cflocation in new window
Is there any way to get cflocation to open a new window? Trying to do something like the below, but open a new window... cfcase VALUE=1 cflocation url=""> /cfcase [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Resources for CF MX Enterprise
If you only look at performance numbers then IBM Websphere is your best option, but like everybody I also want to ride a Ferrari and the money tree is still not large enough ;) Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cflocation in new window
no way to target a cflocation, use _javascript_ instead. jb. On Thu, 22 Jul 2004 02:32:19 -0400, [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Is there any way to get cflocation to open a new window? Trying to do something like the below, but open a new window... cfcase VALUE=1 cflocation url=""> /cfcase [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Urgent help needed Please
Can anyone help me
I am new to CF. we have backend as MySql and I am trying to insert into
a database created in SQL using this query:
cfquery name=add datasource=newmembers
INSERT INTO members
(name,email)
VALUES ('#name#','#email#')
/cfquery
But it is not adding to the database, the submit is just going to the
query page and we can see all these codes in browsers...
I think the problem is, coldfusion server is not parsing code before handing it over to the webserver. we are working on Mac OS
X with MySql.
How to fix this problem...
I really need help...
Sangeeta
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: Resources for CF MX Enterprise
| From: Sean Corfield [mailto:[EMAIL PROTECTED] | Sent: Thursday, July 22, 2004 07:01 | JRun is what powers CFMX on macromedia.com and we find it | scalable and robust. I'd be very interested to hear any | specific problems you think JRun has? We are seeing this problem on our Jrun servers: http://www.macromedia.com/cfusion/webforums/forum/messageview.cfm?catid =69threadid=806965 The server hangs and stops responding. -- Hugo Ahlenius - Hugo AhleniusE-Mail: [EMAIL PROTECTED] Project Officer Phone:+46 8 230460 UNEP GRID-ArendalFax:+46 8 230441 Stockholm OfficeMobile:+46 733 467111 WWW: http://www.grida.no - ### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Resources for CF MX Enterprise
Sean While not a problem specifc to my situation bug 56262 could cause some cause for concern http://www.macromedia.com/cfusion/webforums/forum/messageview.cfm?catid= 69 http://www.macromedia.com/cfusion/webforums/forum/messageview.cfm?catid =69threadid=806965 threadid=806965 KOla -Original Message- From: Sean Corfield [mailto:[EMAIL PROTECTED] Sent: 22 July 2004 06:01 To: CF-Talk Subject: Re: Resources for CF MX Enterprise I would also look at deploying against Websphere or another J2EE package if you go the Enterprise route. JRun is fine, but as you scale you may want something more robust. JRun is what powers CFMX on macromedia.com and we find it scalable and robust. I'd be very interested to hear any specific problems you think JRun has? -- Sean A Corfield -- http://www.corfield.org/blog/ If you're not annoying somebody, you're not really alive. -- Margaret Atwood _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Windows groups
All, If I am authenticating a user with Windows Authentication in IIS - I know that I can get the user name with the cgi.remote_user variable but is there any way for me to find out what windows groups the user is a member of? Have been reading about cflogin - anyone any experiences with this and windows authentication? TIA Simon [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: jdbc settings???
Doug What driver are you using? Kola -Original Message- From: Douglas Knudsen [mailto:[EMAIL PROTECTED] Sent: 22 July 2004 04:41 To: CF-Talk Subject: RE: jdbc settings??? yeah, maybe, but if that did work, wrap over 100 cfquery tags in this? not! The DBA feels this SET TRANSACTION ISOLATION LEVEL READ COMMITTED isn't really neccessary and he wants to see what SQL is actually getting executed via Oracle Doug...of the jealous non gmail clan;) -Original Message- From: Qasim Rasheed [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 11:25 PM To: CF-Talk Subject: Re: jdbc settings??? I guess you can use cftransaction tag with changing the isolation attribute. Qasim - Original Message - From: Douglas Knudsen [EMAIL PROTECTED] Date: Wed, 21 Jul 2004 22:57:39 -0400 Subject: jdbc settings??? To: CF-Talk [EMAIL PROTECTED] My DBA is saying that SET TRANSACTION ISOLATION LEVEL READ COMMITTED is executed by CF on each query. Any way to turn this off? --- Douglas Knudsen http://www.cubicleman.com/ http://www.cubicleman.com If you don't like something, change it. If you can't change it, change your attitude. Don't complain. - Maya Angelou _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Windows groups
Simon Whittaker wrote: If I am authenticating a user with Windows Authentication in IIS - I know that I can get the user name with the cgi.remote_user variable but is there any way for me to find out what windows groups the user is a member of? net user username should tell you. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: CFMX 6.1 and MySQL insert question
If a user is using the form and enter the value bla bla \n bla bla \bla.. because he wants the \n or the \ it won't work.. I don't want to used the \n as a break like with #Chr(13)##Chr(10)# Use cfqueryparam - it'll correctly escape everything for you so you don't have to worry about the \n being changed to a newline char when inserted. Tim. -- --- Badpen Tech - CF and web-tech: http://tech.badpen.com/ --- RAWNET LTD - Internet, New Media and ebusiness Gurus. WE'VE MOVED - for our new address, please visit our website at http://www.rawnet.com/ or call us any time on 0800 294 24 24. --- This message may contain information which is legally privileged and/or confidential.If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. --- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
cfmx updater 3
Hello, I have been trying to find out the CFMX updater 3; I know there is CFMX 6.1 now, I've got it but I am doing some migration test between different machines. Unfortunately I cannot find the updater3 on the macromedia website. Does anybody know where I can find it? Thanks, Jean-Marc [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Dinowitz_Debug
On Wednesday 21 Jul 2004 18:03 pm, Philip Arnold wrote: Unable to write CFFORM _javascript_ functions. I get that, yet the tree appears anyway as a java applet. Maybe a try/catch to squish the error ? -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Caching CFC's
Is this a correct way of caching a CFC, for future reuse and preventing
useless IO traffic? I never tried this approach in production but I
don't believe there are a lot of problems with this construction in
terms of memory.
cfapplication name=persistencyTest sessionmanagement=yes
clientmanagement=no
cflock scope=application type=exclusive timeout=1
cfif NOT IsDefined('application.IOFactory')
!--- loaded CFC into cache ---
cfset IOFactory =
createObject('component','myfunction').init()
cfset application.IOFactory = IOFactory
cfelse
!--- loaded CFC from cache for reuse without re-calling
the class ---
cfset IOFactory = application.IOFactory
/cfif
/cflock
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
CF Studio (5.0) keyboard shortcut?
Hi, Anyone know if there's a way to set up a keyboard shortcut to deploy a file that you just saved?For example, I finish editing a file, and I save it...now I want to deploy it, but I have to right click on the file in the project window and choose Deploy File... Under customize - keyboard shortcuts, I find a 'Deployment Wizard' I can create a shortcut to, but that's for deploying a whole project it seems. Any ideas? Thanks! Sincerely, Dave Phillips 94percent.com [EMAIL PROTECTED] 615-746-3851 Why do 100% of the work when we'll do 94% of it for you? - http://honor.94percent.com (request password if you're interested) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Caching CFC's
A few things.
1) The lock isn't really necessary if you don't have any race conditions.
2) Why do you create a copy of application.IOFactory in the variables
scope? You don't need to normally. I'd just have code like so:
cfif not isDefined(application.foo)
cfset application.foo = createObject(etc)
/cffi
-Ray
On Thu, 22 Jul 2004 13:28:59 +0200, Micha Schopman
[EMAIL PROTECTED] wrote:
Is this a correct way of caching a CFC, for future reuse and preventing
useless IO traffic? I never tried this approach in production but I
don't believe there are a lot of problems with this construction in
terms of memory.
