answer my question? It is way
> lower level than that of the other questions being posted - c'mon folks.
> some help me out.
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Robert Long]

and, if it doesn't have a subject title, I normally don't even open it.
Try putting a subject next time.

Good luck

-Original Message-
From: Dylan Bromby [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 3:26 PM
To: CF-Talk
Subject: RE:


1) posting the code in this e-mail would have made sense.
2) a lot of people here work in addition to helping people out so respect
that we can't drop everything for you.
3) don't whine.

-Original Message-
From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:20 PM
To: CF-Talk
Subject: RE:


Why is it that no one will even attempt to answer my question? It is way
lower level than that of the other questions being posted - c'mon folks.
some help me out.
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Chris Stoner]

Craig,

You are setting defaults values for email, location, url etc. Vars to a
value of nothing







And then setting the names of your fields to those values I (or so it seems
you are trying to but even there you seem to have forgotten the cfoutputs).









So what's happening is when you submit, your field names are being passed as
#Name# (because of the lack of cfoutput, if they were in cfouputs your field
names would all be empty). I'm sure you can imagine why you wouldn't want a
var with the name #Name# passed to cold fusion.


What you need to do is set the names of your fields to the actual variable
you want passed. And if you want to pre-populate the value of the fields,
use the value attribute.













That should just about do it for you.

-- Chris Stoner




-Original Message-
From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 4:40 PM
To: CF-Talk
Subject: RE:


Hi Kevin,

Thanks for responding. Here is the original question:
Hello folks,
I am fairly new in the CF arena, and am in need of some simple help here.
I have an Access database (pretty small), and a form on a template, to add
an entry into a "Guestbook."
I would like for the database to updated with the new information, then the
form is submitted and takes them to the "View the Guestbook" page, which
should now show their new entry.Any help would be surely appreciated!
Sincerely,
Craig S. Kiessling --->Code Below
I am doing something wrong, but can not figure out what. Here is what Ihave:
(First on template)




-html code-












INSERT into Guestbook(Name,Email,Location,URL,Section,Contribute,Comments)
Values('#Name#','#Email#','#Location#','#URL#','#Section#','#Contribute#','#
Comments#')


--more html code
>From: Kevin Mansel <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE:
>Date: Thu, 12 Jul 2001 13:20:43 -0700
>
>what is your question Craig?
>
>~
>Kevin Mansel
>Senior Web Developer
>Fox Communications
>[EMAIL PROTECTED]
>DL : 425-649-1321
>C : 425-346-7221
>
>
>
>-Original Message-
>From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 1:20 PM
>To: CF-Talk
>Subject: RE:
>
>
>Why is it that no one will even attempt to answer my question? It is way
>lower level than that of the other questions being posted - c'mon folks.
>some help me out.
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Robert Long]

Try this...












-Original Message-
From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 3:40 PM
To: CF-Talk
Subject: RE:


Hi Kevin,

Thanks for responding. Here is the original question:
Hello folks,
I am fairly new in the CF arena, and am in need of some simple help here.
I have an Access database (pretty small), and a form on a template, to add
an entry into a "Guestbook."
I would like for the database to updated with the new information, then the
form is submitted and takes them to the "View the Guestbook" page, which
should now show their new entry.Any help would be surely appreciated!
Sincerely,
Craig S. Kiessling --->Code Below
I am doing something wrong, but can not figure out what. Here is what Ihave:
(First on template)




-html code-












INSERT into Guestbook(Name,Email,Location,URL,Section,Contribute,Comments) 
Values('#Name#','#Email#','#Location#','#URL#','#Section#','#Contribute#','#
Comments#')


--more html code
>From: Kevin Mansel <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE:
>Date: Thu, 12 Jul 2001 13:20:43 -0700
>
>what is your question Craig?
>
>~
>Kevin Mansel
>Senior Web Developer
>Fox Communications
>[EMAIL PROTECTED]
>DL : 425-649-1321
>C : 425-346-7221
>
>
>
>-Original Message-
>From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 1:20 PM
>To: CF-Talk
>Subject: RE:
>
>
>Why is it that no one will even attempt to answer my question? It is way
>lower level than that of the other questions being posted - c'mon folks.
>some help me out.
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: select box on mac

[Janine Jakim]

I added the tabindex to my form field but that didn't make a difference for
the mac IE 4.5  Any other ideas?  Do you think the problem is the fact
that it's on a drop down box? (tab worked fine when it was just a plain text
field...)

-Original Message-
From: Jann VanOver [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 4:18 PM
To: CF-Talk
Subject: RE: select box on mac


I sincerely disagree.  I'm just a home user of Mac (my work is all Windoze)
and I keep TRYING to like IE 5 for the mac, but it bombs out, locks up, and
is a whole lot slower than 4.5.  Each time they come out with a new 5.0
version I try it out, and each time I've ended up going back to 4.5.

As to your problems, for #1, have you added a "tabindex" property to your
form fields?  I thought that IE respected those.  
For problem #2, I think the answer is much more complex.  To "force" a
browser to have this kind of behavior, you may need to use Javascript Events
to watch their keystrokes and select the item from the menu.

-Original Message-
From: Dick Applebaum [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:08 PM
To: CF-Talk
Subject: Re: select box on mac


IE 4.5 Mac has so many problems, that I just ignore it... I don't 
consider it a viable browser.

IE 5.0 Mac has much fewer problems... there is no reason to stay with 4.5

HTH

Dick

At 2:29 PM -0400 7/12/01, Janine Jakim wrote:
>I have made select boxes for data entry.  On the pc/netscape on mac it is
>fine and you can tab from box to box and begin typing your entry.
>Unfortunately, with IE (4.5) on Mac this doesn't work the same way.
Instead
>it forces the user to choose  the box and pick from the drop down menu. And
>it doesn't tab to the next field.  This wastes alot of time for the user.
>(Most of the users will be on macs...)
>Is there a way I can make it so that
>1. a user can tab from select box to select box.
>2.  a user can start to type in their response, vs. having to scroll the
>options each time.
>Thanks!
>j
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Which OS to use? Win98 or WinME?

[tom muck]

ME is a downgrade to 98.   Don't do it if you're doing any type of Web
development.  Upgrade to 2000 or don't upgrade.

tom

"Pooh Bear" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> hey guys, i have a friend who is doing small development stuff on his win
98
> box.  He wants to upgrade to the latest consumer version of windows
(WinME),
> but wants to know if WinMe was more buggy than win98!  thanx!
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Craig Kiessling]

Hi Kevin,

Thanks for responding. Here is the original question:
Hello folks,
I am fairly new in the CF arena, and am in need of some simple help here.
I have an Access database (pretty small), and a form on a template, to add
an entry into a "Guestbook."
I would like for the database to updated with the new information, then the
form is submitted and takes them to the "View the Guestbook" page, which
should now show their new entry.Any help would be surely appreciated!
Sincerely,
Craig S. Kiessling --->Code Below
I am doing something wrong, but can not figure out what. Here is what Ihave:
(First on template)




-html code-












INSERT into Guestbook(Name,Email,Location,URL,Section,Contribute,Comments) 
Values('#Name#','#Email#','#Location#','#URL#','#Section#','#Contribute#','#Comments#')


--more html code
>From: Kevin Mansel <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: CF-Talk <[EMAIL PROTECTED]>
>Subject: RE:
>Date: Thu, 12 Jul 2001 13:20:43 -0700
>
>what is your question Craig?
>
>~
>Kevin Mansel
>Senior Web Developer
>Fox Communications
>[EMAIL PROTECTED]
>DL : 425-649-1321
>C : 425-346-7221
>
>
>
>-Original Message-
>From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 1:20 PM
>To: CF-Talk
>Subject: RE:
>
>
>Why is it that no one will even attempt to answer my question? It is way
>lower level than that of the other questions being posted - c'mon folks.
>some help me out.
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Which OS to use? Win98 or WinME?

[Russel Madere]

DON'T INSTALL Windows ME!!

Sorry to scream, but we have it on a test box here and it is really buggy.
Tell your friend to stick with Windows 98, especially if he wants to keep
his techie friends.  I have almost lost my religion troubleshooting Windows
ME.

Russel

> -Original Message-
> From: Pooh Bear [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 3:27 PM
> To: CF-Talk
> Subject: OT: Which OS to use? Win98 or WinME?
>
>
> hey guys, i have a friend who is doing small development stuff on
> his win 98
> box.  He wants to upgrade to the latest consumer version of
> windows (WinME),
> but wants to know if WinMe was more buggy than win98!  thanx!
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Forms+SQL+Params

[Russel Madere]

Craig,

Here is a quick tip, try to use some more white space (both in your code and
in your email).  Both your code and the email were tough for me to read.
Since I'm on the clock when I check this mailing list, I usually skip
messages that I find hard to read.

That said, let me see if I can help you out some.

What it looks like you want to do is have a form at the top of the page that
submits to itself and below the form display the resulting guest book
entries below it.  If I'm wrong, tell me.  The key to making this work,
especially if you are new to Cold Fusion, is to liberally use comments to
describe what the intent of the code is, not what the code is doing.  Then
you can look at the comments and the code and see if they don't match.

Try using this structure:

Set defaults for form variables

Was this a form submission? (Use a hidden field that has a CFPARAM to FALSE
but a submitted value of TRUE)
Yes - Insert data into database

Display for header
Display form hidden fields
Display guestbook fields
Display form footer and buttons

Get the Guest book entries

Display the guestbook entries



Let me know if you have some questions.


> -Original Message-
> From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 10:39 AM
> To: CF-Talk
> Subject: Forms+SQL+Params
>
>
> Hello folks,
>
> I am fairly new in the CF arena, and am in need of some simple help here.
> I have an Access database (pretty small), and a form on a
> template, to add
> an entry into a "Guestbook."
> I would like for the database to updated with the new
> information, then the
> form is submitted and takes them to the "View the Guestbook" page, which
> should now show their new entry.
> Any help would be surely appreciated!
> Sincerely,
> Craig S. Kiessling --->Code Below
> I am doing something wrong, but can not figure out what. Here is what I
> have:
> [snip]


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Which OS to use? Win98 or WinME?

[Howie Hamlin]

I've heard that WinME is to be avoided.  We have one machine in our office (secretary) 
with WinME on it but I think that (believe it
or not) Win98 is more stable.  I personally use Win2K/Pro which is very good...

HTH,

Howie

- Original Message -
From: "Pooh Bear" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 4:26 PM
Subject: OT: Which OS to use? Win98 or WinME?


> hey guys, i have a friend who is doing small development stuff on his win 98
> box.  He wants to upgrade to the latest consumer version of windows (WinME),
> but wants to know if WinMe was more buggy than win98!  thanx!
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Which OS to use? Win98 or WinME?

[Dylan Bromby]

it's a case of the best of the worst in my opinion.

i would stick with 98.

-Original Message-
From: Pooh Bear [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:27 PM
To: CF-Talk
Subject: OT: Which OS to use? Win98 or WinME?


hey guys, i have a friend who is doing small development stuff on his win 98
box.  He wants to upgrade to the latest consumer version of windows (WinME),
but wants to know if WinMe was more buggy than win98!  thanx!
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Dylan Bromby]

1) posting the code in this e-mail would have made sense.
2) a lot of people here work in addition to helping people out so respect
that we can't drop everything for you.
3) don't whine.

-Original Message-
From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:20 PM
To: CF-Talk
Subject: RE:


Why is it that no one will even attempt to answer my question? It is way
lower level than that of the other questions being posted - c'mon folks.
some help me out.
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

OT: Which OS to use? Win98 or WinME?