cfapplication name=persistencyTest sessionmanagement=yes
clientmanagement=no
cflock scope=application type=exclusive timeout=1
cfif NOT IsDefined('application.IOFactory')
!--- loaded CFC into cache ---
cfset IOFactory =
createObject('component','myfunction').init()
cfset application.IOFactory = IOFactory
cfelse
!--- loaded CFC from cache for reuse without re-calling
the class ---
cfset IOFactory = application.IOFactory
/cfif
/cflock
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: Caching CFC's
The lock I placed here was more like a simulation of what I wanted to do, code within could crash on race conditions (although that should be impossible with a correct CFC). The reason why I copy the application,scopeinto a variables scope, is to use the CFC throughout the application without the need to relock again with a type=read to access the methods (in case of race conditions). I also could just call the application scope, without locking, but It has become common since I still work a lot with CF5, and less with CFMX due to company management decisions. But you're right in terms of, when race conditions do not affect the cfc, the locking is unneeded. (also because cfmx has fixed locking memory leaks). I thought about this technique because I use a framework which is very much build upon a single file which checks for locations of files, inheritance, overriding for customers, etc. and this file is called about 6 times per request. So I thought, why recall that file (*.cfc) again and again while the contents are exactly the same. Every customer uses a specific directory to read files from, but these files get overrided when the customer has a file with the exact name in its own directory. This structure is cached in a struct, and it would be great if I can create some sort of persistency for the duration of the application scope, without calling the CFC on each request, but instead calling the code in memory for each request. It was merely a thought about in memory processing of code, which ofcourse is the fastest way of processing code, but I do not have a clue if this could lead to unwanted errors :-) Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cflocation in new window
Is there any way to get cflocation to open a new window? Trying to do something like the below, but open a new window... cfcase VALUE=1 cflocation url=""> /cfcase No, because cflocation works by setting an http header on the page, there's no interraction with surrounding windows in the browser or DOM. So as far as the command is concerned, there are no other windows to locate. There is a _javascript_ command which is functionally the same as cflocation (meaning that it replaces the current page in the browser's history, thus preserving the functionality of the back button). It's called location.replace() and you can cal this on any window, i.e. cfoutput script language=_javascript_ top.location.replace(myurl.cfm?id=#newsletterID#); /script /cfoutput When using the onTap framework I have a function which creates this string js output I use this for all my redirection for a number of reasons -- there is no potential conflict with cfflush (cflocation can cause an error if performed after a cfflush tag), it can relocate other frames, and it's a string value, so it can be embedded in the content and then subsequently manipulated like any other string value, as opposed to cflocation where only the address can be manipulated and only before the tag. Of course, since it's _javascript_ it simply won't do anything if the visitor has turned of the scripting feature in their browser, but all the browsers that I've found that support scripting do support the function. s. isaac dealey954.927.5117 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.sys-con.com/story/?storyid=44477DE=1 http://www.sys-con.com/story/?storyid=45569DE=1 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cflocation in new window
cfoutput script language=_javascript_ top.location.replace(myurl.cfm?id=#newsletterID#); /script /cfoutput This works great to replace the current window . I'm not 100% sure of the syntax to open the URL in a new window though. Everybody can obviously tell my _javascript_ is darned rusty at this point... -- Les Mizzell -- Certe, toto, sentio nos in kansate non iam adesse -- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Minimum for testing Oracle databases
Thanks Dave. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cflocation in new window
On Thursday 22 Jul 2004 13:35 pm, Les Mizzell wrote: This works great to replace the current window . I'm not 100% sure of the syntax to open the URL in a new window though. http://www.htmlcodetutorial.com/linking/linking_famsupp_70.html -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cflocation in new window
Current window script type=text/_javascript_ window.location.href = ''; /script Parent window (for ex. window which holds an iframe, this script is called from within the iframe) script type=text/_javascript_ parent.location.href = ''; /script Top frame (Jedi master frame) script type=text/_javascript_ top.location.href = ''; /script Of a specific frame script type=text/_javascript_ window.frames['framename'].location.href = ''; /script etc.. :-) just ask..I am kinda a JS addict for quite a long time Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Ecommerce site work...
www.x-cart.com http://www.x-cart.com/if you can deal with PHP and MySQL. I've used it MANY times and it is incredible. It only costs ~$200 and it's awesome. You have the full store, shipping, an incredible admin, order mgt... I really like it. Good luck. --Ferg Hello, I am not sure if there was a mail alias at HOFto direct this to.So please don't be peeved, maybe you can direct me to some good sites? Is there a place anyone knows of where I can find a (mostly) pre-made eCommerce web-site for sale? I need a login, shopping cart, dynamic database, automated emails for certain things,etc... and a few other items. I would like to just use something pretty much pre-made and just change my colors, headmast graphics,etc... and be done with it. Even if it was not a site for CF would be ok like php/mysql or whatever... I can tweak some of the code for my emails,etc... but I cannot build the whole thing on my own. I did find one such site but if I ever go to a different hosting company I can only take my database with me , not the site. ~/Wayne [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cflocation in new window
http://www.htmlcodetutorial.com/linking/linking_famsupp_70.html Partial quote from the link above... More than one web developer has been reduced to tears trying to get popups to work correctly. A little dramatic but a good resource. :-) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Caching CFC's
Micha, If I remember the code you sent correctly -- you didn't copy anything anywhere, remember that CFCs/structs and others are only copied by reference, you need Duplicate() to do that. I think you lose some of the point with the caching, as well, by copying the whole cfc. What you should do -- make sure that the component doesn't store any instance data after init(), and if they do, then it should be locked. And make sure the component is thread safe. -- Hugo Ahlenius - Hugo AhleniusE-Mail: [EMAIL PROTECTED] Project Officer Phone:+46 8 230460 UNEP GRID-ArendalFax:+46 8 230441 Stockholm OfficeMobile:+46 733 467111 WWW: http://www.grida.no - | -Original Message- | From: Micha Schopman [mailto:[EMAIL PROTECTED] | Sent: Thursday, July 22, 2004 14:16 | To: CF-Talk | Subject: RE: Caching CFC's | | The lock I placed here was more like a simulation of what I | wanted to do, code within could crash on race conditions | (although that should be impossible with a correct CFC). | | The reason why I copy the application,scopeinto a variables | scope, is to use the CFC throughout the application without | the need to relock again with a type=read to access the | methods (in case of race conditions). I also could just call | the application scope, without locking, but It has become | common since I still work a lot with CF5, and less with CFMX | due to company management decisions. But you're right in | terms of, when race conditions do not affect the cfc, the | locking is unneeded. (also because cfmx has fixed locking | memory leaks). | | I thought about this technique because I use a framework | which is very much build upon a single file which checks for | locations of files, inheritance, overriding for customers, | etc. and this file is called about 6 times per request. So I | thought, why recall that file (*.cfc) again and again while | the contents are exactly the same. Every customer uses a | specific directory to read files from, but these files get | overrided when the customer has a file with the exact name in | its own directory. This structure is cached in a struct, and | it would be great if I can create some sort of persistency | for the duration of the application scope, without calling | the CFC on each request, but instead calling the code in | memory for each request. | | It was merely a thought about in memory processing of code, | which ofcourse is the fastest way of processing code, but I | do not have a clue if this could lead to unwanted errors :-) | Micha Schopman Software Engineer Modern Media, Databankweg 12 | M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK | Amersfoort 39081679, Rabo 39.48.05.380 | | | [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cflocation in new window
More than one web developer has been reduced to tears trying to get popups to work correctly. I don't have a problem getting a popup to work from an onLoad in the body or attached to an image or a link. What's giving me a fit is this is inside a cfswitch statement like: cfcase value=action1 Open a new window so the user can preview what he just did /cfcase cfcase value=action2 update the database and use a cflocatioin to go back to the menu /cfcase cfcase value=action3 We're done, just use a cflocation here to go somewhere else /cfcase Action 2 and 3 are working like a champ. Action one need to open a new window so the user can preview a bunch of changes he is getting ready to submit on a format administration page... -- Les Mizzell -- Certe, toto, sentio nos in kansate non iam adesse -- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
CF_HTML2PDF3 Question
I have run into a strange issue with the CF_HTML2PDF3. I have been using it for some time to create simple PDFs without any problems.Lately I've noticed that it doesn't seem to want to overwrite existing PDF files but it doesn't throw any errors that I can tell. In other words, I'll have it write a PDF file, and then make a change and have it rewrite a file of the same name.When I go back and check, the file isn't updated, even though I know the code that should have done so executed.I am wondering if anyone has any advice on how to debug this.I can't figure out how to get the tag to tell me if its hitting an error and what that might be.BTW, it seems to work sometimes, just not every time. __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Caching CFC's
So I merely created a pointer ... ... erm .. oops? .. It is kunda frustrating working with CF since the betas but never being able to work with CFMX because management denied it based on the risc. now is the time to strike back ;) My hope is on a quite big improvement in processing requests when using CFC's. Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Caching CFC's
One problem though - Duplicate doesn't work on CFCs. Sure, it doesn't throw an error, but it doesn't copy it correctly. Ditto for CFWDDX. You can serialize a CFC but your packet can't be deserialized correctly. -Ray On Thu, 22 Jul 2004 14:50:58 +0200, Hugo Ahlenius [EMAIL PROTECTED] wrote: Micha, If I remember the code you sent correctly -- you didn't copy anything anywhere, remember that CFCs/structs and others are only copied by reference, you need Duplicate() to do that. I think you lose some of the point with the caching, as well, by copying the whole cfc. What you should do -- make sure that the component doesn't store any instance data after init(), and if they do, then it should be locked. And make sure the component is thread safe. -- Hugo Ahlenius - Hugo AhleniusE-Mail: [EMAIL PROTECTED] Project Officer Phone:+46 8 230460 UNEP GRID-ArendalFax:+46 8 230441 Stockholm OfficeMobile:+46 733 467111 WWW: http://www.grida.no - | -Original Message- | From: Micha Schopman [mailto:[EMAIL PROTECTED] | Sent: Thursday, July 22, 2004 14:16 | To: CF-Talk | Subject: RE: Caching CFC's | | The lock I placed here was more like a simulation of what I | wanted to do, code within could crash on race conditions | (although that should be impossible with a correct CFC). | | The reason why I copy the application,scopeinto a variables | scope, is to use the CFC throughout the application without | the need to relock again with a type=read to access the | methods (in case of race conditions). I also could just call | the application scope, without locking, but It has become | common since I still work a lot with CF5, and less with CFMX | due to company management decisions. But you're right in | terms of, when race conditions do not affect the cfc, the | locking is unneeded. (also because cfmx has fixed locking | memory leaks). | | I thought about this technique because I use a framework | which is very much build upon a single file which checks for | locations of files, inheritance, overriding for customers, | etc. and this file is called about 6 times per request. So I | thought, why recall that file (*.cfc) again and again while | the contents are exactly the same. Every customer uses a | specific directory to read files from, but these files get | overrided when the customer has a file with the exact name in | its own directory. This structure is cached in a struct, and | it would be great if I can create some sort of persistency | for the duration of the application scope, without calling | the CFC on each request, but instead calling the code in | memory for each request. | | It was merely a thought about in memory processing of code, | which ofcourse is the fastest way of processing code, but I | do not have a clue if this could lead to unwanted errors :-) | Micha Schopman Software Engineer Modern Media, Databankweg 12 | M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK | Amersfoort 39081679, Rabo 39.48.05.380 | | | [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: jdbc settings???
We are using the Oracle driver, the stock one with CFMX enterprise. Doug Doug What driver are you using? Kola -Original Message- From: Douglas Knudsen [mailto:[EMAIL PROTECTED] Sent: 22 July 2004 04:41 To: CF-Talk Subject: RE: jdbc settings??? yeah, maybe, but if that did work, wrap over 100 cfquery tags in this? not! The DBA feels this SET TRANSACTION ISOLATION LEVEL READ COMMITTED isn't really neccessary and he wants to see what SQL is actually getting executed via Oracle Doug...of the jealous non gmail clan;) -Original Message- From: Qasim Rasheed [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 11:25 PM To: CF-Talk Subject: Re: jdbc settings??? I guess you can use cftransaction tag with changing the isolation attribute. Qasim - Original Message - From: Douglas Knudsen [EMAIL PROTECTED] Date: Wed, 21 Jul 2004 22:57:39 -0400 Subject: jdbc settings??? To: CF-Talk [EMAIL PROTECTED] My DBA is saying that SET TRANSACTION ISOLATION LEVEL READ COMMITTED is executed by CF on each query. Any way to turn this off? --- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Caching CFC's
One other thing about storing the cfc in the application scope was
that any changes to the CFC wouldn't be reflected until the
application re-started. So I'd also consider adding something like
this:
cfif NOT IsDefined('application.IOFactory') OR
(isDefined(url.killApp) AND url.killApp eq yes)
...
So that you can easily re-create all your objects
G
On Thu, 22 Jul 2004 13:28:59 +0200, Micha Schopman
[EMAIL PROTECTED] wrote:
Is this a correct way of caching a CFC, for future reuse and preventing
useless IO traffic? I never tried this approach in production but I
don't believe there are a lot of problems with this construction in
terms of memory.
cfapplication name=persistencyTest sessionmanagement=yes
clientmanagement=no
cflock scope=application type=exclusive timeout=1
cfif NOT IsDefined('application.IOFactory')
!--- loaded CFC into cache ---
cfset IOFactory =
createObject('component','myfunction').init()
cfset application.IOFactory = IOFactory
cfelse
!--- loaded CFC from cache for reuse without re-calling
the class ---
cfset IOFactory = application.IOFactory
/cfif
/cflock
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
Re: cflocation in new window
cfoutput script language=_javascript_ top.location.replace(myurl.cfm?id=#newsletterID#); /script /cfoutput This works great to replace the current window . I'm not 100% sure of the syntax to open the URL in a new window though. Everybody can obviously tell my _javascript_ is darned rusty at this point... Oh I thought you meant in a frame... sorry... this syntax will work with another frame of iframe, for instance, top.frames[0].location.replace(); ... to open a whole new window all-together you want to use window.open(); window.open(myurl.cfm?id=#newsletterID#,windowname,features); the name just identifies the window being opened so it can be targeted by links and so that additional calls to window.open() will open in the existing window (in which case it's not brought to the front automatically, so you have to add window.focus() to the page to make it come to the front). features include such things as scrollbars, resizability, toolbar and statusbar. Microsoft has a pretty decent reference for html _javascript_ in their msdn library site... http://msdn.microsoft.com/library/default.asp?url=""> ml/reference/dhtml_reference_entry.asp I find it pretty easy to navigate, and it tells you what belongs to MS and what belongs to the standard (and which standard whether it's html, js or css). the window.replace() function can be found here: http://msdn.microsoft.com/workshop/author/dhtml/reference/methods/open _0.asp s. isaac dealey954.927.5117 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.sys-con.com/story/?storyid=44477DE=1 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Kill window Kill session
I have a web app that requires a username and password.When the user logs into the application, a directory is dynamically created for that user.when the person uses the logout button, the directory and all the files included in it, gets deleted. The problem i am having is when users 'X' out of the application rather than using the logout function.The session get destroyed, but the directory and the files in it will not be deleted. Any ideas [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Caching CFC's
Always.. there are more caching system involved in the application, but since it is production the only time you have to flush them is when you change framework files. Micha Schopman Software Engineer Modern Media, Databankweg 12 M, 3821 ALAmersfoort Tel 033-4535377, Fax 033-4535388 KvK Amersfoort 39081679, Rabo 39.48.05.380 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Resources for CF MX Enterprise
Hi Michael, I compiled these resources about JRun and getting started: http://gregs.tcias.co.uk/jrun/jrun_resources.php If anyone has other ones, I'd be happy to hear about them. Cheers G On Wed, 21 Jul 2004 19:03:08 -0500, Dawson, Michael [EMAIL PROTECTED] wrote: Other than the LiveDocs, can anyone point me to information about the Enterprise class of CFMX?Our new VP is asking me and the other web developer to place both of our sites on the same server.He also requires that we use Windows 2003 Network Load Balancing. To allow for the clustering, we have gotten approval for a couple licenses of CF Enterprise.Other than the too-high cost, this product is awesome.I love the ability to create multiple instances and assign an instance to an individual web site. I'm looking for information related to best-practices or tips and tricks.I'm sure there are things that MACR hasn't covered in their documentation. Thanks for any help! M!ke [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Kill window Kill session
I have a web app that requires a username and password. When the user logs into the application, a directory is dynamically created for that user.when the person uses the logout button, the directory and all the files included in it, gets deleted. The problem i am having is when users 'X' out of the application rather than using the logout function.The session get destroyed, but the directory and the files in it will not be deleted. Any ideas Unfortunately the only way to resolve this will be to employ a _javascript_ tactic which will prevent the user from being able to use their refresh or back buttons while they're using the application. Open the application in a fameset or an iframe. Then add an onunload() and onbeforeunload() event (for IE because IE handles it in a non-standard way) to the top window which launches the logout page in a separate frame or iframe. When the user closes their browser (without hitting the logout button - or if they refresh or go back), it will automatically load the logout page that frame or iframe prior to closing the browser. Popup killers won't affect it because it's not a popup, although you do need to be sure that users have _javascript_ enabled before they log-in, which can be done by dynamically populating the login form. In other words, when they go to log in, the page presents a we're sorry, you must have _javascript_ enabled message. Then a bit of _javascript_ replaces that message with the log-in form. If you need help with any of this I've done it before myself, so just let me know. s. isaac dealey954.927.5117 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.sys-con.com/story/?storyid=44477DE=1 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Kill window Kill session
Ifyou have J2EE enabled you can create a HttpSessionListener implementation which clears the directory when it receives a sessiondestroy callback.This will do your cleanup automatically and does not rely on client-side scripting which sometimes doesn't work: (Examples: computer shuts off/unplugged, User kills the app, non standard browsers, etc). -Dov Dov Katz Enterprise Client Technology Morgan Stanley 750 7th Avenue | 34th Floor | NYC 10019 [EMAIL PROTECTED] _ From: S.Isaac Dealey [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 9:27 AM To: CF-Talk Subject: Re: Kill window Kill session I have a web app that requires a username and password. When the user logs into the application, a directory is dynamically created for that user.when the person uses the logout button, the directory and all the files included in it, gets deleted. The problem i am having is when users 'X' out of the application rather than using the logout function.The session get destroyed, but the directory and the files in it will not be deleted. Any ideas Unfortunately the only way to resolve this will be to employ a _javascript_ tactic which will prevent the user from being able to use their refresh or back buttons while they're using the application. Open the application in a fameset or an iframe. Then add an onunload() and onbeforeunload() event (for IE because IE handles it in a non-standard way) to the top window which launches the logout page in a separate frame or iframe. When the user closes their browser (without hitting the logout button - or if they refresh or go back), it will automatically load the logout page that frame or iframe prior to closing the browser. Popup killers won't affect it because it's not a popup, although you do need to be sure that users have _javascript_ enabled before they log-in, which can be done by dynamically populating the login form. In other words, when they go to log in, the page presents a we're sorry, you must have _javascript_ enabled message. Then a bit of _javascript_ replaces that message with the log-in form. If you need help with any of this I've done it before myself, so just let me know. s. isaac dealey954.927.5117 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.sys-con.com/story/?storyid=44477DE=1 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Kill window Kill session
The problem i am having is when users 'X' out of the application rather than using the logout function.The session get destroyed, but the directory and the files in it will not be deleted. keeping it simple keep a note of when folders were created and last accessed in an application structure and run a scheduled task deleting the ones over X minutes old and not accessed in session timeout from now? -- dc [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
CF Based Jukebox
Some of have been playing around with CF-based Jukeboxes. Mine, is currently patterned (roughly) after iTunes. It parses the iTunes Library.xml file then publishes playlists and tracks to a web browser. The UI is an approximation of the iTunes desktop application. My latest discovery (thanks to Rick's KCJukebox) was that you can imbed a player in your html. This solved several issues: 1) You can play songs continuously (playlists) 2) You can override the current song/playlist by selecting another 3) you can prevent (mostly) unauthorized copying/saving of the media. I am using the QuickTime browser plugin, available free for Mac and Win, at: http://www.apple.com/quicktime/download/ You need to get the latest version. In my fooling around with QuickTime I discovered that you can script it and control it with _javascript_. QuickTime will play movies and mp3, etc so it is a good choice for a multi-media Jukebox. I plan to add photos/slideshows/movies/text in later versions. Anyway, if you want, have a look at my initial effort at: http://67.124.145.42/cfusion/myMedia/ I haven't tested it on all browsers -- any feedback will be appreciated. TIA Dick PS.This is one of the apps that is a good candidate for CFAnywhere (you could put a self-contained package on a CD/DVD). The nice thing about standards is that there are so many of them to choose from. - Andrew S. Tanenbaum - [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cflocation in new window
So what's wrong with just putting the js inside your first cfcase statement to open the new window? cfcase value=action1 script type=text/_javascript_ window.open(http://www.yahoo.com); /script /cfcase _ More than one web developer has been reduced to tears trying to get popups to work correctly. I don't have a problem getting a popup to work from an onLoad in the body or attached to an image or a link. What's giving me a fit is this is inside a cfswitch statement like: cfcase value=action1 Open a new window so the user can preview what he just did /cfcase cfcase value=action2 update the database and use a cflocatioin to go back to the menu /cfcase cfcase value=action3 We're done, just use a cflocation here to go somewhere else /cfcase Action 2 and 3 are working like a champ. Action one need to open a new window so the user can preview a bunch of changes he is getting ready to submit on a format administration page... -- Les Mizzell [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Calling CFC's through Browser Request
Hi all CF-TALKers :), I'm trying to implement a Model-View-Controller architecture in a new project I'm working on. I've borrowed heavily from Ben's (http://www.benorama.com/coldfusion/patterns/part2.htm) visualization of the MVC pattern in CFMX- with CFC's serving as the controller layer. Obviously this means that CFC's will be called directly through browser requests, albeit, as per Ben's recommendations, through form posts only. Be that as it may, I require certain actions to call CFC's through a GET request. In either case, here are my questions regarding the situation- 1) How do I guard against an unscrupulous/curious user from trying to access arbitrary methods in the CFC (which may not necessarily exist, or have public access)? One way I know would be to cfswitch between all the valid public access methods and provide a defaultcase; I hate to put any code other than instance variables outside functions (not in line with OO principles). What has your experience with that been? Or how else would you tackle this situation. Not handling the situation will allow the CFC to throw an uncaught exception to the User- again I won't (?) be able to put try/catch statements around the CFC. 2) Ben's way of transferring control from the controller CFC to the view page is to use cflocation. Can anyone throw some more light on the relative pitfalls of relocating versus including the view page (another way of transferring control) from the CFC? I appreciate your feedback on my questions...hopefully this will be useful to others too TIA Nikhil [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Blackstone Presentation
Ben Forta is coming to the Southern Maryland CFUG this afternoon to do the Blackstone questions.I'm curious, for those of you who have seen it already, if you can give me a heads up for specific parts of the presentation to pay close attention to and/or specific questions that have been asked that have prompted good discussion in other meetings. I'm sure there will be plenty of good dialog either way, but I just figured I'd see if anyone had any info to pass along.Thanks. John Burns [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Kill window Kill session
Or store session tracking info in a table and check the table to see which sessions aren't active anymore. Then you can remove the directories belonging to those sessions. --Ferg _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 8:42 AM To: CF-Talk Subject: RE: Kill window Kill session The problem i am having is when users 'X' out of the application rather than using the logout function.The session get destroyed, but the directory and the files in it will not be deleted. keeping it simple keep a note of when folders were created and last accessed in an application structure and run a scheduled task deleting the ones over X minutes old and not accessed in session timeout from now? -- dc [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
A script to Prevent SQL Injection: feedback/suggestions?