[Pooh Bear]

hey guys, i have a friend who is doing small development stuff on his win 98 
box.  He wants to upgrade to the latest consumer version of windows (WinME), 
but wants to know if WinMe was more buggy than win98!  thanx!
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Kevin Mansel]

what is your question Craig?

~
Kevin Mansel
Senior Web Developer
Fox Communications
[EMAIL PROTECTED]
DL : 425-649-1321
C : 425-346-7221



-Original Message-
From: Craig Kiessling [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:20 PM
To: CF-Talk
Subject: RE:


Why is it that no one will even attempt to answer my question? It is way 
lower level than that of the other questions being posted - c'mon folks. 
some help me out.
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE:

[Craig Kiessling]

Why is it that no one will even attempt to answer my question? It is way 
lower level than that of the other questions being posted - c'mon folks. 
some help me out.
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: select box on mac

[Jann VanOver]

I sincerely disagree.  I'm just a home user of Mac (my work is all Windoze)
and I keep TRYING to like IE 5 for the mac, but it bombs out, locks up, and
is a whole lot slower than 4.5.  Each time they come out with a new 5.0
version I try it out, and each time I've ended up going back to 4.5.

As to your problems, for #1, have you added a "tabindex" property to your
form fields?  I thought that IE respected those.  
For problem #2, I think the answer is much more complex.  To "force" a
browser to have this kind of behavior, you may need to use Javascript Events
to watch their keystrokes and select the item from the menu.

-Original Message-
From: Dick Applebaum [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 1:08 PM
To: CF-Talk
Subject: Re: select box on mac


IE 4.5 Mac has so many problems, that I just ignore it... I don't 
consider it a viable browser.

IE 5.0 Mac has much fewer problems... there is no reason to stay with 4.5

HTH

Dick

At 2:29 PM -0400 7/12/01, Janine Jakim wrote:
>I have made select boxes for data entry.  On the pc/netscape on mac it is
>fine and you can tab from box to box and begin typing your entry.
>Unfortunately, with IE (4.5) on Mac this doesn't work the same way.
Instead
>it forces the user to choose  the box and pick from the drop down menu. And
>it doesn't tab to the next field.  This wastes alot of time for the user.
>(Most of the users will be on macs...)
>Is there a way I can make it so that
>1. a user can tab from select box to select box.
>2.  a user can start to type in their response, vs. having to scroll the
>options each time.
>Thanks!
>j
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: select box on mac

[Janine Jakim]

Now to get the tech support to buy into that!!!

-Original Message-
From: Dick Applebaum [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 4:08 PM
To: CF-Talk
Subject: Re: select box on mac


IE 4.5 Mac has so many problems, that I just ignore it... I don't 
consider it a viable browser.

IE 5.0 Mac has much fewer problems... there is no reason to stay with 4.5

HTH

Dick

At 2:29 PM -0400 7/12/01, Janine Jakim wrote:
>I have made select boxes for data entry.  On the pc/netscape on mac it is
>fine and you can tab from box to box and begin typing your entry.
>Unfortunately, with IE (4.5) on Mac this doesn't work the same way.
Instead
>it forces the user to choose  the box and pick from the drop down menu. And
>it doesn't tab to the next field.  This wastes alot of time for the user.
>(Most of the users will be on macs...)
>Is there a way I can make it so that
>1. a user can tab from select box to select box.
>2.  a user can start to type in their response, vs. having to scroll the
>options each time.
>Thanks!
>j
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: select box on mac

[Dick Applebaum]

IE 4.5 Mac has so many problems, that I just ignore it... I don't 
consider it a viable browser.

IE 5.0 Mac has much fewer problems... there is no reason to stay with 4.5

HTH

Dick

At 2:29 PM -0400 7/12/01, Janine Jakim wrote:
>I have made select boxes for data entry.  On the pc/netscape on mac it is
>fine and you can tab from box to box and begin typing your entry.
>Unfortunately, with IE (4.5) on Mac this doesn't work the same way.  Instead
>it forces the user to choose  the box and pick from the drop down menu. And
>it doesn't tab to the next field.  This wastes alot of time for the user.
>(Most of the users will be on macs...)
>Is there a way I can make it so that
>1. a user can tab from select box to select box.
>2.  a user can start to type in their response, vs. having to scroll the
>options each time.
>Thanks!
>j

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Meta Tags for search engines and verity

[Steve Reich]

I have found that meta tags vary in importance on the various search
engines. What I typically do is a search using the keywords I would expect
users to use. Then I take a look at the sites that come up first and try to
determine why. Sometimes it's obvious, other times it's oblivious.

This has been very successful for us. In fact, if you search for "cold
fusion ecommerce" on google.com, our site proudly comes up first. I have
never had the luxury of such a great ranking. However, the same search on
other search engines does not yield the same results. Perhaps the whole
search engine thing is a government conspiracy ...??

HTH,
Steve


"Robert Everland" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am developing a pretty important site from scratch and was curious
> to see what everyone out there recommends me with regards to meta tags so
> that the search engines love them and verity doesn't choke on JavaScript
> code.
>
> Robert Everland III
> Dixon Ticonderoga
> Web Developer Extraordinaire
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: need to find host that supports cfx_pgp

[Lee Fuller]

We support it..

www.aaawebhosting.com

Lee


> -Original Message-
> From: Megan Cytron [mailto:[EMAIL PROTECTED]] 
> Sent: Sunday, July 08, 2001 12:03 PM
> To: CF-Talk
> Subject: need to find host that supports cfx_pgp
> 
> 
> Does anyone have any leads on a host that supports the CFX_PGP tag?
> 
> If not, does anyone have any experience implementing PGP 
> encryption on an email that is sent via CFMAIL, while using a 
> shared hosting scenario?
> 
> Our quandary is that we need to encrypt credit card data and 
> send it via email to a client that does not have a Cold 
> Fusion server. We do not need to authenticate or authorize 
> the CC info, it's just a matter or passing it on to our 
> client for future billing.
> 
> Any insight or wisdom would be greatly appreciated!
> 
> Megan
> [EMAIL PROTECTED]
> 
> Alpha 60 Design Shop
> http://www.alpha60.com
> phone: 202-745-6393
> fax:   202-745-6394
> 
> 
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Unable to Access Administrator/Localhost

[Lee Fuller]

Good deal!  ;)

Lee


> -Original Message-
> From: Yvette Ingram [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, July 12, 2001 12:03 PM
> To: CF-Talk
> Subject: Re: Unable to Access Administrator/Localhost
> 
> 
> Hi Lee:
> 
> Yeah I started and stopped it just to make sure.  I ended up 
> reinstalling CF.  Live is good again  ;-))
> 
> Thanks for responding.
> 
> Yvette Ingram
> Brainbench Certified ColdFusion 4.5 Programmer
> Email: [EMAIL PROTECTED] or
> [EMAIL PROTECTED]
> ICQ:  21200397
> Website:  http://www.tkisolutions.com
> 
> 
> - Original Message -
> From: "Lee Fuller" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, July 12, 2001 2:00 PM
> Subject: RE: Unable to Access Administrator/Localhost
> 
> 
> > An NT #2 error means that the engine saw the request, but couldn't 
> > pass it on to CF, most likely because CF wasn't running, or died, 
> > while the request was being made.
> >
> > Hate to make it sound so "simplistic".. But you're sure that CF is 
> > running.. Yes? 
> >
> >
> >
> > > -Original Message-
> > > From: Yvette Ingram [mailto:[EMAIL PROTECTED]]
> > > Sent: Thursday, July 12, 2001 9:18 AM
> > > To: CF-Talk
> > > Subject: Unable to Access Administrator/Localhost
> > >
> > >
> > > Error Occurred While Processing Request
> > > Error Diagnostic Information
> > > An error occurred while attempting to establish a 
> connection to the 
> > > service. I'm getting the following error message.  I tried going 
> > > through the Services Control Panel to fix it but it's still not 
> > > working.  Any advise on how to resolve this problem is 
> appreciated.  
> > > I think I fixed this before, but I can't remember what or 
> how I did 
> > > it.
> > >
> > > **
> > > The most likely cause of this problem is that the service is not 
> > > currently running. You can use the 'Services' Control Panel to 
> > > verify that the service is running and to restart it if necessary.
> > >
> > > Windows NT error number 2 occurred.
> > >  ***
> > >
> > > Thanks in advance.
> > >
> > >
> > > Yvette Ingram
> > > Brainbench Certified ColdFusion 4.5 Programmer
> > > Email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
> > > ICQ:  21200397
> > > Website:  http://www.tkisolutions.com
> > >
> > >
> > >
> > >
> > >
> >
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Printing & CFEXECUTE

[Steve Reich]

> On Windows2000, I have successfully used:
> print /d:\\server\printer x:\path\filename


I'll give that a try. Thanks, Tony!

Steve



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: currentrow with join query

[Diana Nichols]

That's one of the things I was consideringbut I was hoping for a
"shortcut" to counting the "groups"because I'm also using a "previous 1
2 3 4 5 ... next" routine to allow for navigation through the recordset, and
can't figure out any way to calculate page startrows  except for rowcount...

Thanks anyway!
D

-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 2:17 PM
To: '[EMAIL PROTECTED]'
Cc: '[EMAIL PROTECTED]'
Subject: RE: currentrow with join query


> There must be a way to do this...but it escapes me:
>
> I have this query:
> 
> SELECT p.projectID, p.projectname, p.userID, p.startdate,
> p.totalrevenue, p.probability, co.contactID, co.fname, co.lname,
> co.email, co.businessphone, cl.company, cl.clientID
> FROM projects p RIGHT JOIN (contacts co INNER JOIN clients cl
> ON cl.clientID = co.clientID) ON p.clientID = co.clientID
> WHERE cast(p.userID as varchar) in
> (#rep#)#preservesinglequotes(string1)#
> GROUP BY p.projectID, p.projectname, p.userID, p.startdate,
> p.totalrevenue, p.probability, co.contactID, cl.clientID,
> co.fname, co.lname, co.email, co.businessphone, cl.company
> ORDER BY p.userID
> 
>
> I'm using maxrows/startrow to paginate the results
>
> The problem is: I'm sorting on projectID...but there can be
> multiple contact records for each project one
>
> SO,  startrow=#thisstartrow# maxrows=25>
> will give me 25 rows, but that may only be 18 projectsand
> the numbering scheme is thrown off all down the line
>
> currentrow counts ALL the returned rowsis there a
> reasonably easy way to tell how many of the *group* records there
> areand figure maxrows and startrows from that?

First of all, you don't appear to need the GROUP BY clause in your query,
since you're not using any aggregate functions. GROUP BY isn't required for
using the GROUP attribute of CFOUTPUT.

Second, you're right about how MAXROWS and the CurrentRow values - they're
not going to show you how many "group header" records you have. There are
several approaches you might follow to fix your problem. You might try using
a counter within your output block to track each "group header" record, then
stop outputting records after a set number.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Unable to Access Administrator/Localhost

[Yvette Ingram]

Hi Lee:

Yeah I started and stopped it just to make sure.  I ended up reinstalling
CF.  Live is good again  ;-))

Thanks for responding.