The Atlanta CFUG discussed SQL injection at its last meeting.Here is a script I wrote for removing all SQL injection from FORM and URL scopes.You could either put this in a file and including it in your Application.CFM or turn it into a Function and put it in a CFC and Invoke it from the Application.CFM.With this done, POOF!!, no SQL Injection!At least not from the FORM or URL scopes. Test it here: http://www.dynapp.net/_test.cfm Let me know if you have any feedback or suggestions. THANKS!! Wes See Script Below [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
There are several of these scripts out there.all seem to do exactly what this doesits certainly good to see other people are still conscious of it all! _ From: Wes [mailto:[EMAIL PROTECTED] Sent: 22 July 2004 14:58 To: CF-Talk Subject: A script to Prevent SQL Injection: feedback/suggestions? The Atlanta CFUG discussed SQL injection at its last meeting.Here is a script I wrote for removing all SQL injection from FORM and URL scopes.You could either put this in a file and including it in your Application.CFM or turn it into a Function and put it in a CFC and Invoke it from the Application.CFM.With this done, POOF!!, no SQL Injection!At least not from the FORM or URL scopes. Test it here: http://www.dynapp.net/_test.cfm Let me know if you have any feedback or suggestions. THANKS!! Wes See Script Below _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Caching CFC's
I tested a combination, one object created in the application scope, and
one in the variables scope:
In both outputs, I get the exact same time. In the application scope I
thought it would be set in the CFC, so next time I would call the CFC I
would get the old time back. The second CFC should always output the
current time. Unfortunately the time is not save in the application
scope. This indeed means a pointer.
Does someone now ways to do some CFC caching?
CFM Page
cfapplication name=persistencyTest sessionmanagement=yes
clientmanagement=no
cfif NOT IsDefined('application.IOFactory')
cfset application.IOFactory =
createObject('component','myfunction')
cfset application.IOFactory.init()
/cfif
cfoutput#application.IOFactory.mymethod()#/cfoutput
cfset IOFactory = createObject('component','myfunction')
cfset application.IOFactory.init()
cfoutput#IOFactory.myMethod()#/cfoutput
MyFunction.cfc
cfcomponent output=yes
cfset init()
cffunction name=init access=public returntype=date
cfset this.datetimestamp = Now()
cfreturn this.datetimestamp
/cffunction
cffunction name=mymethod access=public
returntype=date
cfreturn this.datetimestamp
/cffunction
/cfcomponent
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
Re: cflocation in new window
So what's wrong with just putting the js inside your first cfcase statement to open the new window? cfcase value=action1 script type=text/_javascript_ window.open(http://www.yahoo.com); /script /cfcase Because that isn't working? Can't figure why! This works though, just doesn't open a new window script language=_javascript_ top.location.replace(http://www.yahoo.com); /script -- Les Mizzell -- Certe, toto, sentio nos in kansate non iam adesse -- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
You can also use cfprocparam and cfqueryparam. Mike The Atlanta CFUG discussed SQL injection at its last meeting. Here is a script I wrote for removing all SQL injection from FORM and URL scopes.You could either put this in a file and including it in your Application.CFM or turn it into a Function and put it in a CFC and Invoke it from the Application.CFM.With this done, POOF!!, no SQL Injection! At least not from the FORM or URL scopes. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Bandwidth + Connection Speed = ???
I'm gonna have to setup an Internet radio. As I am shopping around for a dedicated server I came up with this issue: How much bandwidth and what kind of connection would I need for the station so that 2,000 users could hear the streaming at the same time at 128kbps. Most sales people I spoke with could not give me a clear answer. One of the companies told me a 1 terabyte/month data transfer with a 5mbps connection would do the job. Do I need this much? Something else. We're thinking of transmitting on plain mp3 only. No wma or ra. Is this a good move? Any input would be helpful. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
Hmmm. script did not appear. trying attachment. -Original Message- From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 9:56 AM To: CF-Talk Subject: RE: A script to Prevent SQL Injection: feedback/suggestions? There are several of these scripts out there.all seem to do exactly what this doesits certainly good to see other people are still conscious of it all! _ From: Wes [mailto:[EMAIL PROTECTED] Sent: 22 July 2004 14:58 To: CF-Talk Subject: A script to Prevent SQL Injection: feedback/suggestions? The Atlanta CFUG discussed SQL injection at its last meeting.Here is a script I wrote for removing all SQL injection from FORM and URL scopes.You could either put this in a file and including it in your Application.CFM or turn it into a Function and put it in a CFC and Invoke it from the Application.CFM.With this done, POOF!!, no SQL Injection!At least not from the FORM or URL scopes. Test it here: http://www.dynapp.net/_test.cfm Let me know if you have any feedback or suggestions. THANKS!! Wes See Script Below _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: A script to Prevent SQL Injection: feedback/suggestions?
Wes wrote: The Atlanta CFUG discussed SQL injection at its last meeting.Here is a script I wrote for removing all SQL injection from FORM and URL scopes.You could either put this in a file and including it in your Application.CFM or turn it into a Function and put it in a CFC and Invoke it from the Application.CFM.With this done, POOF!!, no SQL Injection!At least not from the FORM or URL scopes. If you really believe that set up a database and let us play :) See Script Below I don't see a script. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Kill window Kill session
Ifyou have J2EE enabled you can create a HttpSessionListener implementation which clears the directory when it receives a sessiondestroy callback.This will do your cleanup automatically and does not rely on client-side scripting which sometimes doesn't work: (Examples: computer shuts off/unplugged, If it's actually shut off (as oposed to being unplugged) I believe the OS typically closes the browser window as part of the shut-down process... at least that's true of Windows -- I can't say for certain about Unix operating systems, although I can say that if I used them I think I'd want them to. For much the same reason I like encapsulating events in my code -- there's always that what if involved in terminating it without launching any events associated with it's termination -- plugins that need to do something when the browser closes, etc... User kills the app, JS handles this. non standard browsers JS can do a pretty good job of mitigating this. Although you'r right, an HttpSessionListener event is liable to be more bulletproof. It's also liable to make anyone who's not well versed in Java lose their lunch, their hair and their marriage all at once. :) s. isaac dealey954.927.5117 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.sys-con.com/story/?storyid=44477DE=1 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: CF_HTML2PDF3 Question
Could you not use cfif fileexists() cffile action="" ... /cfif cf_html2pdf3 ... In the template to delete the file before html2pdf tries to write over it, that way you wouldn't need to worry about whether html2pdf was going to fail or not. -- Jay -Original Message- From: E C list [mailto:[EMAIL PROTECTED] Sent: 22 July 2004 14:00 To: CF-Talk Subject: CF_HTML2PDF3 Question I have run into a strange issue with the CF_HTML2PDF3. I have been using it for some time to create simple PDFs without any problems.Lately I've noticed that it doesn't seem to want to overwrite existing PDF files but it doesn't throw any errors that I can tell. In other words, I'll have it write a PDF file, and then make a change and have it rewrite a file of the same name.When I go back and check, the file isn't updated, even though I know the code that should have done so executed.I am wondering if anyone has any advice on how to debug this.I can't figure out how to get the tag to tell me if its hitting an error and what that might be.BTW, it seems to work sometimes, just not every time. __ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: cflocation in new window
You must have a popup killer enabled... What browser are you using? I know recent versions of FireFox and MyIE2 (and probably several others) block all popup windows by default. So what's wrong with just putting the js inside your first cfcase statement to open the new window? cfcase value=action1 script type=text/_javascript_ window.open(http://www.yahoo.com); /script /cfcase Because that isn't working? Can't figure why! This works though, just doesn't open a new window script language=_javascript_ top.location.replace(http://www.yahoo.com); /script -- Les Mizzell -- Certe, toto, sentio nos in kansate non iam adesse -- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: A script to Prevent SQL Injection: feedback/suggestions?