Yvette Ingram
Brainbench Certified ColdFusion 4.5 Programmer
Email: [EMAIL PROTECTED] or
[EMAIL PROTECTED]
ICQ:  21200397
Website:  http://www.tkisolutions.com


- Original Message -
From: "Lee Fuller" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 2:00 PM
Subject: RE: Unable to Access Administrator/Localhost


> An NT #2 error means that the engine saw the request, but couldn't pass
> it on to CF, most likely because CF wasn't running, or died, while the
> request was being made.
>
> Hate to make it sound so "simplistic".. But you're sure that CF is
> running.. Yes? 
>
>
>
> > -Original Message-
> > From: Yvette Ingram [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 12, 2001 9:18 AM
> > To: CF-Talk
> > Subject: Unable to Access Administrator/Localhost
> >
> >
> > Error Occurred While Processing Request
> > Error Diagnostic Information
> > An error occurred while attempting to establish a connection
> > to the service. I'm getting the following error message.  I
> > tried going through the Services Control Panel to fix it but
> > it's still not working.  Any advise on how to resolve this
> > problem is appreciated.  I think I fixed this before, but I
> > can't remember what or how I did it.
> >
> > **
> > The most likely cause of this problem is that the service is
> > not currently running. You can use the 'Services' Control
> > Panel to verify that the service is running and to restart it
> > if necessary.
> >
> > Windows NT error number 2 occurred.
> >  ***
> >
> > Thanks in advance.
> >
> >
> > Yvette Ingram
> > Brainbench Certified ColdFusion 4.5 Programmer
> > Email: [EMAIL PROTECTED] or
> > [EMAIL PROTECTED]
> > ICQ:  21200397
> > Website:  http://www.tkisolutions.com
> >
> >
> >
> >
> >
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

need to find host that supports cfx_pgp

[Megan Cytron]

Does anyone have any leads on a host that supports the CFX_PGP
tag?

If not, does anyone have any experience implementing PGP
encryption on an email that is sent via CFMAIL, while using a
shared hosting scenario?

Our quandary is that we need to encrypt credit card data and send
it via email to a client that does not have a Cold Fusion server.
We do not need to authenticate or authorize the CC info, it's
just a matter or passing it on to our client for future billing.

Any insight or wisdom would be greatly appreciated!

Megan
[EMAIL PROTECTED]

Alpha 60 Design Shop
http://www.alpha60.com
phone: 202-745-6393
fax:   202-745-6394


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

select box on mac

[Janine Jakim]

I have made select boxes for data entry.  On the pc/netscape on mac it is
fine and you can tab from box to box and begin typing your entry.
Unfortunately, with IE (4.5) on Mac this doesn't work the same way.  Instead
it forces the user to choose  the box and pick from the drop down menu. And
it doesn't tab to the next field.  This wastes alot of time for the user.
(Most of the users will be on macs...)
Is there a way I can make it so that
1. a user can tab from select box to select box.
2.  a user can start to type in their response, vs. having to scroll the
options each time.
Thanks!
j

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Client Variables NOT expiring

[Bruce Holm]

I think this technique assumes the entire site is protected and the user
must be logged in to see any of it.  What if part of the site is unprotected
and part is?  This is the situation I'm in.  How do you let the user log out
of the protected area and still browse the unprotected area as "anonymous"?

I can kill the session variables but the CFID/CFTOKEN session vars are
retained in memory and don't go away until the user has closed the
application.

Any suggestions how to log out in this situation?  Does setting these two
session vars to "" do it? Advisable?


- Original Message -
From: "Ledwith, Brian" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 11:35 AM
Subject: RE: Client Variables NOT expiring


> Stephen-
>
> To kill a users session, and clean everything up, I have a logout page
with
> the following:
>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>
> and then use Dan G. Switzers "cf_location" to kick the user to a "You
> have logged out".  I think I got it from the dev exchange...
>
> 
>
> The next user is then able to log into a completly fresh environment.  May
> seem excessive, but we have multiple unique users acessing the site from
the
> same computer (teachers and students in a school PC lab).
>
> HTH,
> ~bgl
>
>
>
>
> -Original Message-
> From: Stephen R. Cassady [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 12:03 PM
> To: CF-Talk
> Subject: RE: Client Variables NOT expiring
>
>
> Dylan Bromby
> [EMAIL PROTECTED]
>
>
> Dylan;
> Sorry - but for some strange reason I have not yet received your first
> reply! In any case - I will go play with DeleteClientVariable(), though
what
> I really need is for the CFID and CFTOKEN cookies to disappear form the
> client browser. They seem to "remain". So, I close my browser, but on
return
> to the site - the system still knows my CFID and CFTOKEN! As far as I can
> tell - this shouldn't be happening. It's a security issue that I need to
> overcome.
>
> Thank you for your time,
> Stephen R. Cassady
> [EMAIL PROTECTED]
>
>
> -Original Message-
> From: Dylan Bromby [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 9:40 AM
> To: [EMAIL PROTECTED]
> Cc: 'Stephen R. Cassady'
> Subject: RE: Client Variables NOT expiring
>
>
> i sent a reply to this yesterday. have you tried the
DeleteClientVariable()
> function?
>
> -Original Message-
> From: Stephen R. Cassady [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 11, 2001 8:18 AM
> To: CF-Talk
> Subject: Client Variables NOT expiring
>
>
>
> I'm having the darnedest time trying to delete client files on browser
close
> or after a period of time. I'm even trying to follow Hal Helms great
> "Tracking State Management with Cold Fusion" to run this correctly. Even
> running the code below - the CFID and CFTOKEN are exactly the same, and
are
> unforgotten. They are supposed to disappear, but they don't!
>
> Here's a chuck of my application file:
>
>
> 
>  sessionmanagement="Yes" setclientcookies="Yes"
> sessiontimeout="#CreateTimeSpan(0,0,20,0)#"
> clientstorage="thisapplication_Client">
>
>
> 
> 
> 
> 
> 
> 
> 
>
>
> 
> 
>  CLIENT.CheckLastVisit)>
> 
> StructClear(Session);
> 
> 
> 
> 
> 
>
>
> Help!
>
> Stephen R. Cassady
> [EMAIL PROTECTED]
> http://www.tallylist.com
>
>
>
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Client Variables NOT expiring

[Bruce Holm]

Dave,
Do you set this tag (cfapplication) on the fly in the middle of your code
somewhere or is this located in the Application.cfm file?
Is it safe to set the Session.CFID and Session.CFTOKEN to "" to knock them
out?  Do they get regenerated and set to a new value if you do?

In my situation, I want to let the user logout but still able to browse the
"unprotected" portions of the web site as "anonymous".  That way if they
leave and later come back or someone else comes and uses their computer and
try to enter the protected area, the login screen appears.  That later part
I have operational, it's the logout that doesn't work due to persistent
CFID/CFTOKEN.  I have setclientcookies="Yes" in my cfapplication tag in my
Application.cfm file.

Bruce

- Original Message -
From: "Dave Watts" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 8:32 AM
Subject: RE: Client Variables NOT expiring


> > Sorry - but for some strange reason I have not yet received your
> > first reply! In any case - I will go play with DeleteClientVariable(),
> > though what I really need is for the CFID and CFTOKEN cookies to
> > disappear from the client browser. They seem to "remain". So, I
> > close my browser, but on return to the site - the system still
> > knows my CFID and CFTOKEN! As far as I can tell - this shouldn't
> > be happening. It's a security issue that I need to overcome.
>
> That's the default behavior for the CFID and CFTOKEN cookies set by
> CFAPPLICATION - they're persistent. If you want non-persistent "session"
> cookies, you'll have to create or overwrite them yourself. Here's an
> example, which uses the SETCLIENTCOOKIES attribute of CFAPPLICATION to
> prevent the automatic creation of cookies, then manually creates
> non-persistent cookies with CFCOOKIE:
>
>  clientstorage="myclientdb" setclientcookies="no">
>
> 
> 
> 
> 
>
> Dave Watts, CTO, Fig Leaf Software
> http://www.figleaf.com/
> voice: (202) 797-5496
> fax: (202) 797-5444
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: currentrow with join query

[Dave Watts]

> There must be a way to do this...but it escapes me:
> 
> I have this query:
> 
> SELECT p.projectID, p.projectname, p.userID, p.startdate, 
> p.totalrevenue, p.probability, co.contactID, co.fname, co.lname, 
> co.email, co.businessphone, cl.company, cl.clientID
> FROM projects p RIGHT JOIN (contacts co INNER JOIN clients cl 
> ON cl.clientID = co.clientID) ON p.clientID = co.clientID
> WHERE cast(p.userID as varchar) in 
> (#rep#)#preservesinglequotes(string1)#
> GROUP BY p.projectID, p.projectname, p.userID, p.startdate, 
> p.totalrevenue, p.probability, co.contactID, cl.clientID,  
> co.fname, co.lname, co.email, co.businessphone, cl.company
> ORDER BY p.userID
> 
> 
> I'm using maxrows/startrow to paginate the results
> 
> The problem is: I'm sorting on projectID...but there can be 
> multiple contact records for each project one
> 
> SO,  startrow=#thisstartrow# maxrows=25>
> will give me 25 rows, but that may only be 18 projectsand 
> the numbering scheme is thrown off all down the line
> 
> currentrow counts ALL the returned rowsis there a 
> reasonably easy way to tell how many of the *group* records there 
> areand figure maxrows and startrows from that?

First of all, you don't appear to need the GROUP BY clause in your query,
since you're not using any aggregate functions. GROUP BY isn't required for
using the GROUP attribute of CFOUTPUT.

Second, you're right about how MAXROWS and the CurrentRow values - they're
not going to show you how many "group header" records you have. There are
several approaches you might follow to fix your problem. You might try using
a counter within your output block to track each "group header" record, then
stop outputting records after a set number.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Client Variables NOT expiring

[Dave Watts]

> > > Do you set this tag (cfapplication) on the fly in the middle
> > > of your code somewhere or is this located in the Application.cfm
> > > file?
> >
> > I'd only set it once, in Application.cfm.
> 
> But if you do it there, then how do you use session vars?

Just like anyone else uses them, I guess. There's nothing here that would
stop you from using Session or Client variables normally.

> How do you delete a user's cookie file on their machine 
> remotely? That isn't possible. Maybe I misunderstand.

You can delete a cookie by using the EXPIRES="NOW" attribute of CFCOOKIE.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Client Variables NOT expiring

[Bruce Holm]

- Original Message -
From: "Dave Watts" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 9:31 AM
Subject: RE: Client Variables NOT expiring


> > Do you set this tag (cfapplication) on the fly in the middle
> > of your code somewhere or is this located in the Application.cfm
> > file?
>
> I'd only set it once, in Application.cfm.

But if you do it there, then how do you use session vars?

> > Is it safe to set the Session.CFID and Session.CFTOKEN to ""
> > to knock them out?  Do they get regenerated and set to a new
> > value if you do?
>
> I haven't tried to do this, but I'd guess that the server would probably
get
> pretty confused if you did. Rather than setting them to empty strings,
you'd
> be better off simply severing the connection between the client and the
> server-side data by deleting the cookies.

How do you delete a user's cookie file on their machine remotely?  That
isn't possible.
Maybe I misunderstand.

Bruce


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: URL Hacks - Solution

[Lee Fuller]

Josh,

Where is the script now?  Is it available?  I must have missed that if
it was.

Thanks.


Lee Fuller
Chief Technical Officer
PrimeDNA Corporation / AAA Web Hosting Corporation
"We ARE the net."
http://www.aaawebhosting.com



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Unable to Access Administrator/Localhost

[Lee Fuller]

An NT #2 error means that the engine saw the request, but couldn't pass
it on to CF, most likely because CF wasn't running, or died, while the
request was being made.

Hate to make it sound so "simplistic".. But you're sure that CF is
running.. Yes? 



> -Original Message-
> From: Yvette Ingram [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, July 12, 2001 9:18 AM
> To: CF-Talk
> Subject: Unable to Access Administrator/Localhost
> 
> 
> Error Occurred While Processing Request
> Error Diagnostic Information
> An error occurred while attempting to establish a connection 
> to the service. I'm getting the following error message.  I 
> tried going through the Services Control Panel to fix it but 
> it's still not working.  Any advise on how to resolve this 
> problem is appreciated.  I think I fixed this before, but I 
> can't remember what or how I did it.
> 
> **
> The most likely cause of this problem is that the service is 
> not currently running. You can use the 'Services' Control 
> Panel to verify that the service is running and to restart it 
> if necessary.
> 
> Windows NT error number 2 occurred.
>  ***
> 
> Thanks in advance.
> 
> 
> Yvette Ingram
> Brainbench Certified ColdFusion 4.5 Programmer
> Email: [EMAIL PROTECTED] or
> [EMAIL PROTECTED]
> ICQ:  21200397
> Website:  http://www.tkisolutions.com
> 
> 
> 
> 
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: CFTry/CFCatch

[Michael Lugassy]

Yes

- Original Message -
From: "Duane Boudreau" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 8:38 PM
Subject: CFTry/CFCatch


> If an error is caught by cftry/cfcatch is it logged in the server or
> application log?
>
> TIA,
> Duane
>
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

currentrow with join query

[Diana Nichols]

There must be a way to do this...but it escapes me:

I have this query:

SELECT p.projectID, p.projectname, p.userID, p.startdate, p.totalrevenue,
p.probability, co.contactID, co.fname, co.lname, co.email, co.businessphone,
cl.company, cl.clientID
FROM projects p RIGHT JOIN (contacts co INNER JOIN clients cl ON cl.clientID
= co.clientID) ON p.clientID = co.clientID
WHERE cast(p.userID as varchar) in (#rep#)#preservesinglequotes(string1)#
GROUP BY p.projectID, p.projectname, p.userID, p.startdate, p.totalrevenue,
p.probability, co.contactID, cl.clientID,  co.fname, co.lname,  co.email,
co.businessphone, cl.company
ORDER BY p.userID


I'm using maxrows/startrow to paginate the results

The problem is: I'm sorting on projectID...but there can be multiple contact
records for each project one

SO, 
will give me 25 rows, but that may only be 18 projectsand the numbering
scheme is thrown off all down the line

currentrow counts ALL the returned rowsis there a reasonably easy way to
tell how many of the *group* records there areand figure maxrows and
startrows from that?

TIA!!
D

___
Diana Nichols
Webmistress
SalesThreads - Selling Simplified
http://www.salesthreads.com

'One man's magic is another man's engineering' --Lazarus Long


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Emailing CC info

[Larry Juncker]

Duane;

We use protofax as a way of sending SECURE CC info.  It uses an internal
email to fax
CC info to a customer.

It works really well.

Larry Juncker
Senior Cold Fusion Developer
Heartland Communications Group, Inc.
[EMAIL PROTECTED]

-Original Message-
From: Duane Boudreau [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 11:00 AM
To: CF-Talk
Subject: Emailing CC info


All,

I need some suggestions on emailing credit card info securely for a friend.
He looked into PGP but the commercial version is now 8k???

Thanks,
Duane
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Unable to Access Administrator/Localhost

[Yvette Ingram]

Error Occurred While Processing Request
Error Diagnostic Information
An error occurred while attempting to establish a connection to the service.
I'm getting the following error message.  I tried going through the Services
Control Panel to fix it but it's still not working.  Any advise on how to
resolve this problem is appreciated.  I think I fixed this before, but I
can't remember what or how I did it.

**
The most likely cause of this problem is that the service is not currently
running. You can use the 'Services' Control Panel to verify that the service
is running and to restart it if necessary.

Windows NT error number 2 occurred.
 ***

Thanks in advance.


Yvette Ingram
Brainbench Certified ColdFusion 4.5 Programmer
Email: [EMAIL PROTECTED] or
[EMAIL PROTECTED]
ICQ:  21200397
Website:  http://www.tkisolutions.com




~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: URL Hacks - Solution

[Josh R]

>Date: Wed, 11 Jul 2001 14:57:10 -0400
>From: Chad Gray <[EMAIL PROTECTED]>
>Subject: RE: URL Hacks - Solution
>I added the following things to your script to check for:
>exec%xp_cmdshell
>exec+xp_cmdshell
>exec xp_cmdshell
>

RE: Client Variables NOT expiring

[Dave Watts]

> Do you set this tag (cfapplication) on the fly in the middle 
> of your code somewhere or is this located in the Application.cfm 
> file?

I'd only set it once, in Application.cfm.

> Is it safe to set the Session.CFID and Session.CFTOKEN to "" 
> to knock them out?  Do they get regenerated and set to a new 
> value if you do?

I haven't tried to do this, but I'd guess that the server would probably get
pretty confused if you did. Rather than setting them to empty strings, you'd
be better off simply severing the connection between the client and the
server-side data by deleting the cookies.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Zac Belado]

> You have your opinion and I have mine.  I would rather not have
> some script kiddie taking advantage of a security hole in my server
> because the developer publics the specifics of the exploit.

perhaps I'm just not seeing the point but if you patch the hole then how can
someone exploit it?


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: CF XML-RPC

[Michael S. Kimmett]

Nick,

Thanks.  I will go to the bookstore and take a look.  I appreciate your
help.

--Michael
- Original Message -
From: "DeVoil, Nick" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 8:43 AM
Subject: RE: CF XML-RPC


> Michael
>
> The SOAP example in the book doesn't use any CF features that
> aren't in CF4.5, unless I'm missing something. The requester
> just uses the MS objects XMLHTTPRequest and XMLDOM via CFOBJECT.
>
> Nick
>
> -Original Message-
> From: Michael S. Kimmett [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 2:02 PM
> To: CF-Talk
> Subject: Re: CF XML-RPC
>
>
> All of the examples that I have seen on the web (Note: I have not seen one
> CF example yet) use a RPC call to a proxy server.  The proxy server then
> translates the XML that I sent to the proxy server into the SOAP message.
I
> know that this is not true SOAP, but it seems that this is the only
solution
> that I have seen that works.
>
> I can not go to CF5.0.  The client wants us to stay with 4.5.  Any other
> suggestions out there?
>
> --Michael
> - Original Message -
> From: "DeVoil, Nick" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Thursday, July 12, 2001 3:28 AM
> Subject: RE: CF XML-RPC
>
>
> > OK, it's not on the web, but the new Wrox book
> > "Professional ColdFusion 5.0" has details on how
> > to use SOAP with CF.
> >
> > Also (still not on the web) O'Reilly have a book
> > on XML-RPC. But if it's SOAP you want, then why
> > not go straight with SOAP?
> >
> > Nick
> >
> >
> > -Original Message-
> > From: Michael S. Kimmett [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 12, 2001 3:28 AM
> > To: CF-Talk
> > Subject: CF XML-RPC
> >
> >
> > I am trying to learn how to make XML-RPC calls in Coldfusion.  Is there
> > anywhere on the web that I can l look at example code to learn how to
make
> a
> > XML-RPC call in Coldfusion.
> >
> > I want to use this as a base of knowledge to make a Coldfusion RPC call
to
> a
> > SOAP server.
> >
> > Thanks in advance.
> >
> > Michael
> >
> >
>
>
> **
> Information in this email is confidential and may be privileged.
> It is intended for the addressee only. If you have received it in error,
> please notify the sender immediately and delete it from your system.
> You should not otherwise copy it, retransmit it or use or disclose its
> contents to anyone.
> Thank you for your co-operation.
> **
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Forms+SQL+Params

[Craig Kiessling]

Hello folks,

I am fairly new in the CF arena, and am in need of some simple help here.
I have an Access database (pretty small), and a form on a template, to add 
an entry into a "Guestbook."
I would like for the database to updated with the new information, then the 
form is submitted and takes them to the "View the Guestbook" page, which 
should now show their new entry.
Any help would be surely appreciated!
Sincerely,
Craig S. Kiessling --->Code Below
I am doing something wrong, but can not figure out what. Here is what I 
have:
(First on template)







...

Name or 
Alias:













INSERT into Guestbook(Name,Email,Location,URL,Section,Contribute,Comments) 
Values('#Name#','#Email#','#Location#','#URL#','#Section#','#Contribute#','#Comments#')















#date#
#name#
mailto:#email#";>Email Me
#location#
Visit My Website
#section#
#contribute#
#comments#



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: cfcache & Connection Failure <--- Resolved

[Daniel Kemp]

Ok, I think we've resolved the  "Connection Failed" problem
we were having, so I though I'd pass on how we sorted it out.  It's
got quite a bit to do with IP address and I can't guarantee my
explanation will be that great, but here goes...

Our Web Server and ColdFusion server are on the same box, it has an
internal IP address, and an external IP given to it through the
firewall  Internal is 192.168.10.3,  external is 200.200.100.23
(actually both lies but good enough :)

Whenever we connected to the site internally cfcache worked fine and
as expected.  But as soon as someone tried to connect from outside it
all went wrong.  Why, well I think it goes something like this...

>From inside, the user requests a page, the cfcache thinks "oh this is
a new one, I'll use cfhhtp to go get it" and used the IP number the
user used to request the page, so cfcache in this case uses the
internal IP address, and finds the page no problem.

>From outside, the user requests a page, DNS points the user to the
external IP number 200.200.100.23, cfcache on the box tries to load
the page by connecting to the IP number used by the external user,
i.e. the coldfusion box tries to connect to 200.200.100.23 doesn't
have a clue where that is, vanishes off through the firewall a couple
of times, does bad network ju-ju and dies.

If cfcache was really nice and lovely it's go "Ah this person is
asking for this file, I'll just look at the local machine which that
file sits on, quite often this one right here"  But of course it
doesn't know what to do or where to look.

This is where our techie guys added a couple of lines to the hosts
file (dirve:/winnt/system32/drives/etc/hosts) on the box that
coldFusion and IIS was sitting, so now we have...

--
# Copyright (c) 1993-1999 Microsoft Corp.
[snip]
# For example:
#
#  102.54.94.97 rhino.acme.com  # source server
#   38.25.63.10 x.acme.com  # x client host

127.0.0.1   localhost
200.200.100.23  www.the-company.co.uk  # public address
192.168.10.3www.the-company.co.uk  # private address
--

I'm guessing that what happens now is, the external user asks for the
file, cfcache tries to find it on the public IP, fails looks around
for another IP to use, finds the private IP, uses that and
successfully gets the file.


To me, this is all mystic network voodoo, so obviously didn't have a
clue what was going on, and there didn't seem to be any real good
indications for what the problem was.  A unencoded version of the
 tag would have gone a long way to helping, but never mind.
Hope this helps someone, sorry 'bout the long windedness of the
answer, but I'm too fuzzy to get quick-easy-facts right.

Cheers,
Dan.



This message is intended only for the use of the person(s) ("the intended 
recipient(s)") to whom it is addressed.

It may contain information which is privileged and confidential within the meaning of 
the applicable law. 
If you are not the intended recipient, please contact the sender as soon as possible.
The views expressed in this communication may not necessarily be the views held by 
Live Information Systems Limited.