For some reason I never got the e-mail, and didn't see the script. I'm curious though:what does it provide the CFQUERYPARAM does not? Thanks, Joe [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
Last time to attempt to include the code. then I'll stop to prevent
spamming. sorry.
--begin script -
// SQL injection keywords
SQL_exp=[ ;](insert +into.+values|drop +table|create +table);
// Loop through the FORM fields and rest their values after
filtering them through the above filters.
if (isDefined(FORM.FieldNames)) {
for (i=1;i LTE ListLen(FORM.FieldNames); i = i + 1)
{
thisField = Form.
ListGetAt(FORM.FieldNames, i);
thisValue = Evaluate(thisField);
try {
form[thisField] =
ReReplaceNoCase(thisValue,#SQL_exp#,,ALL);
} catch(Any excpt) {
// Just in case the user has
submited one of those IMAGE type form fields...
}
}
}
// Loop through the URL query string...
if (len(cgi.query_string)) {
for (i=1;i LTE ListLen(cgi.query_string, ); i = i
+ 1) {
// for each pair, set the value after
filtering for SQL data.
if (listLen(ListGetAt(cgi.query_string,
i, ),=) EQ 2) {
thisList =
ListGetAt(cgi.query_string, i,);
thisField =
ListFirst(thisList, =);
thisValue =
URLDecode(ListLast(thisList,=));
url[thisField] =
ReReplaceNoCase(thisValue,#SQL_exp#,,ALL);
}
}
}
-- end script --
-Original Message-
From: Wes [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 10:08 AM
To: CF-Talk
Subject: RE: A script to Prevent SQL Injection: feedback/suggestions?
Hmmm. script did not appear. trying attachment.
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 9:56 AM
To: CF-Talk
Subject: RE: A script to Prevent SQL Injection: feedback/suggestions?
There are several of these scripts out there.all seem to do exactly what
this doesits certainly good to see other people are still conscious of
it all!
_
From: Wes [mailto:[EMAIL PROTECTED]
Sent: 22 July 2004 14:58
To: CF-Talk
Subject: A script to Prevent SQL Injection: feedback/suggestions?
The Atlanta CFUG discussed SQL injection at its last meeting.Here is a
script I wrote for removing all SQL injection from FORM and URL scopes.You
could either put this in a file and including it in your Application.CFM or
turn it into a Function and put it in a CFC and Invoke it from the
Application.CFM.With this done, POOF!!, no SQL Injection!At least not
from the FORM or URL scopes.
Test it here: http://www.dynapp.net/_test.cfm
Let me know if you have any feedback or suggestions.
THANKS!!
Wes
See Script Below
_
_
_
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: Kill window Kill session
There's that... When I was working on the same thing for my own app I wasn't happy with the idea of anything hanging out waiting for a scheduled task to clean it up... which is why I went the dhtml route, which worked pretty well for me. Plus I was storing the session info in the application scope and using that to run a chat room, so I wanted to know when a user terminated the browser anyway, and I wanted to know immediately rather than relying on an arbitrary timeout duration. Or store session tracking info in a table and check the table to see which sessions aren't active anymore. Then you can remove the directories belonging to those sessions. --Ferg s. isaac dealey954.927.5117 new epoch : isn't it time for a change? add features without fixtures with the onTap open source framework http://www.sys-con.com/story/?storyid=44477DE=1 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
--begin script - // SQL injection keywords SQL_exp=[ ;](insert +into.+values|drop +table|create +table); Unfortunately, I think you're fighting a losing battle here. There are all kinds of commands (many platform-specific) that might be used in SQL injection. Instead, you're better off just using CFQUERYPARAM, which will prevent all SQL injection attacks, to the best of my knowledge. On the other hand, for cross-site scripting, you might take an approach like this. But that's a different kettle of fish. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Bandwidth + Connection Speed = ???
Tim You might want to look at Apple's XServe. It includes QuickTime streaming server. I don't know what you will be broadcasting audio tracks (songs, etc). a continuous streams. In either case QuickTime has some nice capabilities. If sending multiple mp3 (like a playlist), the QT plugin/player can test to determine the user's connection speed.if the mp3 metadata includes duration, QT can determine where in the playback of the current song it should begin downloading the next-- so enough will be buffered for uninterrupted playback. HTH Dick The nice thing about standards is that there are so many of them to choose from. - Andrew S. Tanenbaum - On Jul 22, 2004, at 7:06 AM, Tim DaSilva wrote: I'm gonna have to setup an Internet radio. As I am shopping around for a dedicated server I came up with this issue: How much bandwidth and what kind of connection would I need for the station so that 2,000 users could hear the streaming at the same time at 128kbps. Most sales people I spoke with could not give me a clear answer. One of the companies told me a 1 terabyte/month data transfer with a 5mbps connection would do the job. Do I need this much? Something else. We're thinking of transmitting on plain mp3 only. No wma or ra. Is this a good move? Any input would be helpful. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
http://www.cflib.org/udf.cfm?ID=612 http://www.cflib.org/udf.cfm?ID=612
_
From: Wes [mailto:[EMAIL PROTECTED]
Sent: 22 July 2004 15:20
To: CF-Talk
Subject: RE: A script to Prevent SQL Injection: feedback/suggestions?
Last time to attempt to include the code. then I'll stop to prevent
spamming. sorry.
--begin script -
// SQL injection keywords
SQL_exp=[ ;](insert +into.+values|drop +table|create +table);
// Loop through the FORM fields and rest their values after
filtering them through the above filters.
if (isDefined(FORM.FieldNames)) {
for (i=1;i LTE ListLen(FORM.FieldNames); i = i + 1)
{
thisField = Form.
ListGetAt(FORM.FieldNames, i);
thisValue = Evaluate(thisField);
try {
form[thisField] =
ReReplaceNoCase(thisValue,#SQL_exp#,,ALL);
} catch(Any excpt) {
// Just in case the user has
submited one of those IMAGE type form fields...
}
}
}
// Loop through the URL query string...
if (len(cgi.query_string)) {
for (i=1;i LTE ListLen(cgi.query_string, ); i = i
+ 1) {
// for each pair, set the value after
filtering for SQL data.
if (listLen(ListGetAt(cgi.query_string,
i, ),=) EQ 2) {
thisList =
ListGetAt(cgi.query_string, i,);
thisField =
ListFirst(thisList, =);
thisValue =
URLDecode(ListLast(thisList,=));
url[thisField] =
ReReplaceNoCase(thisValue,#SQL_exp#,,ALL);
}
}
}
-- end script --
-Original Message-
From: Wes [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 10:08 AM
To: CF-Talk
Subject: RE: A script to Prevent SQL Injection: feedback/suggestions?
Hmmm. script did not appear. trying attachment.
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 9:56 AM
To: CF-Talk
Subject: RE: A script to Prevent SQL Injection: feedback/suggestions?
There are several of these scripts out there.all seem to do exactly what
this doesits certainly good to see other people are still conscious of
it all!
_
From: Wes [mailto:[EMAIL PROTECTED]
Sent: 22 July 2004 14:58
To: CF-Talk
Subject: A script to Prevent SQL Injection: feedback/suggestions?
The Atlanta CFUG discussed SQL injection at its last meeting.Here is a
script I wrote for removing all SQL injection from FORM and URL scopes.You
could either put this in a file and including it in your Application.CFM or
turn it into a Function and put it in a CFC and Invoke it from the
Application.CFM.With this done, POOF!!, no SQL Injection!At least not
from the FORM or URL scopes.
Test it here: http://www.dynapp.net/_test.cfm
Let me know if you have any feedback or suggestions.
THANKS!!
Wes
See Script Below
_
_
_
_
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: Calling CFC's through Browser Request
Not handling the situation will allow the CFC to throw an uncaught exception to the User- again I won't (?) be able to put try/catch statements around the CFC. You should be able to trap this with CFERROR or the site-wide error handler. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
First Web Service: Data Sharing
All,
One of the columns in my database has charactors in it that the XML just does like.See error below.Is there any way I can tweek the information that's allowed through this process?Someone mentioned that the encoding in the DTD should be changed/altered.This is above me.
?xml version=1.0 encoding=iso-8859-1?
Any help wouuld be appreciated.