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Emailing CC info

[Duane Boudreau]

All,

I need some suggestions on emailing credit card info securely for a friend.
He looked into PGP but the commercial version is now 8k???

Thanks,
Duane


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Dylan Bromby]

i don't think anyone can predict whether or not your server security will be
compromised in the next month.

-Original Message-
From: freddy [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:18 AM
To: CF-Talk
Subject: Re: Important ColdFusion Security Patch Released Today


I have a fairly unique situation here. Our cf server has  very limited
access rights. It cannot write any files at all
anywhere on our servers. In this case how would it be possible to exploit
the security hole?  We have a subscription to
cf and are going to be upgrading asap but are currently in the process of a
complete site personalization rollout that
will :
A: Put a much heavier load on the cf server than it already has. So adding a
possible 8% reduction in performance is not
an option.
B: Not allow me to upgrade untill it has been found to be working well
enough in the current evironment.

I would like to wait till I can upgrade to 5.0 (about a month) before doing
anything... does this sound safe?
Thanks,
 Frederic

Debbie Dickerson wrote:

> Michael,
>
> Your issue sounds more like a known bug with Studio. It was related to
> version Studio 4.5.0, and a hotfix was created for it. The fix is in the
> knowledge base at
> http://www.allaire.com/Handlers/index.cfm?ID=13852&Method=Full
>
> Debbie
> Macromedia
>
> -Original Message-
> From: Jackson Moore [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 8:40 AM
> To: CF-Talk
> Subject: Re: Important ColdFusion Security Patch Released Today
>
> Michael
>
> I don't know if it is related, but I (and a few other developers I
> know) have had the "0 byte file" issue hit us.  Here was the
> scenario:
>
> Edit a .cfm file in CF Studio.  Save file in CF Studio.  Refresh
> browser to verify updates.  Very, very seldom, we get an error from
> the CF Server that it can not read files that are 0 bytes in size.
> If I go back to studio, the file is still there.  However, if I close
> the file (won't get prompted to save since it was already saved), the
> file is lost and I have to restore from a backup.
>
> You can imagine that the first time this showed up, everyone thought
> I was crazy and told me I had just accidentally overwritten the file
> myself with an empty file.  These guys let me hear about it for
> weeks!
>
>  Then a few weeks later it happened again.  At first we blamed it on
> studio, then we blamed it on the network.  Then it happened to
> another developer.  You can imagine my relief (vindicated!) when I
> wasn't the only one who had been bit by this.
>
> Without more details from MM, I can't know for sure if this is the
> same issue addressed by their recent patch, but if it is, that means
> that CF Server was overwriting the file with a 0 byte file after I
> had successfully saved it from studio.
>
> Any thoughts?
>
> Jackson Moore
> [EMAIL PROTECTED]
>
> On Wed, 11 Jul 2001 15:35:45 -0400, Michael Dinowitz wrote:
> >Without going into details on my investigations yet, does anyone
> >know of
> >anyone being attacked by this hole? Has anyone found their documents
> >either
> >deleted or replaced with a 0 byte file? If so, please contact me. I
> >think I
> >know what the hole is and just need some extra 'leg work'.
> >
> >
> >>
> >> From: "Howie Hamlin" <[EMAIL PROTECTED]>
> >>
> >> >> 2) the nature of the security problem - obviously MM is going
> >>for
> >> >> security-thru-obscurity and is not going to describe the exact
> >>problem,
> >but
> >> >> some clue as to the possible effects, how to tell if the
> >>weakness has
> >been
> >> >> taken advantage of, etc would be helpful
> >> >>
> >> >
> >> >No idea...in a way it's better that they don't point out the
> >vulnerability.
> >>
> >> And in a way it is far worse - since while we are 'closing the
> >>door' on
> >> a bug, without more details, how can we tell if someone has taken
> >advantage
> >> of that open door on our system?
> >> --
> >> Never apply a Star Trek solution to a Babylon 5 problem.
> >> Larry W. Virden   >http://www.purl.org/NET/lvirden/>
> >> Even if explicitly stated to the contrary, nothing in this posting
> >>should
> >> be construed as representing my employer's opinions.
> >> -><-
> >>
> >>
> >
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Dave Watts]

> I have a fairly unique situation here. Our cf server has  
> very limited access rights. It cannot write any files at all
> anywhere on our servers. In this case how would it be 
> possible to exploit the security hole?

Since it's a problem with the API and CGI stubs, it might not have anything
to do with the rights possessed by the CF server, but rather by your web
server - the API stubs run in-process with your web server.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Client Variables NOT expiring

[Dave Watts]

> Sorry - but for some strange reason I have not yet received your 
> first reply! In any case - I will go play with DeleteClientVariable(), 
> though what I really need is for the CFID and CFTOKEN cookies to 
> disappear from the client browser. They seem to "remain". So, I 
> close my browser, but on return to the site - the system still 
> knows my CFID and CFTOKEN! As far as I can tell - this shouldn't 
> be happening. It's a security issue that I need to overcome.

That's the default behavior for the CFID and CFTOKEN cookies set by
CFAPPLICATION - they're persistent. If you want non-persistent "session"
cookies, you'll have to create or overwrite them yourself. Here's an
example, which uses the SETCLIENTCOOKIES attribute of CFAPPLICATION to
prevent the automatic creation of cookies, then manually creates
non-persistent cookies with CFCOOKIE:








Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: UPDATE: Suggested Security Patch Workarounds

[Michael Dinowitz]

Actually, HoF has been on CF 5 since the lists were moved to the new box. I
ran a few security checkers against it and it's cool. I'm installing CF 2 on
my laptop to test this out. I want to know the problem not to tell everyone
how to use it but to see its limitations. If Website will not have the
performance hit but IIS will, I want to know. The more time goes by the more
I'm finding out and thankfully MM keeps coming out with info to tell me if
I'm on the right path or not. :)

> > posts on this. I don't know. That's really the whole problem
> > on my side. I
> > want to know. I need to know.
>
> I guess if Damon's right and you wait a few days without patching then
> you'll find out soon enough!
>
> I understand your frustration though.
>
> Rock = Disclose details and let script kiddies maim and destroy
> Hard Place = Keep schtum and hope developers and sysadmins patch up and
> shaddap.
>
>
> ---
> Rich Wild
> Senior Web Developer
>
> ---
> e-mango.com ltd  Tel: 01202 587 400
> Lansdowne Place  Fax: 01202 587 401
> 17 Holdenhurst Road
> Bournemouth   Mailto:[EMAIL PROTECTED]
> BH8 8EW, UK  http://www.e-mango.com
> ---
> This message may contain information which is legally
> privileged and/or confidential.  If you are not the
> intended recipient, you are hereby notified that any
> unauthorised disclosure, copying, distribution or use
> of this information is strictly prohibited. Such
> notification notwithstanding, any comments, opinions,
> information or conclusions expressed in this message
> are those of the originator, not of e-mango.com ltd,
> unless otherwise explicitly and independently indicated
> by an authorised representative of e-mango.com ltd.
> ---
>
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: 12 July 2001 15:36
> > To: CF-Talk
> > Subject: Re: UPDATE: Suggested Security Patch Workarounds
> >
> >
> > This is the whole reason I keep saying "theory" and
> > "potential" for all my
> > posts on this. I don't know. That's really the whole problem
> > on my side. I
> > want to know. I need to know. If this is a stub problem then
> > what are the
> > 'vectors' of it? Is it an implementation of the HTTP protocol
> > in the stub,
> > something in the way its passing info from the webserver to
> > CF? Is it the
> > same on all webservers and operating systems? Has it been
> > reported before on
> > other platforms or languages and are others in danger?
> >
> > > Unfortunately, Mike's proposed workaround below will not
> > work.  There is
> > no
> > > known workaround to the issue.  It affects all servers,
> > regardless of
> > > application, security contexts, HTTP method filtering, port, etc.
> > >
> > > Unless you completely trust every end user who is able to
> > connect to your
> > > your ColdFusion server machine, the patch must be applied
> > to production
> > > servers to be secure from these vulnerabilities.
> > >
> > > Please refer to the updated Security Bulletin on the Security Zone
> > > (http://www.allaire.com/security) and associated FAQ for
> > answers to these
> > > and other commonly asked questions.
> > >
> > > We can't overemphasize the importance of applying the patch
> > immediately to
> > > all affected servers.
> > >
> > > While we are not aware of any known exploit attempts using these
> > > vulnerabilities, we believe it's just of time before
> > hackers turn their
> > > attention to this Bulletin and begin reverse engineering efforts to
> > > determine the exploit details.  We want to give our
> > customers the largest
> > > window of opportunity to apply the patch before that
> > happens.  It may just
> > > be a matter of days before hackers successfully begin
> > probing sites for
> > > servers vulnerable to exploit attempts.
> > >
> > > Fortunately, because the vulnerabilities were discovered
> > internally in the
> > > course of a routine product security audit, rather than external
> > > notification, customers have the advantage at the moment of
> > being notified
> > > of the problem, have a patch available and can apply the fix before
> > hackers
> > > are able to begin probing expeditions.  But as we know, the clock is
> > surely
> > > ticking, so (again), it's critical that administrators
> > apply the patch
> > > without delay to protect their servers.
> > >
> > > Please forward any direct inquiries regarding this or other product
> > > security-related issues to [EMAIL PROTECTED]
> > >
> > > Thanks
> > >
> > > Damon Cooper
> > >
> > > ==
> > > Date: Wed, 11 Jul 2001 17:02:07 -0400
> > > From: [EMAIL PROTECTED] (Michael Dinowitz)
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: Important ColdFusion Security Patch Relea

RE: Important ColdFusion Security Patch Released Today

[Dave Watts]

> Does anyone know:
> 
> 1) exactly what files are updated (looks like all the stubs - such 
> as iscf.dll - but I'm not sure)

Just the API and CGI stubs are replaced.

> 2) the nature of the security problem - obviously MM is going for
> security-thru-obscurity and is not going to describe the exact 
> problem, but some clue as to the possible effects, how to tell if 
> the weakness has been taken advantage of, etc would be helpful

Here's my guess about the nature of the problem. It's clear that it's a
problem with the API and CGI stubs. I think that there exists some
vulnerability that can cause CFCONTENT functionality to be executed, taking
advantage of a buffer overflow in the stub. Further, on Windows, I think
that the specific overflow may exist in the earlier VC++ runtime used with
versions of CF prior to version 5, which would explain why CF 5 isn't
vulnerable, and why the patch requires the VC++ 6 runtime.

Keep in mind this is a wild guess, completely unsupported by hard evidence.

> 3) what workarounds, if any, can be used instead of applying 
> the patch

If my above guess is right, there really isn't any workaround, if you allow
untrusted connections to your web server. This would explain MM's relatively
close-mouthed position on this - since there's nothing that can be done
about it other than installing the patch, they don't stand to gain by
providing any information about the specifics. If they did provide that
info, people could start looking for the problem pretty quickly.

> 4) If there's a way to apply the patch without a reboot (if 
> it's just the stubs an IIS stop-start might be enough)

According to the FAQ provided by MM, the patch can be manually applied
without a reboot.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Important ColdFusion Security Patch Released Today

[freddy]

I have a fairly unique situation here. Our cf server has  very limited access rights. 
It cannot write any files at all
anywhere on our servers. In this case how would it be possible to exploit the security 
hole?  We have a subscription to
cf and are going to be upgrading asap but are currently in the process of a complete 
site personalization rollout that
will :
A: Put a much heavier load on the cf server than it already has. So adding a possible 
8% reduction in performance is not
an option.
B: Not allow me to upgrade untill it has been found to be working well enough in the 
current evironment.