!-- MY CFC --
cfcomponent
cffunction name=entireinv access=remote returntype=query output=false
cfset var AllInventory = 0 /
cfquery name=AllInventory datasource=ourdata maxrows=954
SELECT partno AS PART_NUMBER, pic AS PICTURE, longdesc AS LONG_DESCRIPTION, shortdesc AS SHORT_DESCRIPTION
FROM inventory
/cfquery
cfreturn AllInventory /
/cffunction
/cfcomponent
!-- WEB SERVICE --
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd
cfinvoke
webservice=http://www.oursite.com/New_Product_Submission/cfcs/InventoryDataShare.cfc?wsdl
method=entireinv
returnvariable=aQuery
/cfinvoke
cfoutput query=aQuery
strong#aQuery.currentRow#/strong #PART_NUMBER# #PICTURE# #LONG_DESCRIPTION# #SHORT_DESCRIPTION#- br
hr
/cfoutput
Error Occurred While Processing Request
Could not perform web service invocation entireinv because AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: org.xml.sax.SAXParseException: Illegal XML character: amp;#x1d;. faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace: org.xml.sax.SAXParseException: Illegal XML character: amp;#x1d;. at org.apache.crimson.parser.InputEntity.fatal(InputEntity.java:1100) at org.apache.crimson.parser.InputEntity.parsedContent(InputEntity.java:593) at org.apache.crimson.parser.Parser2.content(Parser2.java:1973) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1654) at org.apache.crimson.parser.Parser2.content(Parser2.java:1926) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1654) at org.apache.crimson.parser.Parser2.content(Parser2.java:1926) at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1654) at org.apache.crimson.parser.Parser2.content(Parser2.java:1926) at org.apache.crimson.parser.Parser2.maybeElement(Par...
The error occurred in D:\Inetpub\wwwroot\New_Product_Submission\Web_Services\Inventory_test.cfm: line 19
17 :webservice=http://www.oursite.com/New_Product_Submission/cfcs/InventoryDataShare.cfc?wsdl
18 :method=entireinv
19 :returnvariable=aQuery
20 : /cfinvoke
21 :
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
CFQUERYPARAM will validate the data. this script rips out ALL harmful SQL statements that someone might try to include into a URL or FORM field entry. -Original Message- From: Joe Rinehart [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 10:20 AM To: CF-Talk Subject: Re: A script to Prevent SQL Injection: feedback/suggestions? For some reason I never got the e-mail, and didn't see the script. I'm curious though:what does it provide the CFQUERYPARAM does not? Thanks, Joe _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
CFQUERYPARAM will validate the data. this script rips out ALL harmful SQL statements that someone might try to include into a URL or FORM field entry. Well, no, it doesn't rip out all harmful SQL statements. I can think of a half-dozen SQL Server-specific commands that are commonly used in SQL injection attacks, for example. When you use CFQUERYPARAM, it's not just validating the data. It's telling the database server that the variables in question contain only data, not executable SQL. So, it doesn't matter what you put in the variable, the database server won't execute it. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: A script to Prevent SQL Injection: feedback/suggestions?
Wes wrote: // SQL injection keywords SQL_exp=[ ;](insert +into.+values|drop +table|create +table); So if I use ;truncate table I get past your RegEx? Why keep inventing things that don't work when there is cfqueryparam? Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Register a dsn in coldfusion code
one thing i noticed in your code, you dont seem to be editing the database file value, also what is the difference between your argument dsn and database [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Blackstone Presentation
john. where is this cfug? leonardtown area? st mary's county? tony On Thu, 22 Jul 2004 09:49:02 -0400, Burns, John D [EMAIL PROTECTED] wrote: Ben Forta is coming to the Southern Maryland CFUG this afternoon to do the Blackstone questions.I'm curious, for those of you who have seen it already, if you can give me a heads up for specific parts of the presentation to pay close attention to and/or specific questions that have been asked that have prompted good discussion in other meetings. I'm sure there will be plenty of good dialog either way, but I just figured I'd see if anyone had any info to pass along.Thanks. John Burns [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: A script to Prevent SQL Injection: feedback/suggestions?
Wes wrote: CFQUERYPARAM will validate the data. No, it will separate parameters from the SQL statement so that reagardless of what is in the parameters, it will not be executed. this script rips out ALL harmful SQL statements that someone might try to include into a URL or FORM field entry. Right. Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
webroot level?
i know there is a way, just not coming to mind. what I want to be able to do is specify the root level of an application w/o having to set a request variable. such as: request.images = images/ or if i am one folder down: request.images = ../images/ isn't there a way to specify something like: img src=""> and it point to the root of the web app regardless of how many folders down you are within the application??? TIA [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
If your running this on an MX box, it'd be easier to run through the URL
Struct then use the query string.
_
From: Wes [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 11:20 AM
To: CF-Talk
Subject: RE: A script to Prevent SQL Injection: feedback/suggestions?
Last time to attempt to include the code. then I'll stop to prevent
spamming. sorry.
--begin script -
// SQL injection keywords
SQL_exp=[ ;](insert +into.+values|drop +table|create +table);
// Loop through the FORM fields and rest their values after
filtering them through the above filters.
if (isDefined(FORM.FieldNames)) {
for (i=1;i LTE ListLen(FORM.FieldNames); i = i + 1)
{
thisField = Form.
ListGetAt(FORM.FieldNames, i);
thisValue = Evaluate(thisField);
try {
form[thisField] =
ReReplaceNoCase(thisValue,#SQL_exp#,,ALL);
} catch(Any excpt) {
// Just in case the user has
submited one of those IMAGE type form fields...
}
}
}
// Loop through the URL query string...
if (len(cgi.query_string)) {
for (i=1;i LTE ListLen(cgi.query_string, ); i = i
+ 1) {
// for each pair, set the value after
filtering for SQL data.
if (listLen(ListGetAt(cgi.query_string,
i, ),=) EQ 2) {
thisList =
ListGetAt(cgi.query_string, i,);
thisField =
ListFirst(thisList, =);
thisValue =
URLDecode(ListLast(thisList,=));
url[thisField] =
ReReplaceNoCase(thisValue,#SQL_exp#,,ALL);
}
}
}
-- end script --
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
Re: cflocation in new window
S. Isaac Dealey wrote: You must have a popup killer enabled... What browser are you using? Tested in newest versions of I.E., Netscape and Mozilla... Popup catcher in I.E. isn't showing a Popup being caught. H.. So what's wrong with just putting the js inside your first cfcase statement to open the new window? cfcase value=action1 script type=text/_javascript_ window.open(http://www.yahoo.com); /script /cfcase -- Les Mizzell -- Certe, toto, sentio nos in kansate non iam adesse -- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Kill window Kill session
The bottom line here is that the browser had no way of knowing that a
new directory was created for the user when the session started, and
shouldn't be responsible for performing cleanup when the session ends.
I think you should look at a Session Expiry Listener available in one
of the DRK's I think.
If you pull the plug, no browser windows are closed programmatically.
Etc, etc etc.Doing a session listener makes 100% of directories
created get destroyed whenver a session is destroyed.
Other than that, you can add some code to application.cfm
cfif session.isloggedin-or-whatever
cfif datediff('n',now(),session.laststamp) gt 5cffile append
now() to the file in the users' foldercfset
session.laststamp=now()/cfif
/cfif
Then cfschedule something to loop through all files which were last
modified 1 hour ago (or whatever your session expiry time is) and delete
the folders.
Just a thought, if you can't do the session listener
-dov
_
From: S.Isaac Dealey [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 10:14 AM
To: CF-Talk
Subject: RE: Kill window Kill session
Ifyou have J2EE enabled you can create a
HttpSessionListener
implementation which clears the directory when it receives
a
sessiondestroy callback.This will do your cleanup
automatically and
does not rely on client-side scripting which sometimes
doesn't work:
(Examples: computer shuts off/unplugged,
If it's actually shut off (as oposed to being unplugged) I believe the
OS typically closes the browser window as part of the shut-down
process... at least that's true of Windows -- I can't say for certain
about Unix operating systems, although I can say that if I used them I
think I'd want them to. For much the same reason I like encapsulating
events in my code -- there's always that what if involved in
terminating it without launching any events associated with it's
termination -- plugins that need to do something when the browser
closes, etc...
User kills the app,
JS handles this.
non standard browsers
JS can do a pretty good job of mitigating this.
Although you'r right, an HttpSessionListener event is liable to be
more bulletproof. It's also liable to make anyone who's not well
versed in Java lose their lunch, their hair and their marriage all at
once. :)
s. isaac dealey954.927.5117
new epoch : isn't it time for a change?
add features without fixtures with
the onTap open source framework
http://www.sys-con.com/story/?storyid=44477DE=1
_
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
Re: A script to Prevent SQL Injection: feedback/suggestions?
Jochem van Dieten wrote: Wes wrote: // SQL injection keywords SQL_exp=[ ;](insert +into.+values|drop +table|create +table); So if I use ;truncate table I get past your RegEx? I think this message lost something along the way (which was the point, but not this way). Unicode has about 30 different whitespace indicators, and which one is used to a space (tab or linebreak would be fine too) is not something you can predict acurately. Same for semicolons (which often are not needed anyway as you can just write an entire statement that evaluates to TRUE). Jochem [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
CFLogin/Logout and session variables...
In the livedocs for cflogin, it says the following: After a user logs in, the ColdFusion user authorization and authentication information remains valid until any of the following happens: 1. The login times out. This happens if the user does not request a new page for the idleTimeout period. 2. The application uses a cflogout tag to log out the user, usually in response to the user clicking a logout link or button. 3. The user closes the browser. What happens to any session variables that are created along with cfloginuser? If, after I login a user, I create a structure and assign it various values at login, what are my best ways to ensure that the session variables mimic the behavior above? Keep in mind that I'm using default cflogin values, so the idleTimeout value is defaulted to 30 minutes. Do I have to make sure that my sessions only last 30 minutes? And if I set my sessions to timeout at 30 minutes to match the idleTimeout setting on the cflogin, is there any way they can get out of synch, leaving a hole? I just want to make sure that I'm clear on the differences between session variables, and a session that's created by cfloginuser, and the livedocs can get confusing sometimes... [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
What about delete from table??That seems like it'd be bad and I don't see coverage for that in the code. John -Original Message- From: Wes [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 10:20 AM To: CF-Talk Subject: RE: A script to Prevent SQL Injection: feedback/suggestions? Last time to attempt to include the code. then I'll stop to prevent spamming. sorry. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Blackstone Presentation
Lexington Park.www.smdcfug.org John Burns -Original Message- From: Tony Weeg [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 10:43 AM To: CF-Talk Subject: Re: Blackstone Presentation john. where is this cfug? leonardtown area? st mary's county? tony On Thu, 22 Jul 2004 09:49:02 -0400, Burns, John D [EMAIL PROTECTED] wrote: Ben Forta is coming to the Southern Maryland CFUG this afternoon to do the Blackstone questions.I'm curious, for those of you who have seen it already, if you can give me a heads up for specific parts of the presentation to pay close attention to and/or specific questions that have been asked that have prompted good discussion in other meetings. I'm sure there will be plenty of good dialog either way, but I just figured I'd see if anyone had any info to pass along.Thanks. John Burns [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: cflocation in new window
Maybe try single quotes around your url
window.open('http://www.yahoo.com');
I try to stay away from double quotes in _javascript_ as sometimes it
produces weird results.
John
-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 22, 2004 10:42 AM
To: CF-Talk
Subject: Re: cflocation in new window
S. Isaac Dealey wrote:
You must have a popup killer enabled... What browser are you using?
Tested in newest versions of I.E., Netscape and Mozilla...
Popup catcher in I.E. isn't showing a Popup being caught.
H..
So what's wrong with just putting the js inside your first
cfcase statement to open the new window?
cfcase value=action1
script type=text/_javascript_
window.open(http://www.yahoo.com);
/script
/cfcase
--
Les Mizzell
--
Certe, toto, sentio nos in kansate non iam adesse
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
CFQUERYPARAM will validate the data. this script rips out ALL harmful SQL statements that someone might try to include into a URL or FORM field entry. It doesn't just validate -- it will also escape any potentially harmful characters, therefore nullifying any possible attack. Tim. -- --- Badpen Tech - CF and web-tech: http://tech.badpen.com/ --- RAWNET LTD - Internet, New Media and ebusiness Gurus. WE'VE MOVED - for our new address, please visit our website at http://www.rawnet.com/ or call us any time on 0800 294 24 24. --- This message may contain information which is legally privileged and/or confidential.If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. --- [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: ColdFusion and design pattens
On Wednesday 21 Jul 2004 11:02 am, Thomas Chiverton wrote: If there is enough intrest I'd propose a wikki and mailing list, which I can host if need be. There has been much positive feedback, and I have created a wiki to begin roughing out things - there are empty topics for the two patterns I mentioned earlier to get you all started. I'll write up the ColdPattern and WelcomeGuest pages soon if noone beats me to it. The address is http://coldpattern.falkensweb.com Details of the dedicated mailing list are at http://coldpattern.falkensweb.com/bin/view/Main/MailingList We have had an offer of a live CF server to put examples up on - I'm hoping Rob will introduce himself on the mailing list and create a suitable wiki topic with details of how to get that part up and running. If you've not used a wiki before, have a play in the sandbox area to get a feel for it - http://coldpattern.falkensweb.com/bin/view/Sandbox (if these don't work, it's because the DNS update hasn't got to you yet - please retry in an hour or two) Please also note this has nothing to do with my employer - further posts to the coldpattern list will be via a different account, but I need to use this one to port to cfcdev and cf-talk :-) -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: webroot level?
isn't there a way to specify something like: img src=""> Yes this does pull from the root of your url: ex: http://www.site.com/images/image.gif [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Creating XL spreadsheet
Please, can anyone get me started on how to create an MS Excel file from a db query(and then open it in a browser) from CF5.0/IIS/Server2000 Happy to read doc's/ref manuals if I can find 'em. TIA Dave [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: webroot level?
If the webapp root and the web root are the same then what you have will work: in HTTP/HTML beginning an address with a slash says go to the web root, then down.In other words img src="" will search for the images folder off of the webroot. The simplest way to what you want if they're different is to set a server mapping: say /images is actually d:/webroot/materials/stuff/things/images (or whatever.You would also have to set a ColdFusion mapping if you want to access CustomTags or Includes via the alias. Completely in ColdFusion you could use the various path functions to figure this out, but you'd need a variable in your path.I do this kind of thing (in MX) via a cached CFC.I pass it an WebRootOffset argument which is the current application's offset from the web root (for example my site is in webroot/depressedpress/ so the offset is /depressedpress ) If I instantiate from Application.cfm it's easy to automate the process. Once that's done The CFC is cached in the Application scope as Application.DP.Paths.Then I have a request CFC that, when it gets instantiated, sets up following request-specific variables using the paths CFCs methods: cfset this.RelFromWebRoot = this.DP_Application.Paths.GetRelFromWebRoot(arguments.Path) / cfset this.RelToWebRoot = this.DP_Application.Paths.GetRelToWebRoot(arguments.Path) / cfset this.RelFromAppRoot = this.DP_Application.Paths.GetRelFromAppRoot(arguments.Path) / cfset this.RelToAppRoot = this.DP_Application.Paths.GetRelToAppRoot(arguments.Path) / cfset this.SysToTemplate = this.DP_Application.Paths.GetSysToTemplate(arguments.Path) / To set up an images variable for use by anything in the request you could then do cfset this.ImagesPath = this.RelToAppRoot images// Of course you need to store this someplace and use the Request scope (any particular reason you can't)?You could instantiate the paths CFC in the application scope only and use it from there I suppose. So to use it in an image tag you would then do (inside a CFOUTPUT): img src=""> If the rest of the process was followed then this would find the image - and it would continue to find it even if you move the application to another folder. I could send you the CFC if you'd like. Jim Davis From: CF Developer [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 10:40 AM To: CF-Talk Subject: webroot level? i know there is a way, just not coming to mind. what I want to be able to do is specify the root level of an application w/o having to set a request variable. such as: request.images = images/ or if i am one folder down: request.images = ../images/ isn't there a way to specify something like: img src=""> and it point to the root of the web app regardless of how many folders down you are within the application??? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: RE: A script to Prevent SQL Injection: feedback/suggestions?
I hope I understand your problem correctly but... Using Cfqueryparam will result in the query executing much like it would in a stored procedure.SQL injection attacks are not or I should say less possible in a stored procedure because the data is bound to the variable and the code is compiled.So when you pass a parameter to it the database knows that the parameter is a parameter and simply that. It will not execute it.This is done with what is called bind variables. Cfqueryparam uses bind variables, thus eliminating the need for SP's to prevent SQL injections attacks.SP' s are still extremely useful though; dont get me wrong. There is just no need to reinvent the wheel here. If you look at the debugging info for a query with and with out cfqueryparam, you will see the CF is binding the data to a parameter when using Cfqueryparam.So the database knows the query parameter is simply a parameter and not executable code. This article may shed some light on this topic for you. http://www.macromedia.com/devnet/mx/coldfusion/articles/cfqueryparam.html If you running IIS, you may want to look into IISLockdown and Urlscan also. Also if you are worried about people messing with the form fields, you can put some code on the page to redirect them to another page if the refering site is not the same site. So if they try to link in from another web page not on your server or if they paste a link into the address bar they will be redirected somewhere.I have never tried this in CF but I have done it in another language.The HTTP Referer is usually blank if the user comes to the page from the address bar. Thanks, David -Original message- From: Wes [EMAIL PROTECTED] Date: Thu, 22 Jul 2004 10:33:28 -0400 To: CF-Talk [EMAIL PROTECTED] Subject: RE: A script to Prevent SQL Injection: feedback/suggestions? CFQUERYPARAM will validate the data. this script rips out ALL harmful SQL statements that someone might try to include into a URL or FORM field entry. -Original Message- From: Joe Rinehart [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 10:20 AM To: CF-Talk Subject: Re: A script to Prevent SQL Injection: feedback/suggestions? For some reason I never got the e-mail, and didn't see the script. I'm curious though:what does it provide the CFQUERYPARAM does not? Thanks, Joe _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
Good point.However, this scripts purpose is to strip out unwanted data from URL and FORM scopes.It can be used for much more than just SQL. Simply add some regular expressions to remove HTML, XML, DOM, CF, or anything you like.CFQUERYPARAM does not do that... and that is the difference. I'll be using both methods to add more Layers to my security Onion.:-) -Original Message- Well, no, it doesn't rip out all harmful SQL statements. I can think of a half-dozen SQL Server-specific commands that are commonly used in SQL injection attacks, for example. When you use CFQUERYPARAM, it's not just validating the data. It's telling the database server that the variables in question contain only data, not executable SQL. So, it doesn't matter what you put in the variable, the database server won't execute it. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Calling CFC's through Browser Request
Not handling the situation will allow the CFC to throw an uncaught exception to the User- again I won't (?) be able to put try/catch statements around the CFC. You should be able to trap this with CFERROR or the site-wide error handler. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 Yesthat's true...but I guess there's no way to handle the exception closer to home, right inside the CFC. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
SEO Keywords, etc in Application.cfm? OT?
This is a SEO (Search Engine Optimization) question. I hope it is not considered too far out of scope. What is the prevailing attitude regarding META tags and their placement? If you place these tags in the Application.cfm file might it be construed as overusage and hinder search engine optimization? What about limiting keywords to the content that is on each specific cfm page, and leaving the meta tags OFF of Application.cfm? Any opinions as to which practice is best? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: Caching CFC's
On every request you are rerunning init on the application.IOFactory
object. Therefore it makes sense that your time values match. Remove
that line and it should work fine.
On Thu, 22 Jul 2004 16:01:14 +0200, Micha Schopman
[EMAIL PROTECTED] wrote:
I tested a combination, one object created in the application scope, and
one in the variables scope:
In both outputs, I get the exact same time. In the application scope I
thought it would be set in the CFC, so next time I would call the CFC I
would get the old time back. The second CFC should always output the
current time. Unfortunately the time is not save in the application
scope. This indeed means a pointer.