I would like to wait till I can upgrade to 5.0 (about a month) before doing 
anything... does this sound safe?
Thanks,
 Frederic

Debbie Dickerson wrote:

> Michael,
>
> Your issue sounds more like a known bug with Studio. It was related to
> version Studio 4.5.0, and a hotfix was created for it. The fix is in the
> knowledge base at
> http://www.allaire.com/Handlers/index.cfm?ID=13852&Method=Full
>
> Debbie
> Macromedia
>
> -Original Message-
> From: Jackson Moore [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 8:40 AM
> To: CF-Talk
> Subject: Re: Important ColdFusion Security Patch Released Today
>
> Michael
>
> I don't know if it is related, but I (and a few other developers I
> know) have had the "0 byte file" issue hit us.  Here was the
> scenario:
>
> Edit a .cfm file in CF Studio.  Save file in CF Studio.  Refresh
> browser to verify updates.  Very, very seldom, we get an error from
> the CF Server that it can not read files that are 0 bytes in size.
> If I go back to studio, the file is still there.  However, if I close
> the file (won't get prompted to save since it was already saved), the
> file is lost and I have to restore from a backup.
>
> You can imagine that the first time this showed up, everyone thought
> I was crazy and told me I had just accidentally overwritten the file
> myself with an empty file.  These guys let me hear about it for
> weeks!
>
>  Then a few weeks later it happened again.  At first we blamed it on
> studio, then we blamed it on the network.  Then it happened to
> another developer.  You can imagine my relief (vindicated!) when I
> wasn't the only one who had been bit by this.
>
> Without more details from MM, I can't know for sure if this is the
> same issue addressed by their recent patch, but if it is, that means
> that CF Server was overwriting the file with a 0 byte file after I
> had successfully saved it from studio.
>
> Any thoughts?
>
> Jackson Moore
> [EMAIL PROTECTED]
>
> On Wed, 11 Jul 2001 15:35:45 -0400, Michael Dinowitz wrote:
> >Without going into details on my investigations yet, does anyone
> >know of
> >anyone being attacked by this hole? Has anyone found their documents
> >either
> >deleted or replaced with a 0 byte file? If so, please contact me. I
> >think I
> >know what the hole is and just need some extra 'leg work'.
> >
> >
> >>
> >> From: "Howie Hamlin" <[EMAIL PROTECTED]>
> >>
> >> >> 2) the nature of the security problem - obviously MM is going
> >>for
> >> >> security-thru-obscurity and is not going to describe the exact
> >>problem,
> >but
> >> >> some clue as to the possible effects, how to tell if the
> >>weakness has
> >been
> >> >> taken advantage of, etc would be helpful
> >> >>
> >> >
> >> >No idea...in a way it's better that they don't point out the
> >vulnerability.
> >>
> >> And in a way it is far worse - since while we are 'closing the
> >>door' on
> >> a bug, without more details, how can we tell if someone has taken
> >advantage
> >> of that open door on our system?
> >> --
> >> Never apply a Star Trek solution to a Babylon 5 problem.
> >> Larry W. Virden   >http://www.purl.org/NET/lvirden/>
> >> Even if explicitly stated to the contrary, nothing in this posting
> >>should
> >> be construed as representing my employer's opinions.
> >> -><-
> >>
> >>
> >
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: UPDATE: Suggested Security Patch Workarounds

[Rich Wild]

> posts on this. I don't know. That's really the whole problem 
> on my side. I
> want to know. I need to know.

I guess if Damon's right and you wait a few days without patching then
you'll find out soon enough!

I understand your frustration though.

Rock = Disclose details and let script kiddies maim and destroy
Hard Place = Keep schtum and hope developers and sysadmins patch up and
shaddap.


---
Rich Wild
Senior Web Developer

---
e-mango.com ltd  Tel: 01202 587 400
Lansdowne Place  Fax: 01202 587 401
17 Holdenhurst Road
Bournemouth   Mailto:[EMAIL PROTECTED]
BH8 8EW, UK  http://www.e-mango.com
---
This message may contain information which is legally
privileged and/or confidential.  If you are not the
intended recipient, you are hereby notified that any
unauthorised disclosure, copying, distribution or use
of this information is strictly prohibited. Such
notification notwithstanding, any comments, opinions,
information or conclusions expressed in this message
are those of the originator, not of e-mango.com ltd,
unless otherwise explicitly and independently indicated
by an authorised representative of e-mango.com ltd.
---




> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: 12 July 2001 15:36
> To: CF-Talk
> Subject: Re: UPDATE: Suggested Security Patch Workarounds
> 
> 
> This is the whole reason I keep saying "theory" and 
> "potential" for all my
> posts on this. I don't know. That's really the whole problem 
> on my side. I
> want to know. I need to know. If this is a stub problem then 
> what are the
> 'vectors' of it? Is it an implementation of the HTTP protocol 
> in the stub,
> something in the way its passing info from the webserver to 
> CF? Is it the
> same on all webservers and operating systems? Has it been 
> reported before on
> other platforms or languages and are others in danger?
> 
> > Unfortunately, Mike's proposed workaround below will not 
> work.  There is
> no
> > known workaround to the issue.  It affects all servers, 
> regardless of
> > application, security contexts, HTTP method filtering, port, etc.
> >
> > Unless you completely trust every end user who is able to 
> connect to your
> > your ColdFusion server machine, the patch must be applied 
> to production
> > servers to be secure from these vulnerabilities.
> >
> > Please refer to the updated Security Bulletin on the Security Zone
> > (http://www.allaire.com/security) and associated FAQ for 
> answers to these
> > and other commonly asked questions.
> >
> > We can't overemphasize the importance of applying the patch 
> immediately to
> > all affected servers.
> >
> > While we are not aware of any known exploit attempts using these
> > vulnerabilities, we believe it's just of time before 
> hackers turn their
> > attention to this Bulletin and begin reverse engineering efforts to
> > determine the exploit details.  We want to give our 
> customers the largest
> > window of opportunity to apply the patch before that 
> happens.  It may just
> > be a matter of days before hackers successfully begin 
> probing sites for
> > servers vulnerable to exploit attempts.
> >
> > Fortunately, because the vulnerabilities were discovered 
> internally in the
> > course of a routine product security audit, rather than external
> > notification, customers have the advantage at the moment of 
> being notified
> > of the problem, have a patch available and can apply the fix before
> hackers
> > are able to begin probing expeditions.  But as we know, the clock is
> surely
> > ticking, so (again), it's critical that administrators 
> apply the patch
> > without delay to protect their servers.
> >
> > Please forward any direct inquiries regarding this or other product
> > security-related issues to [EMAIL PROTECTED]
> >
> > Thanks
> >
> > Damon Cooper
> >
> > ==
> > Date: Wed, 11 Jul 2001 17:02:07 -0400
> > From: [EMAIL PROTECTED] (Michael Dinowitz)
> > To: [EMAIL PROTECTED]
> > Subject: Re: Important ColdFusion Security Patch Released Today
> > Message-ID: <00df01c10a4c$c56c83e0$[EMAIL PROTECTED]>
> >
> > There is a potential workaround if what I'm seeing is true. 
> Have your
> > webserver block any HTTP method other than get and post. If 
> your webserver
> > can do that, you should be safe. I'll say more later.
> >
> > Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> > Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
> >
> 
> 
> 
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: htt

Anyone know what this error means?

[Evan Lavidor]

Getting the following error in webserver.log:

"ERROR","TID=2780","07/12/01","11:06:35","Error attempting to write location
redirection to web server (Windows NT error number -2147467259 occurred)"


Anyone know what this means?  What it's symtomatic of?  Seen it before?  I
can't find any understandable documentation on it anywhere.

Thanks,

Evan

--
-=-=-=-=-=-=-=-=-=-
Evan Lavidor
Circle.com Boston
Tel: 617-585-3107
Fax: 617-585-3091
-=-=-=-=-=-=-=-=-=-


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: CFTry/CFCatch

[Dave Watts]

> If an error is caught by cftry/cfcatch is it logged in the server 
> or application log?

No, it's not, unless you do it yourself with CFLOG (in CF 5). In fact, it's
helpful to distinguish between exceptions (certain bad things that happen at
runtime) and errors. CFTRY and CFCATCH are used to handle exceptions; an
unhandled exception will generate an error.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: UPDATE: Suggested Security Patch Workarounds

[Michael Dinowitz]

This is the whole reason I keep saying "theory" and "potential" for all my
posts on this. I don't know. That's really the whole problem on my side. I
want to know. I need to know. If this is a stub problem then what are the
'vectors' of it? Is it an implementation of the HTTP protocol in the stub,
something in the way its passing info from the webserver to CF? Is it the
same on all webservers and operating systems? Has it been reported before on
other platforms or languages and are others in danger?

> Unfortunately, Mike's proposed workaround below will not work.  There is
no
> known workaround to the issue.  It affects all servers, regardless of
> application, security contexts, HTTP method filtering, port, etc.
>
> Unless you completely trust every end user who is able to connect to your
> your ColdFusion server machine, the patch must be applied to production
> servers to be secure from these vulnerabilities.
>
> Please refer to the updated Security Bulletin on the Security Zone
> (http://www.allaire.com/security) and associated FAQ for answers to these
> and other commonly asked questions.
>
> We can't overemphasize the importance of applying the patch immediately to
> all affected servers.
>
> While we are not aware of any known exploit attempts using these
> vulnerabilities, we believe it's just of time before hackers turn their
> attention to this Bulletin and begin reverse engineering efforts to
> determine the exploit details.  We want to give our customers the largest
> window of opportunity to apply the patch before that happens.  It may just
> be a matter of days before hackers successfully begin probing sites for
> servers vulnerable to exploit attempts.
>
> Fortunately, because the vulnerabilities were discovered internally in the
> course of a routine product security audit, rather than external
> notification, customers have the advantage at the moment of being notified
> of the problem, have a patch available and can apply the fix before
hackers
> are able to begin probing expeditions.  But as we know, the clock is
surely
> ticking, so (again), it's critical that administrators apply the patch
> without delay to protect their servers.
>
> Please forward any direct inquiries regarding this or other product
> security-related issues to [EMAIL PROTECTED]
>
> Thanks
>
> Damon Cooper
>
> ==
> Date: Wed, 11 Jul 2001 17:02:07 -0400
> From: [EMAIL PROTECTED] (Michael Dinowitz)
> To: [EMAIL PROTECTED]
> Subject: Re: Important ColdFusion Security Patch Released Today
> Message-ID: <00df01c10a4c$c56c83e0$[EMAIL PROTECTED]>
>
> There is a potential workaround if what I'm seeing is true. Have your
> webserver block any HTTP method other than get and post. If your webserver
> can do that, you should be safe. I'll say more later.
>
> Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
> Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
>



~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Dave Watts]

> There is a potential workaround if what I'm seeing is true. Have 
> your webserver block any HTTP method other than get and post. If 
> your webserver can do that, you should be safe. I'll say more later.

The only methods you'd want to block are PUT and DELETE, I think; you'd want
to allow GET, POST, HEAD and TRACE. I don't think this has anything to do
with the current vulnerability, though.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Dave Watts]

> > Does anyone know:
> >
> > 1) exactly what files are updated (looks like all the stubs 
> > - such as iscf.dll - but I'm not sure)
> 
> I think that is all that is updated (hence the fact that 
> there is only one update file for each OS).