Does someone now ways to do some CFC caching?
CFM Page
cfapplication name=persistencyTest sessionmanagement=yes
clientmanagement=no
cfif NOT IsDefined('application.IOFactory')
cfset application.IOFactory =
createObject('component','myfunction')
cfset application.IOFactory.init()
/cfif
cfoutput#application.IOFactory.mymethod()#/cfoutput
cfset IOFactory = createObject('component','myfunction')
cfset application.IOFactory.init()
cfoutput#IOFactory.myMethod()#/cfoutput
MyFunction.cfc
cfcomponent output=yes
cfset init()
cffunction name=init access=public returntype=date
cfset this.datetimestamp = Now()
cfreturn this.datetimestamp
/cffunction
cffunction name=mymethod access=public
returntype=date
cfreturn this.datetimestamp
/cffunction
/cfcomponent
Micha Schopman
Software Engineer
Modern Media, Databankweg 12 M, 3821 ALAmersfoort
Tel 033-4535377, Fax 033-4535388
KvK Amersfoort 39081679, Rabo 39.48.05.380
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
[Donations and Support]
RE: Creating XL spreadsheet
Just output your content as a delimited list and when passing it to the client use cfcontent to specify the type as excel or csv. John -Original Message- From: Dave F [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 11:14 AM To: CF-Talk Subject: Creating XL spreadsheet Please, can anyone get me started on how to create an MS Excel file from a db query(and then open it in a browser) from CF5.0/IIS/Server2000 Happy to read doc's/ref manuals if I can find 'em. TIA Dave [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: SEO Keywords, etc in Application.cfm? OT?
Why would you place meta tags in the Application.cfm file? Meta tags placed there won't get rendered as HTML correct? IMO, only two META tags are important: Description Keywords. And they are at most, marginally important to the search engines. Your best bet is to SEO each individual page to the keywords necessary for a user to find that page. Also remember, many spyders can spyder dynamic pages...but only one or two pages deep. Create a site index page...that is the best way for a spyder to crawl everything on your web site. HTH..Ch -Original Message- From: Claremont, Timothy [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 11:25 AM To: CF-Talk Subject: SEO Keywords, etc in Application.cfm? OT? This is a SEO (Search Engine Optimization) question. I hope it is not considered too far out of scope. What is the prevailing attitude regarding META tags and their placement? If you place these tags in the Application.cfm file might it be construed as overusage and hinder search engine optimization? What about limiting keywords to the content that is on each specific cfm page, and leaving the meta tags OFF of Application.cfm? Any opinions as to which practice is best? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
CF Studio (5.0) keyboard shortcut?
Hi, Anyone know if there's a way to set up a keyboard shortcut to deploy a file that you just saved?For example, I finish editing a file, and I save it...now I want to deploy it, but I have to right click on the file in the project window and choose Deploy File... Under customize - keyboard shortcuts, I find a 'Deployment Wizard' I can create a shortcut to, but that's for deploying a whole project it seems. Any ideas? Thanks! Sincerely, Dave Phillips 94percent.com [EMAIL PROTECTED] 615-746-3851 Why do 100% of the work when we'll do 94% of it for you? - http://honor.94percent.com (request password if you're interested) [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: SEO Keywords, etc in Application.cfm? OT?
I'm right in the middle of SEO right now...so here goes... If you can...put the meta/title tags in each file of content that conatins useful information about the site and what it does (home page and all your informational pages).So if the meta/title tags are in Application.cfm OR in a template file that includes content files (essentially the same because it's one set of meta/title tags for all pages)...you'll have a bit of fun making changes (as I am now).I'm stuck with a CASE statement which uses the URL var we use to identify the content to includenow I'll use that var in our template page to set the appropriate meta/title tag values dynamically. So what you want is: -unique meta/title tags for each page -still use the keyword meta tag -keywords must be specific to the page or you could get de-listed for essentially lying ;-) Hope that clears it up a bit ;-) If you have any more questions I'll do my best! Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: A script to Prevent SQL Injection: feedback/suggestions?
For better viewing, I put the source of the script into a textarea field on the test page. http://www.dynapp.net/_test.cfm [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: SEO Keywords, etc in Application.cfm? OT?
Why would you place meta tags in the Application.cfm file? Meta tags placed there won't get rendered as HTML correct? They sure do ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: A script to Prevent SQL Injection: feedback/suggestions?
Tim, AFAIK, it actually does more than validation and escaping, at least with SQL server.The DB understands that what's coming in for those parameters (represented by ? in your cf debugging information) is only data, and is not executable in any way. -joe - Original Message - From: Tim Blair [EMAIL PROTECTED] Date: Thu, 22 Jul 2004 15:28:16 +0100 Subject: RE: A script to Prevent SQL Injection: feedback/suggestions? To: CF-Talk [EMAIL PROTECTED] CFQUERYPARAM will validate the data. this script rips out ALL harmful SQL statements that someone might try to include into a URL or FORM field entry. It doesn't just validate -- it will also escape any potentially harmful characters, therefore nullifying any possible attack. Tim. -- --- Badpen Tech - CF and web-tech: http://tech.badpen.com/ --- RAWNET LTD - Internet, New Media and ebusiness Gurus. WE'VE MOVED - for our new address, please visit our website at http://www.rawnet.com/ or call us any time on 0800 294 24 24. --- This message may contain information which is legally privileged and/or confidential.If you are not the intended recipient, you are hereby notified that any unauthorised disclosure, copying, distribution or use of this information is strictly prohibited. Such notification notwithstanding, any comments, opinions, information or conclusions expressed in this message are those of the originator, not of rawnet limited, unless otherwise explicitly and independently indicated by an authorised representative of rawnet limited. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: SEO Keywords, etc in Application.cfm? OT?
If you place the META tags in Application.cfm, and you visit any page on my site with a browser and VIEW SOURCE, naturally they show up in the source code. Am I wrong to think that this means that spiders see these META tags on each and every page they visit on my site? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Creating XL spreadsheet
cfx_ExcelQuery action="" file=myQuery.xls query=myQuery Then just send the file to the user, cfcontent would work. -Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave F Sent: Thursday, July 22, 2004 11:14 AM To: CF-Talk Subject: Creating XL spreadsheet Please, can anyone get me started on how to create an MS Excel file from a db query(and then open it in a browser) from CF5.0/IIS/Server2000 Happy to read doc's/ref manuals if I can find 'em. TIA Dave [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: SEO Keywords, etc in Application.cfm? OT?
yes they do see them on every page of your site Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Original Message - From: Tim Claremont To: CF-Talk Sent: Thursday, July 22, 2004 8:43 AM Subject: Re: SEO Keywords, etc in Application.cfm? OT? If you place the META tags in Application.cfm, and you visit any page on my site with a browser and VIEW SOURCE, naturally they show up in the source code. Am I wrong to think that this means that spiders see these META tags on each and every page they visit on my site? [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: SEO Keywords, etc in Application.cfm? OT?
interesting...i never thought of doing that... -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 11:39 AM To: CF-Talk Subject: Re: SEO Keywords, etc in Application.cfm? OT? Why would you place meta tags in the Application.cfm file? Meta tags placed there won't get rendered as HTML correct? They sure do ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: SEO Keywords, etc in Application.cfm? OT?
They do (well, they -can-). Application.cfm is really just like any other CF template that runs...it's just implictly pre-pended to all applicable files.The question is, do you put any HTML in there?I've heard where it's considered bad practice to put display code into the Application.cfm.I interpret this as any HTML (even meta tags).I could be off base here, or it could just be that there really is no definitive 'rule'. I've just been in the habit of keeping all HTML out of there.It's sole purpose is to control the template files that reside beneath it.Not to display anything to the screen (or the source code). - Original Message - From: Bryan Stevenson [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Sent: Thursday, July 22, 2004 8:38 AM Subject: Re: SEO Keywords, etc in Application.cfm? OT? Why would you place meta tags in the Application.cfm file? Meta tags placed there won't get rendered as HTML correct? They sure do ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: Resources for CF MX Enterprise
Wow!This is a great resource.Thanks, Greg! _ From: Greg Stewart [mailto:[EMAIL PROTECTED] Sent: Thursday, July 22, 2004 8:22 AM To: CF-Talk Subject: Re: Resources for CF MX Enterprise Hi Michael, I compiled these resources about JRun and getting started: http://gregs.tcias.co.uk/jrun/jrun_resources.php If anyone has other ones, I'd be happy to hear about them. Cheers G On Wed, 21 Jul 2004 19:03:08 -0500, Dawson, Michael [EMAIL PROTECTED] wrote: Other than the LiveDocs, can anyone point me to information about the Enterprise class of CFMX?Our new VP is asking me and the other web developer to place both of our sites on the same server.He also requires that we use Windows 2003 Network Load Balancing. To allow for the clustering, we have gotten approval for a couple licenses of CF Enterprise.Other than the too-high cost, this product is awesome.I love the ability to create multiple instances and assign an instance to an individual web site. I'm looking for information related to best-practices or tips and tricks.I'm sure there are things that MACR hasn't covered in their documentation. Thanks for any help! M!ke _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: webroot level?
will that work for cfincludes? such as:cfinclude template=/includes/thisfile.cfm since this is a shared hosting, i do not have access to establish cf mappings - Original Message - From: Jason L. West, Sr. [EMAIL PROTECTED] Date: Thu, 22 Jul 2004 11:11:16 -0400 Subject: Re: webroot level? To: CF-Talk [EMAIL PROTECTED] isn't there a way to specify something like: img src=""> Yes this does pull from the root of your url: ex: http://www.site.com/images/image.gif [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