Howie's right - you can download a zip file for manual installation, and all
that file contains are the various API and CGI stubs.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Dave Watts]

> Adam Berry said:
> "The security bulletin explains the potential impact of the 
> security issues. Since these issues were discovered through 
> an internal audit, we decided not to publish explicit instructions 
> for how to exploit the issues. "
> 
> I'd like a more detailed explanation of the impact. Does the 
> flaw allow an attacker to take actions using the security context 
> the webserver runs in, or the one CF Server runs in? I personally 
> don't allow CF Server to run as System, and the userid it gets 
> has limited rights, so even if an attacker can run code using 
> CF Server's process id the attacker can't change (very many) 
> files. If the attacker can only run code in the webserver context,
> the effect depends on the webserver; IIS has to run as system, 
> but Apache can run with very limited update rights, so there 
> might not be much damage possible. 

My guess is that, since this appears to be a problem with the API stub, the
security context at issue is either the web server user account (in IIS,
IUSR_MACHINENAME or the authenticated user), or the web service account
itself.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Dave Watts]

> I asked:
> > What workarounds, if any, can be used instead of applying 
> > the patch?
> 
> Adam Berry said:
> 
> "There is not a work around other than the patch, which is 
> why we released it. "
> 
> 
> This kind of blanket statement is hard to accept. What if 
> IIS security has been used to only allow connections from 
> certain IPs, or IIS requires authentication? Would that take 
> care of it (assuming the people I'm trusting by these means 
> are actually trustworthy)?  

The patch itself, on Windows, simply replaces the various API and CGI stubs
that the web server uses to communicate with CF. So, if you don't allow
non-trustworthy people to connect to your web server, you shouldn't really
need the patch. Based on my understanding of ISAPI and other web server
APIs, all of the filtering and authentication stuff happens before the API
extension is invoked on behalf of the request.

I'd guess, though, that you'll have a hard time being sure that only
trustworthy people are in fact trusted - that problem hasn't ever been
solved in human history!

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
fax: (202) 797-5444

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: CF XML-RPC

[DeVoil, Nick]

Michael

The SOAP example in the book doesn't use any CF features that
aren't in CF4.5, unless I'm missing something. The requester
just uses the MS objects XMLHTTPRequest and XMLDOM via CFOBJECT.

Nick

-Original Message-
From: Michael S. Kimmett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 2:02 PM
To: CF-Talk
Subject: Re: CF XML-RPC


All of the examples that I have seen on the web (Note: I have not seen one
CF example yet) use a RPC call to a proxy server.  The proxy server then
translates the XML that I sent to the proxy server into the SOAP message.  I
know that this is not true SOAP, but it seems that this is the only solution
that I have seen that works.

I can not go to CF5.0.  The client wants us to stay with 4.5.  Any other
suggestions out there?

--Michael
- Original Message -
From: "DeVoil, Nick" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 3:28 AM
Subject: RE: CF XML-RPC


> OK, it's not on the web, but the new Wrox book
> "Professional ColdFusion 5.0" has details on how
> to use SOAP with CF.
>
> Also (still not on the web) O'Reilly have a book
> on XML-RPC. But if it's SOAP you want, then why
> not go straight with SOAP?
>
> Nick
>
>
> -Original Message-
> From: Michael S. Kimmett [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 3:28 AM
> To: CF-Talk
> Subject: CF XML-RPC
>
>
> I am trying to learn how to make XML-RPC calls in Coldfusion.  Is there
> anywhere on the web that I can l look at example code to learn how to make
a
> XML-RPC call in Coldfusion.
>
> I want to use this as a base of knowledge to make a Coldfusion RPC call to
a
> SOAP server.
>
> Thanks in advance.
>
> Michael
>
>


**
Information in this email is confidential and may be privileged. 
It is intended for the addressee only. If you have received it in error,
please notify the sender immediately and delete it from your system. 
You should not otherwise copy it, retransmit it or use or disclose its
contents to anyone. 
Thank you for your co-operation.
**

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: CF XML-RPC

[John Lucas]

And I think the best pricing I've seen so far is at www.bookpool.com

John Lucas
[EMAIL PROTECTED]

-Original Message-
From: DeVoil, Nick [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 3:29 AM
To: CF-Talk
Subject: RE: CF XML-RPC


OK, it's not on the web, but the new Wrox book
"Professional ColdFusion 5.0" has details on how
to use SOAP with CF.

Also (still not on the web) O'Reilly have a book
on XML-RPC. But if it's SOAP you want, then why
not go straight with SOAP?

Nick


-Original Message-
From: Michael S. Kimmett [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 3:28 AM
To: CF-Talk
Subject: CF XML-RPC


I am trying to learn how to make XML-RPC calls in Coldfusion.  Is there
anywhere on the web that I can l look at example code to learn how to make a
XML-RPC call in Coldfusion.

I want to use this as a base of knowledge to make a Coldfusion RPC call to a
SOAP server.

Thanks in advance.

Michael


**
Information in this email is confidential and may be privileged.
It is intended for the addressee only. If you have received it in error,
please notify the sender immediately and delete it from your system.
You should not otherwise copy it, retransmit it or use or disclose its
contents to anyone.
Thank you for your co-operation.
**
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: session variables - newbie

[corrigan]

Julie,

My first suggestion would be to make sure that you're application.cfm
template has the  tag in it and that all of the attributes
are set properly (i.e. sessionmanagement="yes"
sessiontimeout=#CreateTimeSpan(days, hours, minutes, seconds)#).  I would
also try a few little debugging techniques like cfoutputing that session
variable in one file at a time to see where it loses it.  I generally put it
as the very first thing inside the body tag and outside any tables.  That
way,  when you run the page, you should see the value displayed somewhere at
the top of the page.  This will help you isolate the problem.  Hope this
helps, and welcome to cf.

Michael
- Original Message -
From: "Julie Clegg" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 11, 2001 3:43 PM
Subject: session variables - newbie


>
>
> I am trying to add a field to my records to let me know who added/updated
> the recordI am new to Cf so I am having some trouble figuring out how
to
> go about doing this.this app is running only on our network and users
> must go thru a login page to access the app.  My Login Action page creates
a
> session variable called session.userid as follows:
>
>
> 
> 
> 
> 
> 
> 
> 
>
>
> After I enter the app and go thru a few pages I want to write a new record
I
> created.  So I just went to the action page where the UPDATE SQL statement
> is and added the following:
>
> UPDATE CasacAppt
> SET dCasacDate  = '#form.dCasacDate#' ,
> vCreateUser= #session.userId# ,
> .etc
>
>
>
> however when the record is added, the vCreateUser field is still ...
>
> what am I doing wrong??
>
> Thanks for your help!
>
> Julie
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

looping insert (was re: looping problem)

[Deanna L. Schneider]

There's a couple of ways this can be handled. But, here's what I usually do.



Delete * from tblClientCategory WHERE clientid=#form.clientid#



(UPDATE tblClientCategory SET CategoryID=#listgetat(form.categoryid, i)#
WHERE
tblClientCategory.ClientID=#form.clientid#)




Essentially, instead of trying to test for the existence of the categoryid,
you're just deleting the old and then inserting all the new. 
is optional here. It ensures that if your second (looped) query doesn't
work, that you haven't lost your original data. However, if you're
potentially looping through lots of fields, with non-critical data, you
might consider the tradeoffs.

-Deanna




Deanna Schneider
Interactive Media Developer
UWEX Cooperative Extension Electronic Publishing Group
103 Extension Bldg
432 N. Lake Street
Madison, WI 53706
(608) 265-7923




~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

CF 45 to CF 50 Upgrade

[Ken Monroe]

Hello!

Has anybody been able to divine the magic process required to get a free
upgrade from CF 4.5 to CF 5.0?  The CF 5 FAQ *used* to say that any
purchases of CF4.5 after April 30 were entitled to a free upgrade.  I began
development of a project using the download trial version of CF 5 in May and
then went to purchase the Enterprise version at the end of May.  Naturally,
the resellers don't have CF 5 so I bought CF 4.5 based on the MM FAQ saying
I could get a free upgrade.

Now, I can't find anyplace on either Allaire or MM to register my CF 4.5
number or get an upgrade number.  The MM site has a registration page but it
rejects my my serial number.  I tried posting to the support forums this AM
but they're not working either...

Any ideas?

Thx


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: CF XML-RPC

[Michael S. Kimmett]

All of the examples that I have seen on the web (Note: I have not seen one
CF example yet) use a RPC call to a proxy server.  The proxy server then
translates the XML that I sent to the proxy server into the SOAP message.  I
know that this is not true SOAP, but it seems that this is the only solution
that I have seen that works.

I can not go to CF5.0.  The client wants us to stay with 4.5.  Any other
suggestions out there?

--Michael
- Original Message -
From: "DeVoil, Nick" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, July 12, 2001 3:28 AM
Subject: RE: CF XML-RPC


> OK, it's not on the web, but the new Wrox book
> "Professional ColdFusion 5.0" has details on how
> to use SOAP with CF.
>
> Also (still not on the web) O'Reilly have a book
> on XML-RPC. But if it's SOAP you want, then why
> not go straight with SOAP?
>
> Nick
>
>
> -Original Message-
> From: Michael S. Kimmett [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 12, 2001 3:28 AM
> To: CF-Talk
> Subject: CF XML-RPC
>
>
> I am trying to learn how to make XML-RPC calls in Coldfusion.  Is there
> anywhere on the web that I can l look at example code to learn how to make
a
> XML-RPC call in Coldfusion.
>
> I want to use this as a base of knowledge to make a Coldfusion RPC call to
a
> SOAP server.
>
> Thanks in advance.
>
> Michael
>
>
> **
> Information in this email is confidential and may be privileged.
> It is intended for the addressee only. If you have received it in error,
> please notify the sender immediately and delete it from your system.
> You should not otherwise copy it, retransmit it or use or disclose its
> contents to anyone.
> Thank you for your co-operation.
> **
>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[CFTalk]

Debbie

Thanks for the quick.  You are probably right.  I just checked the 
Studio versions of a couple of our developers and it seems that after 
installing Windows 2000 from scratch and re-installing CF Studio 4.5, 
the additional updates hadn't been applied.

I apologize to the list for my erroneous thoughts regarding the 
connection between my problem and recent security patch.

Jackson Moore
[EMAIL PROTECTED]


On Thu, 12 Jul 2001 08:51:07 -0400, Debbie Dickerson wrote:
>Michael,
>
>Your issue sounds more like a known bug with Studio. It was related
>to
>version Studio 4.5.0, and a hotfix was created for it. The fix is in
>the
>knowledge base at
>http://www.allaire.com/Handlers/index.cfm?ID=13852&Method=Full
>
>Debbie
>Macromedia
>
>-Original Message-
>From: Jackson Moore [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, July 12, 2001 8:40 AM
>To: CF-Talk
>Subject: Re: Important ColdFusion Security Patch Released Today
>
>
>Michael
>
>I don't know if it is related, but I (and a few other developers I
>know) have had the "0 byte file" issue hit us.  Here was the
>scenario:
>
>Edit a .cfm file in CF Studio.  Save file in CF Studio.  Refresh
>browser to verify updates.  Very, very seldom, we get an error from
>the CF Server that it can not read files that are 0 bytes in size.
>If I go back to studio, the file is still there.  However, if I
>close
>the file (won't get prompted to save since it was already saved),
>the
>file is lost and I have to restore from a backup.
>
>You can imagine that the first time this showed up, everyone thought
>I was crazy and told me I had just accidentally overwritten the file
>myself with an empty file.  These guys let me hear about it for
>weeks!
>
> Then a few weeks later it happened again.  At first we blamed it on
>studio, then we blamed it on the network.  Then it happened to
>another developer.  You can imagine my relief (vindicated!) when I
>wasn't the only one who had been bit by this.
>
>Without more details from MM, I can't know for sure if this is the
>same issue addressed by their recent patch, but if it is, that means
>that CF Server was overwriting the file with a 0 byte file after I
>had successfully saved it from studio.
>
>Any thoughts?
>
>Jackson Moore
>[EMAIL PROTECTED]
>
>On Wed, 11 Jul 2001 15:35:45 -0400, Michael Dinowitz wrote:
>>Without going into details on my investigations yet, does anyone
>>know of
>>anyone being attacked by this hole? Has anyone found their 
documents
>>either
>>deleted or replaced with a 0 byte file? If so, please contact me. I
>>think I
>>know what the hole is and just need some extra 'leg work'.
>>
>>
>>>
>>> From: "Howie Hamlin" <[EMAIL PROTECTED]>
>>>
>>> >> 2) the nature of the security problem - obviously MM is going
>>>for
>>> >> security-thru-obscurity and is not going to describe the exact
>>>problem,
>>but
>>> >> some clue as to the possible effects, how to tell if the
>>>weakness has
>>been
>>> >> taken advantage of, etc would be helpful
>>> >>
>>> >
>>> >No idea...in a way it's better that they don't point out the
>>vulnerability.
>>>
>>> And in a way it is far worse - since while we are 'closing the
>>>door' on
>>> a bug, without more details, how can we tell if someone has taken
>>advantage
>>> of that open door on our system?
>>> --
>>> Never apply a Star Trek solution to a Babylon 5 problem.
>>> Larry W. Virden  >http://www.purl.org/NET/lvirden/>
>>> Even if explicitly stated to the contrary, nothing in this 
posting
>>>should
>>> be construed as representing my employer's opinions.
>>> -><-
>>>
>>>
>>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Important ColdFusion Security Patch Released Today

[Debbie Dickerson]

Michael,

Your issue sounds more like a known bug with Studio. It was related to
version Studio 4.5.0, and a hotfix was created for it. The fix is in the
knowledge base at
http://www.allaire.com/Handlers/index.cfm?ID=13852&Method=Full

Debbie
Macromedia

-Original Message-
From: Jackson Moore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 12, 2001 8:40 AM
To: CF-Talk
Subject: Re: Important ColdFusion Security Patch Released Today


Michael

I don't know if it is related, but I (and a few other developers I 
know) have had the "0 byte file" issue hit us.  Here was the 
scenario:

Edit a .cfm file in CF Studio.  Save file in CF Studio.  Refresh 
browser to verify updates.  Very, very seldom, we get an error from 
the CF Server that it can not read files that are 0 bytes in size.  
If I go back to studio, the file is still there.  However, if I close 
the file (won't get prompted to save since it was already saved), the 
file is lost and I have to restore from a backup.

You can imagine that the first time this showed up, everyone thought 
I was crazy and told me I had just accidentally overwritten the file 
myself with an empty file.  These guys let me hear about it for 
weeks!

 Then a few weeks later it happened again.  At first we blamed it on 
studio, then we blamed it on the network.  Then it happened to 
another developer.  You can imagine my relief (vindicated!) when I 
wasn't the only one who had been bit by this.

Without more details from MM, I can't know for sure if this is the 
same issue addressed by their recent patch, but if it is, that means 
that CF Server was overwriting the file with a 0 byte file after I 
had successfully saved it from studio.

Any thoughts?

Jackson Moore
[EMAIL PROTECTED]

On Wed, 11 Jul 2001 15:35:45 -0400, Michael Dinowitz wrote:
>Without going into details on my investigations yet, does anyone
>know of
>anyone being attacked by this hole? Has anyone found their documents
>either
>deleted or replaced with a 0 byte file? If so, please contact me. I
>think I
>know what the hole is and just need some extra 'leg work'.
>
>
>>
>> From: "Howie Hamlin" <[EMAIL PROTECTED]>
>>
>> >> 2) the nature of the security problem - obviously MM is going
>>for
>> >> security-thru-obscurity and is not going to describe the exact
>>problem,
>but
>> >> some clue as to the possible effects, how to tell if the
>>weakness has
>been
>> >> taken advantage of, etc would be helpful
>> >>
>> >
>> >No idea...in a way it's better that they don't point out the
>vulnerability.
>>
>> And in a way it is far worse - since while we are 'closing the
>>door' on
>> a bug, without more details, how can we tell if someone has taken
>advantage
>> of that open door on our system?
>> --
>> Never apply a Star Trek solution to a Babylon 5 problem.
>> Larry W. Virden  http://www.purl.org/NET/lvirden/>
>> Even if explicitly stated to the contrary, nothing in this posting
>>should
>> be construed as representing my employer's opinions.
>> -><-
>>
>>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Strange Error Message

[Mary_Baotic]

Has anyone ever encountered this error message from CF?

Error Diagnostic Information


ODBC Error Code = ()


Unable to instantiate environment for 'ODBC.'


The error occurred while processing an element with a general identifier of
(CFQUERY), occupying document position (14:1) to (14:42).


Date/Time: 07/12/01 05:33:11
Browser: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Remote Address: 12.88.100.115


I am sure it has to do with the computer and not cold fusion, but does
anyone have any insight on why this error message occurs and any fixes?





Mary


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

Re: Important ColdFusion Security Patch Released Today

[CFTalk]

Michael

I don't know if it is related, but I (and a few other developers I 
know) have had the "0 byte file" issue hit us.  Here was the 
scenario:

Edit a .cfm file in CF Studio.  Save file in CF Studio.  Refresh 
browser to verify updates.  Very, very seldom, we get an error from 
the CF Server that it can not read files that are 0 bytes in size.  
If I go back to studio, the file is still there.  However, if I close 
the file (won't get prompted to save since it was already saved), the 
file is lost and I have to restore from a backup.

You can imagine that the first time this showed up, everyone thought 
I was crazy and told me I had just accidentally overwritten the file 
myself with an empty file.  These guys let me hear about it for 
weeks!

 Then a few weeks later it happened again.  At first we blamed it on 
studio, then we blamed it on the network.  Then it happened to 
another developer.  You can imagine my relief (vindicated!) when I 
wasn't the only one who had been bit by this.

Without more details from MM, I can't know for sure if this is the 
same issue addressed by their recent patch, but if it is, that means 
that CF Server was overwriting the file with a 0 byte file after I 
had successfully saved it from studio.

Any thoughts?

Jackson Moore
[EMAIL PROTECTED]

On Wed, 11 Jul 2001 15:35:45 -0400, Michael Dinowitz wrote:
>Without going into details on my investigations yet, does anyone
>know of
>anyone being attacked by this hole? Has anyone found their documents
>either
>deleted or replaced with a 0 byte file? If so, please contact me. I
>think I
>know what the hole is and just need some extra 'leg work'.
>
>
>>
>> From: "Howie Hamlin" <[EMAIL PROTECTED]>
>>
>> >> 2) the nature of the security problem - obviously MM is going
>>for
>> >> security-thru-obscurity and is not going to describe the exact
>>problem,
>but
>> >> some clue as to the possible effects, how to tell if the
>>weakness has
>been
>> >> taken advantage of, etc would be helpful
>> >>
>> >
>> >No idea...in a way it's better that they don't point out the
>vulnerability.
>>
>> And in a way it is far worse - since while we are 'closing the
>>door' on
>> a bug, without more details, how can we tell if someone has taken
>advantage
>> of that open door on our system?
>> --
>> Never apply a Star Trek solution to a Babylon 5 problem.
>> Larry W. Virden  http://www.purl.org/NET/lvirden/>
>> Even if explicitly stated to the contrary, nothing in this posting
>>should
>> be construed as representing my employer's opinions.
>> -><-
>>
>>
>
~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

UPDATE: Suggested Security Patch Workarounds

[Damon Cooper]

Unfortunately, Mike's proposed workaround below will not work.  There is no
known workaround to the issue.  It affects all servers, regardless of
application, security contexts, HTTP method filtering, port, etc.   

Unless you completely trust every end user who is able to connect to your
your ColdFusion server machine, the patch must be applied to production
servers to be secure from these vulnerabilities.

Please refer to the updated Security Bulletin on the Security Zone
(http://www.allaire.com/security) and associated FAQ for answers to these
and other commonly asked questions.

We can't overemphasize the importance of applying the patch immediately to
all affected servers.  

While we are not aware of any known exploit attempts using these
vulnerabilities, we believe it's just of time before hackers turn their
attention to this Bulletin and begin reverse engineering efforts to
determine the exploit details.  We want to give our customers the largest
window of opportunity to apply the patch before that happens.  It may just
be a matter of days before hackers successfully begin probing sites for
servers vulnerable to exploit attempts.

Fortunately, because the vulnerabilities were discovered internally in the
course of a routine product security audit, rather than external
notification, customers have the advantage at the moment of being notified
of the problem, have a patch available and can apply the fix before hackers
are able to begin probing expeditions.  But as we know, the clock is surely
ticking, so (again), it's critical that administrators apply the patch
without delay to protect their servers.

Please forward any direct inquiries regarding this or other product
security-related issues to [EMAIL PROTECTED]

Thanks

Damon Cooper

==
Date: Wed, 11 Jul 2001 17:02:07 -0400 
From: [EMAIL PROTECTED] (Michael Dinowitz) 
To: [EMAIL PROTECTED] 
Subject: Re: Important ColdFusion Security Patch Released Today 
Message-ID: <00df01c10a4c$c56c83e0$[EMAIL PROTECTED]> 

There is a potential workaround if what I'm seeing is true. Have your 
webserver block any HTTP method other than get and post. If your webserver
can do that, you should be safe. I'll say more later. 

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

RE: Get Table names, and Field Names

[DeVoil, Nick]

> Is there a SQL command, or CF Function that can get the names of all the 
tables in a database?

Chad

It depends what DBMS you're using.

If it's Access, look here

http://www.thenetprofits.co.uk/coldfusion/faq/#answer77

Otherwise I believe the following queries are mostly correct:

Ingres:SELECT relname FROM iirelation
Oracle:SELECT table_name FROM user_tables
PostgreSQL:SELECT relname FROM pg_class
MS SQL Server: SELECT name FROM sysobjects WHERE type = 'U'
Informix:  SELECT tabname FROM systables WHERE tabtype = 'T'
Sybase SQL Server: SELECT name FROM sysobjects WHERE type = 'U'

MySQL: Can't be done using simple SQL commands.

Aidan, maybe you could add these to the FAQ?

Nick



**
Information in this email is confidential and may be privileged. 
It is intended for the addressee only. If you have received it in error,
please notify the sender immediately and delete it from your system. 
You should not otherwise copy it, retransmit it or use or disclose its
contents to anyone. 
Thank you for your co-operation.
**

~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists

AW: Define and Call UD-Functions

[Wagner Patrick]

Thanks a lot for the answers!

Great way to reference functions inside a scope. 
Thanks for the hints!

Carefull reading of the (well-hidden :-) documentation would have helped.


Kind Regards

Patrick Wagner
Application Engineer
conceptware ag


~~
Structure your ColdFusion code with Fusebox. Get the official book at 
http://www.fusionauthority.com/bkinfo.cfm

Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists