RE: image manipulation in coldfusion?
ImageCR3 does that impeccably. When specifying dimensions for the resize you put 250x100 and it will resize the width down to 250 if greater and/or the height down to 100 is greater than 100 with prefect quality results. Martin http://www.beetrootstreet.com -Original Message- From: Parker, Kevin [mailto:[EMAIL PROTECTED] Sent: 07 October 2005 05:48 To: CF-Talk Subject: RE: image manipulation in coldfusion? Thanks guys - I've been following this with interest as I have a particular resizing challenge at the moment. What I'm looking for is a way to test the size of an image before its displayed and then resize it if its width exceeds 250px - if 250px or less then it can be left alone. Not sure if tags like Massimo's support that or not. Any suggestions please. ++ Kevin Parker Web Services Consultant WorkCover Corporation p: 08 8233 2548 m: 0418 806 166 e: [EMAIL PROTECTED] w: www.workcover.com ++ -Original Message- From: Roger B. [mailto:[EMAIL PROTECTED] Sent: Friday, 7 October 2005 1:53 PM To: CF-Talk Subject: Re: image manipulation in coldfusion? That's what I tried to do when I wrote version 2.0 of my CFC and I achieved a huge increase in quality. Massimo: Just to let you know... I was playing around with your CFC, and noticed that on some images (usually horizontally oriented ones), bufferedCrop() would throw an outside of raster error. I was able to fix it by modifying the code to check for crop operations that exceed the height of the image. With that said, thanks for putting the code out there. -- Roger Benningfield http://admin.support.journurl.com/ http://admin.mxblogspace.journurl.com/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220288 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: OT: SQL Server + internal/external IPs
On 10/4/05, Bob Haroche [EMAIL PROTECTED] wrote: Are you sure your router supports loopback? I had the same issue where I couldn't browse to my dev sites using their external IP's when I'm on my LAN, though I can when I'm outside my LAN. Nah, that's definitely not it - I can browse the dev sites, remote desktop, FTP using both internal and external - it was just SQL Server that wasn't playing along. We actually worked around the problem by adding an internal network adapter to the Virtual Server machine and doing the required DTS operations locally, then removing the extra adapter when we were finished. I think it must be something to do with how SQL Server was installed but as I fixed the problem I don't have time to investigate further. Big Meh! -- Kay Smoljak http://kay.zombiecoder.com/ ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220289 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: File uploading with firefox
No I agree, that wasn't very nice. Anyway, someone mentioned before about posting the info about the headers in order to further diagnose this problem? how is that done? And as far as server configuration, what can be done on that end? But I guessing the server end is fine. And that its firefox not allowing or revealing the mime type to the server. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220290 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Google Earth
Are there any good examples anywhere of CF and the Google earth client ? Martin Rumens VT Communications Rampisham Transmitting Station Rampisham Down Maiden Newton Dorchester Dorset DT2 0HS Tel: 01935 482122 Fax: 01935 482133 Email: [EMAIL PROTECTED] This Email and any files transmitted with it are confidential and may be legally privileged. They are intended for use solely of the intended recipient(s). If you have received an Email in error: (a) any distribution, copying or other use of its contents is prohibited; and (b) please notify the sender as soon as possible and delete the email and any associated files and copies from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent the views of VT Group plc or any of its subsidiary or associated companies. If you have any other problems please contact the Administrator by E-mail ([EMAIL PROTECTED]) or by telephone 44 (023) 92857200. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220291 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
reloading application.cfc
I am having a bit of a blonde moment today. It seems to me that all changes to the application.cfc dont seem to be immediate.. do I have to restart the CF server to see them? Or maybe its just my code -- Mark Drew http://cybersonic.blogspot.com ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220292 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: reloading application.cfc
I am having a bit of a blonde moment today. It seems to me that all changes to the application.cfc dont seem to be immediate.. do I have to restart the CF server to see them? Or change the app name. Will ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220293 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: reloading application.cfc
Thanks for that. having a bit of a b'stard of a day as I am consuming a PHP webservice and its all a tad wierd On 07/10/05, Will Tomlinson [EMAIL PROTECTED] wrote: I am having a bit of a blonde moment today. It seems to me that all changes to the application.cfc dont seem to be immediate.. do I have to restart the CF server to see them? Or change the app name. Will ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220294 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Outlook integration?
Aw, come on now Damien. Why don't we give some good advice and possible recommendations, rather than off handedly trash DRE's client for poor program choices;) I do agree with Damien, Outlook is a very poor choice for this (or any other) type of application. That being said, what you ask is not entirely impossible. It really depends upon your client's internal architecture. Is your client using Exchange? Is their app an Exchange based app? Are they using a custom form Outlook application? Where is Outlook housed (client machine, server, etc.)? Is there currently scripting within Outlook to prevent double location bookings, or is this something you must build into the server side processing of your application? Having answered these questions, if you are still using Outlook, you'll want to look at the specs for vCal. You can find a great deal of information on programming for Outlook at msdn.microsoft.com. Sue Mosher's slipstick.com has been a resource for Outlook developer's since the Office '97 days (she has also written several informative books). Doing a search, I see that she's expanded to OutlookCode.com. CFComet has always been a good resource for CF/MS Office integration as well (http://cfregex.com/cfcomet/outlook/ for outlook specific help). Chris Wigginton posted a vCal UDF library (http://www.cflib.org/udf.cfm?ID=385). I personally can't imagine why anyone would write a reservations or property management package based upon Outlook? But, then again, every music scheduling program (that I know of) for radio stations are built on top of Access databases (which may be part of the reason you hear the same 1,000 or so songs over and over again on most radio stations). In any event, I hope some of the above information assists you. Cutter Damien McKenna wrote: -Original Message- From: DRE [mailto:[EMAIL PROTECTED] Hi, I have a customer that has an app that manages properties. People can reserve rooms and auditoriums and or whatever is on various properties thru the site. He'd like to integrate it with outlook such that the location gets autmatically reserved. Please explain what the intention is regarding integrating with Outlook and whether Exchange Server would be part of the equation also. Outlook's calendar system is really quite atrocious, Microsoft have wasted several years of development time and it still doesn't do half of what Apple's iCal does for simple collaboration, so I'm really not sure you'll really be able to do anything. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220295 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: image manipulation in coldfusion?
It didn't, but I wrote an app on top of tmt_img that does it. If you're interested in my code, shoot me an email. I also extended tmt_img a bit. Pete ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220296 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Problem with CF MX scheduled task
We are experiencing a problem with an MX scheduled task. The scheduled task will run OK when the go button in the task list in CF Administrator is clicked. It will also run when the URL is entered into a browser on the server hosting the sceduled task (through PC Anywhere). However, when the task is allowed to run based based on the time set in the scheduled task, it comes back with a Connection Timeout message. We see this message in the log file that the task is set to send its output to. Does anyone have any ideas what might be causing this problem? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220297 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
ColdFusion Security Holes - Best Practices
I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220298 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
dynamic structure name
Hi, One of the structures I am dealing with is populated dynamically. It looks thus: perm.public.UserGroup.#PermID#.Permname. I have a number of PermIDs I want to loop through and set some variables. Hence: cfloop list=#listOfPermIDs# index=thisPermID cfif StructKeyExists(perm.public.UserGroup.#thisPermID#,'PermName') cfdoSomething / /cfif /cfloop However I keep getting an error that the Structure name cannot end in a period(.). How can I get this to work? Thanks, George ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220299 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm First off, that is an ignorant statement. That security consultant needs a little edumacation. I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. With what IP Address? Yours? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220300 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
Anyone can get the IP Address of the server, simply ping the domain name. Now, depending on the security patches of the server and how it is configured will determine if you can do anything else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220301 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: image manipulation in coldfusion?
Massimo's tag has getHeight and getWidth methods. Call those on an image, then check accordingly. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Parker, Kevin [mailto:[EMAIL PROTECTED] Sent: Thursday, October 06, 2005 11:48 PM To: CF-Talk Subject: RE: image manipulation in coldfusion? Thanks guys - I've been following this with interest as I have a particular resizing challenge at the moment. What I'm looking for is a way to test the size of an image before its displayed and then resize it if its width exceeds 250px - if 250px or less then it can be left alone. Not sure if tags like Massimo's support that or not. Any suggestions please. ++ Kevin Parker Web Services Consultant WorkCover Corporation p: 08 8233 2548 m: 0418 806 166 e: [EMAIL PROTECTED] w: www.workcover.com ++ -Original Message- From: Roger B. [mailto:[EMAIL PROTECTED] Sent: Friday, 7 October 2005 1:53 PM To: CF-Talk Subject: Re: image manipulation in coldfusion? That's what I tried to do when I wrote version 2.0 of my CFC and I achieved a huge increase in quality. Massimo: Just to let you know... I was playing around with your CFC, and noticed that on some images (usually horizontally oriented ones), bufferedCrop() would throw an outside of raster error. I was able to fix it by modifying the code to check for crop operations that exceed the height of the image. With that said, thanks for putting the code out there. -- Roger Benningfield http://admin.support.journurl.com/ http://admin.mxblogspace.journurl.com/ ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220302 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
For what its worth, I have never had a problem finding the IP address for a server using nslookup on my PC. Not to mention what you can find out using these sites. http://www.dnsreport.com/ http://www.dnsstuff.com/ You can change how errors are shown by making changes in the debugging section of the CF Admin. Phil On 10/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220303 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
Because the IP address of a server should be hidden There are always simple methods to find the answering IP for a domain. If there wasn't a way to find the ip address for a given domain name, then DNS wouldn't work. Also, even if you're not trapping the error the screen shows the REMOTE_ADDRESS, which is the client machine's address, not the server's. Obviously, Wally is a bit of a moron. I would imagine that he's trying to sound intelligent and scare people away from a specific area of technology about which he has no clue. You run into these people all the time in this business. I always find it highly entertaining to poke fun at them. --Ferg Michael T. Tangorre wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm First off, that is an ignorant statement. That security consultant needs a little edumacation. I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. With what IP Address? Yours? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220304 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
Randy, H actually, the error in question doesn't expose the IP address of the server (internal or external). Instead it exposes the cgi.remote_addr address - the address of the client making the request. Is this the error you are seeing? --- The filename, directory name, or volume label syntax is incorrect Please try the following: Check the ColdFusion documentation to verify that you are using the correct syntax. Search the Knowledge Base to find a solution to your problem. Browser Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215) Remote Address 10.0.0.11 Referrer The address info listed there is that of my laptop - not my server. -Mark -Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:09 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Anyone can get the IP Address of the server, simply ping the domain name. Now, depending on the security patches of the server and how it is configured will determine if you can do anything else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220305 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: image manipulation in coldfusion?
Put it out there Pete. I'd be interesting in seeing what else you added to it, There's a few things that I wish tmt_img did differently. All in all, it's a great piece of code though. Thank you Massimo. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Pete Ruckelshaus [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 6:03 AM To: CF-Talk Subject: Re: image manipulation in coldfusion? It didn't, but I wrote an app on top of tmt_img that does it. If you're interested in my code, shoot me an email. I also extended tmt_img a bit. Pete ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220306 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
CORRECTION: (sorry Wally) Re: ColdFusion Security Holes - Best Practices
Sorry, I thought Wally was the name of the security consultant, here -- not the OP. My sincere apologies to Wally; it seems I'm the moron who can't read a full post!!! So correct my message to read that Wally's security consultant is a bit of a moron. --Ferg I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220307 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
And to poke big gaping holes in their stories. That's my favorite part. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Ken Ferguson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:22 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices Because the IP address of a server should be hidden There are always simple methods to find the answering IP for a domain. If there wasn't a way to find the ip address for a given domain name, then DNS wouldn't work. Also, even if you're not trapping the error the screen shows the REMOTE_ADDRESS, which is the client machine's address, not the server's. Obviously, Wally is a bit of a moron. I would imagine that he's trying to sound intelligent and scare people away from a specific area of technology about which he has no clue. You run into these people all the time in this business. I always find it highly entertaining to poke fun at them. --Ferg Michael T. Tangorre wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm First off, that is an ignorant statement. That security consultant needs a little edumacation. I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. With what IP Address? Yours? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220308 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
First of all, IP address are by nature, public information. Thats like saying your house is less secure because a burglar can find your address in the yellow pages. Secondly, this security _expert_ is no expert. Any expert wouldn't make such blanket statements like CF is less secure. In fact, in comparison .NET is a lot less secure than CF due to its deep ties with the operating system. Finally, any server is as secure as you make it. Just as any application is as secure as you code it. Simply using a site-wide error handler would prevent the prior example from displaying the internal error message. -Adam On 10/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220309 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
Phil, From a security standpoint there is the address of the server via DNS (easily obtained) and then there is the address of the server as it exists on the internal network or DMZ of the host. Depending on the network setup this may be quite different and in certain instances can be valuable to a malicious programmer. -Mark -Original Message- From: Phill B [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:15 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices For what its worth, I have never had a problem finding the IP address for a server using nslookup on my PC. Not to mention what you can find out using these sites. http://www.dnsreport.com/ http://www.dnsstuff.com/ You can change how errors are shown by making changes in the debugging section of the CF Admin. Phil On 10/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220310 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Problem with CF MX scheduled task
Do you have logging enabled for scheduled tasks? If so, what are the enteries in scheduler.log? -Adam On 10/7/05, bob @ objectiveinternet. com bob @ objectiveinternet. com [EMAIL PROTECTED] wrote: We are experiencing a problem with an MX scheduled task. The scheduled task will run OK when the go button in the task list in CF Administrator is clicked. It will also run when the URL is entered into a browser on the server hosting the sceduled task (through PC Anywhere). However, when the task is allowed to run based based on the time set in the scheduled task, it comes back with a Connection Timeout message. We see this message in the log file that the task is set to send its output to. Does anyone have any ideas what might be causing this problem? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220311 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Google Earth
Google Earth the desktop application? Or Google Maps the internet application with the API? -Adam On 10/7/05, Rumens, Martin [EMAIL PROTECTED] wrote: Are there any good examples anywhere of CF and the Google earth client ? Martin Rumens VT Communications Rampisham Transmitting Station Rampisham Down Maiden Newton Dorchester Dorset DT2 0HS Tel: 01935 482122 Fax: 01935 482133 Email: [EMAIL PROTECTED] This Email and any files transmitted with it are confidential and may be legally privileged. They are intended for use solely of the intended recipient(s). If you have received an Email in error: (a) any distribution, copying or other use of its contents is prohibited; and (b) please notify the sender as soon as possible and delete the email and any associated files and copies from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent the views of VT Group plc or any of its subsidiary or associated companies. If you have any other problems please contact the Administrator by E-mail ([EMAIL PROTECTED]) or by telephone 44 (023) 92857200. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220312 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
Hmmm, well. That type of error can happen to a lot of languages. The thing is that is not an issue for CF to trap. Instead you would configure your webserver to trap the error. If you refer various CF books that talk about errors what you would want to do is create a custom handler for bad requests. I believe most webservers can do this. Check the documentation of your webserver. IIS has a very easy to use handler. Again this is not really a CF issue. Secondly the information is not all that useful. There are lots of ways to get an IP address, and just because you have it does not mean you have some easy way to access. Heck I could give you my internal Ips right now and that wouldn't make it any easier for you to break into my system. I think the security consultant is over simplifing things or perhaps needs more real world experience, don't know. But do let his comment dissuade you. The issue he mentioned is easy to deal with. Hey if Ben Forta's site falls for this error and he is not worried, that should tell you something. Good Luck Kevin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220313 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
From: Mark A Kruger [mailto:[EMAIL PROTECTED] From a security standpoint there is the address of the server via DNS (easily obtained) and then there is the address of the server as it exists on the internal network or DMZ of the host. Depending on the network setup this may be quite different and in certain instances can be valuable to a malicious programmer. And there are always the people who have CF on a separate server than the web server ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220314 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
On 10/7/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. On Apache 2 (Win or *nix) with MX7 it does not return an IP. On IIS4 (WinNT4.5) with CF4.5 it does not return an IP. I'm guessing you're looking at sites the either a) have debugging turned on b) don't have (site-wide/missing template) error handlers c) both of the above What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? Umm, you and your security consultant both realize that if it's a publically accessible ColdFusion server (e.g. a box running web server and cf that allows http traffic to it) that it's IP address is *always* exposed. You know, through DNS -- the thing that makes the Internet work. This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. Sure you can. You've got a whole layer of application you can work with -- the web server. Especially on Apache (which I know far better) you can control the behavior of error pages with fine grained control to look like whatever you want. You can filter using mod_rewrite or equiv. You can use one of the security adaptors for Apache. There are tons of possiblities Plus on CFMX you have the capability of using servlet filters to preprocess (or postprocess) requests to filter/change/modify anything you want. Good security consultants do not make absolute claims like the one your security consultant did. ColdFusion can be hacked like any other application -- but outside of things like cross-site scripting and sql injection, you're not likely to have your *server* compromised by CF problems (now your *application* can be hacked, but that's different). Web server cracks let's folks take over your server -- and then launch further attacks on the rest of your network. There are some scenarios that let CFMX cause real problems (eg arbitrary file upload) but those are security vulnerabilities from programming errors and are possible in most languages, not just CF. You may wish to take a look at http://www.owasp.org, the Open Web Application Security Project, which has a lot of resources for security your web applications. -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220315 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: dynamic structure name
Try using a different notation like: UserGroup[permID].permName -Adam On 10/7/05, George Abraham [EMAIL PROTECTED] wrote: Hi, One of the structures I am dealing with is populated dynamically. It looks thus: perm.public.UserGroup.#PermID#.Permname. I have a number of PermIDs I want to loop through and set some variables. Hence: cfloop list=#listOfPermIDs# index=thisPermID cfif StructKeyExists(perm.public.UserGroup.#thisPermID#,'PermName') cfdoSomething / /cfif /cfloop However I keep getting an error that the Structure name cannot end in a period(.). How can I get this to work? Thanks, George ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220316 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
On 10/7/05, Mark A Kruger [EMAIL PROTECTED] wrote: Phil, From a security standpoint there is the address of the server via DNS (easily obtained) and then there is the address of the server as it exists on the internal network or DMZ of the host. Depending on the network setup this may be quite different and in certain instances can be valuable to a malicious programmer. -Mark While this is true, making use of that IP address requires typically requires a more serious compromise so you can actually DO something to the internal/DMZ address. It *does* mean they can skip a scan step (which may be detected) against the internal network (say scanning 192.168.* or 10.* to find hosts) and begin cracking against the CF server (likely by attacking the web server if it's there, or the OS directly). But it also means they are ALREADY in your DMZ (or internal network) if they can do anything with the information. And I'll concur -- the security guy is an idiot. (Oh, no, here I go again with calling people security idiots) -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220317 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
I am not the one seeing the error. I was just commenting that you Could find out the IP address of the server using the domain name And the ping command. I know you would see the CGI.REMOTE_ADDR. That is part of the cgi variables. Wally was the one looking for the resolution -Original Message- From: Mark A Kruger [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:17 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Randy, H actually, the error in question doesn't expose the IP address of the server (internal or external). Instead it exposes the cgi.remote_addr address - the address of the client making the request. Is this the error you are seeing? --- The filename, directory name, or volume label syntax is incorrect Please try the following: Check the ColdFusion documentation to verify that you are using the correct syntax. Search the Knowledge Base to find a solution to your problem. Browser Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215) Remote Address 10.0.0.11 Referrer The address info listed there is that of my laptop - not my server. -Mark -Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:09 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Anyone can get the IP Address of the server, simply ping the domain name. Now, depending on the security patches of the server and how it is configured will determine if you can do anything else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220318 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Subversion type of repository
On 10/6/05, Stan Winchester [EMAIL PROTECTED] wrote: Is there a preferred type of repository Native Filesystem vs. Berkeley Database to CFML projects? BDB was the only repository choice for the initial releases of Subversion. Most folks prefer filesystem, which is far easier to deal with for smaller and less busy repositories (say, 50 developers). The differences are summarized here http://svnbook.red-bean.com/en/1.1/svn-book.html#svn-ch-5-sect-1.3 The big issue with BDB (other than fighting version-compatibility problems on *nix boxes) is that it's pretty easy to wedge the database, which is no good. {aside: There are actually bugs in the BDB development path relating to svn issues} So use the chart to decide, but unless you have an unusual case, odds are you'll want filesystem. -- John Paul Ashenfelter CTO/Transitionpoint (blog) http://www.ashenfelter.com (email) [EMAIL PROTECTED] ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220319 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
But the server using the domain name may not be the server which has the site on it. -Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: 07 October 2005 14:40 To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices I am not the one seeing the error. I was just commenting that you Could find out the IP address of the server using the domain name And the ping command. I know you would see the CGI.REMOTE_ADDR. That is part of the cgi variables. Wally was the one looking for the resolution -Original Message- From: Mark A Kruger [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:17 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Randy, H actually, the error in question doesn't expose the IP address of the server (internal or external). Instead it exposes the cgi.remote_addr address - the address of the client making the request. Is this the error you are seeing? --- The filename, directory name, or volume label syntax is incorrect Please try the following: Check the ColdFusion documentation to verify that you are using the correct syntax. Search the Knowledge Base to find a solution to your problem. Browser Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215) Remote Address 10.0.0.11 Referrer The address info listed there is that of my laptop - not my server. -Mark -Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:09 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Anyone can get the IP Address of the server, simply ping the domain name. Now, depending on the security patches of the server and how it is configured will determine if you can do anything else. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:54 AM To: CF-Talk Subject: ColdFusion Security Holes - Best Practices I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220320 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
I know. His security expert obviously doesn't. Wally should know that there is plenty of his server information available via web sites and utilities. He will then be more informed and can deal with these security experts in the future. On 10/7/05, Mark A Kruger [EMAIL PROTECTED] wrote: Phil, From a security standpoint there is the address of the server via DNS (easily obtained) and then there is the address of the server as it exists on the internal network or DMZ of the host. Depending on the network setup this may be quite different and in certain instances can be valuable to a malicious programmer. -Mark ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220321 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
it will generate an error message that gives you the IP address of the CF server: This guy talks about something he knows nothing about. First, the IP addresse exposed is ... yours, not a big help if you're a hacker... Secondly, I'm pretty sure any hacker can get the IP address behind any domaine name just with a simple DNS lookup; and even a beginner can consult one of the may sites that offer the service for free: http://www.hcidata.co.uk/host2ip.htm http://www.whois.sc/ http://www.networksolutions.com/whois/index.jhtml To cite just a few that will even give you the phone number of the domaine name owner so you can even call him directly and ask him whatever you want to know about his server ;-)) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220322 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
Michael, Yes there are ... but that's not important right now - and stop calling me shirely :) Here's what I'm saying. Many web servers are hosted behind a firewall and exist on a NAT network with static mappings. A PIX or other ALG capable firewall uses packet inspection to forward requests to an internal address. So the outside IP is the public address of the site (204.23.28.x) and the inside address is something else - usually from a non-routable subnet like 10.x.x.x or 192.x.x.x or 172.x.x.x This enables network admin to set up internal networks subnets that are simplified - even if they have a large pool of disparate ips on different subnets from multiple providers (as most do). This internal address may be helpful to a hacker who can otherwise gain access to that internal space. I'm not saying it could be used as a magic bullet to break into the system - but as a matter of practice you don't want internal ips and internal servernames (netbios names) to be public. -Mark Mark A. Kruger, CFG, MCSE www.cfwebtools.com www.necfug.com http://mkruger.cfwebtools.com -Original Message- From: Michael T. Tangorre [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:28 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices From: Mark A Kruger [mailto:[EMAIL PROTECTED] From a security standpoint there is the address of the server via DNS (easily obtained) and then there is the address of the server as it exists on the internal network or DMZ of the host. Depending on the network setup this may be quite different and in certain instances can be valuable to a malicious programmer. And there are always the people who have CF on a separate server than the web server ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220323 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Calendar in the form
Hello, I have to create a form with a link that will pop up a calendar. The user can select a date from that calendar. The textbox field in the form will be filled with the date the user selects. Can someone tell me how to do this? We have decided not to use cfform in our company. thanks. DA Selene Bainum of Webtricks.com has a very good javascript based calendar popup that I've used for a couple of projects. You can download it at http://www.webtricks.com/sourcecode/code.cfm?CodeID=5. hth, larry -- Larry C. Lyons Web Analyst BEI Resources American Type Culture Collection email: llyons(at)atcc(dot)org tel: 703.365.2700.2678 -- ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220324 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
See I love that phone call approach. That's one that most hackers miss I think. Of course it requires human contact so it may be beyond their skill level.. -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:01 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices it will generate an error message that gives you the IP address of the CF server: This guy talks about something he knows nothing about. First, the IP addresse exposed is ... yours, not a big help if you're a hacker... Secondly, I'm pretty sure any hacker can get the IP address behind any domaine name just with a simple DNS lookup; and even a beginner can consult one of the may sites that offer the service for free: http://www.hcidata.co.uk/host2ip.htm http://www.whois.sc/ http://www.networksolutions.com/whois/index.jhtml To cite just a few that will even give you the phone number of the domaine name owner so you can even call him directly and ask him whatever you want to know about his server ;-)) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220325 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Homesite and Dreamweaver tag defs for 7.0.1
On 10/6/05, Steven Durette [EMAIL PROTECTED] wrote: Hi All, Does anyone know if or when updaters with the new tag information will be available for the updates in 7.0.1 that we can add to Dreamweaver MX 2004 and Homesite 5.5+ ? I thought I remember a post from a macromedia engineer saying that they don't update the tag defs for point releases. LiveDocs gets updated, but that's it. Regards, Dave. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220326 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
CFM : postcard, ecard
Hello, I'm searching for a good postcard script? coldfusion oracle. can anybody help me to find a good script for free if possible. Thanks in advance, Alexis ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220327 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
Thanks Rick, Matthew and Ray. All works well w/all the suggestions incorporated. Robert O. A simpler way would be to create 2 styles, lets call one results1 and the other results0 then you can have something like this: td class= results#currentRow mod 2#etc./td larry -- Larry C. Lyons Web Analyst BEI Resources American Type Culture Collection email: llyons(at)atcc(dot)org tel: 703.365.2700.2678 -- ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220328 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CFM : postcard, ecard
Are you sure you are feeling all right? You just used the words oracle and free in the same paragraph ;) -Original Message- From: cfgaill alex [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:12 AM To: CF-Talk Subject: CFM : postcard, ecard Hello, I'm searching for a good postcard script? coldfusion oracle. can anybody help me to find a good script for free if possible. Thanks in advance, Alexis ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220329 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Problem with CF MX scheduled task
Same problem here. I know the task does not run because it typically results in an email being sent to me on an hourly basis. If I pull up the CFM page in my browser it generates the Email just fine. If I click the button in CFADMIN it gives me the green success message at the top of the screen, but the email never gets generated. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220330 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
On Friday 07 October 2005 15:08, Mark A Kruger wrote: so you can even call him directly and ask him whatever you want to know about his server ;-)) He will, of course, be well trained in counter-social engineering and work for a company with well defined and enforced information security policies, and immediately demand to know who you are, where you got the number and when would be a good time to call back. -- Tom Chiverton Advanced ColdFusion Programmer ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220331 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
On Friday 07 October 2005 15:14, Larry Lyons wrote: A simpler way would be to create 2 styles, lets call one results1 and the other results0 Simpler is what we do here- give the table the class 'sortable' or 'zebrastrip' and the common javascript code zebra strips it client-side, with optional sorting by clicking the th cells. Next mission is to make it do client-side paging to. -- Tom Chiverton Advanced ColdFusion Programmer ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220332 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
Simpler is what we do here- give the table the class 'sortable' or 'zebrastrip' and the common javascript code zebra strips it client-side, with optional sorting by clicking the th cells. Nice feature indeed, but I wouldn't say is is simpler ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220333 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
oooh...lookit...a can. label says client side vs server side...open with caution /me throws caution to the wind. rips open can. oooh! worms! On 10/7/05, Thomas Chiverton [EMAIL PROTECTED] wrote: On Friday 07 October 2005 15:14, Larry Lyons wrote: A simpler way would be to create 2 styles, lets call one results1 and the other results0 Simpler is what we do here- give the table the class 'sortable' or 'zebrastrip' and the common javascript code zebra strips it client-side, with optional sorting by clicking the th cells. Next mission is to make it do client-side paging to. -- Tom Chiverton Advanced ColdFusion Programmer ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220334 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CFM : postcard, ecard
you are right, indeed it is a little absurd. but I am only in the search of a ecard script. it does not matter the type of database. Can somebody helps ;) Best regards ALexis -Original Message- From: Mark A Kruger [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 4:14 PM To: CF-Talk Subject: RE: CFM : postcard, ecard Are you sure you are feeling all right? You just used the words oracle and free in the same paragraph ;) -Original Message- From: cfgaill alex [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:12 AM To: CF-Talk Subject: CFM : postcard, ecard Hello, I'm searching for a good postcard script? coldfusion oracle. can anybody help me to find a good script for free if possible. Thanks in advance, Alexis ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220335 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFM : postcard, ecard
you are right, indeed it is a little absurd. but I am only in the search of a ecard script. it does not matter the type of database. Can somebody helps ;) Best regards ALexis Are you sure you are feeling all right? You just used the words oracle and free in the same paragraph ;) -Original Message- From: cfgaill alex [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:12 AM To: CF-Talk Subject: CFM : postcard, ecard Hello, I'm searching for a good postcard script? coldfusion oracle. can anybody help me to find a good script for free if possible. Thanks in advance, Alexis ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220336 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CFM : postcard, ecard
It depends on what you want the ecard to do. It sounds simple enough that you can just write it yourself. John Burns Certified Advanced ColdFusion MX Developer Wyle Laboratories, Inc. | Web Developer -Original Message- From: cfgaill alex [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:30 AM To: CF-Talk Subject: Re: CFM : postcard, ecard you are right, indeed it is a little absurd. but I am only in the search of a ecard script. it does not matter the type of database. Can somebody helps ;) Best regards ALexis Are you sure you are feeling all right? You just used the words oracle and free in the same paragraph ;) -Original Message- From: cfgaill alex [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:12 AM To: CF-Talk Subject: CFM : postcard, ecard Hello, I'm searching for a good postcard script? coldfusion oracle. can anybody help me to find a good script for free if possible. Thanks in advance, Alexis ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220337 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
When I did it, it gave me the standard CF error with MY ip address. CF MX 7 -Original Message- From: Michael T. Tangorre [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 6:03 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm First off, that is an ignorant statement. That security consultant needs a little edumacation. I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. With what IP Address? Yours? ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220338 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Outlook integration?
Thanks Cutter, I imagined it would be like this! DRE On 10/7/05, Cutter (CF-Talk) [EMAIL PROTECTED] wrote: Aw, come on now Damien. Why don't we give some good advice and possible recommendations, rather than off handedly trash DRE's client for poor program choices;) I do agree with Damien, Outlook is a very poor choice for this (or any other) type of application. That being said, what you ask is not entirely impossible. It really depends upon your client's internal architecture. Is your client using Exchange? Is their app an Exchange based app? Are they using a custom form Outlook application? Where is Outlook housed (client machine, server, etc.)? Is there currently scripting within Outlook to prevent double location bookings, or is this something you must build into the server side processing of your application? Having answered these questions, if you are still using Outlook, you'll want to look at the specs for vCal. You can find a great deal of information on programming for Outlook at msdn.microsoft.comhttp://msdn.microsoft.com. Sue Mosher's slipstick.com http://slipstick.com has been a resource for Outlook developer's since the Office '97 days (she has also written several informative books). Doing a search, I see that she's expanded to OutlookCode.com. CFComet has always been a good resource for CF/MS Office integration as well (http://cfregex.com/cfcomet/outlook/ for outlook specific help). Chris Wigginton posted a vCal UDF library (http://www.cflib.org/udf.cfm?ID=385). I personally can't imagine why anyone would write a reservations or property management package based upon Outlook? But, then again, every music scheduling program (that I know of) for radio stations are built on top of Access databases (which may be part of the reason you hear the same 1,000 or so songs over and over again on most radio stations). In any event, I hope some of the above information assists you. Cutter Damien McKenna wrote: -Original Message- From: DRE [mailto:[EMAIL PROTECTED] Hi, I have a customer that has an app that manages properties. People can reserve rooms and auditoriums and or whatever is on various properties thru the site. He'd like to integrate it with outlook such that the location gets autmatically reserved. Please explain what the intention is regarding integrating with Outlook and whether Exchange Server would be part of the equation also. Outlook's calendar system is really quite atrocious, Microsoft have wasted several years of development time and it still doesn't do half of what Apple's iCal does for simple collaboration, so I'm really not sure you'll really be able to do anything. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220339 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
then lets hope they dont have the show ip address extension for firefox. ~Dave the disruptor~ Some people just don't appreciate how difficult it is to dispense wisdom and abuse at the same time. From: Mark A Kruger [EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:25 AM To: CF-Talk cf-talk@houseoffusion.com Subject: RE: ColdFusion Security Holes - Best Practices Phil, From a security standpoint there is the address of the server via DNS (easily obtained) and then there is the address of the server as it exists on the internal network or DMZ of the host. Depending on the network setup this may be quite different and in certain instances can be valuable to a malicious programmer. -Mark -Original Message- From: Phill B [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 8:15 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices For what its worth, I have never had a problem finding the IP address for a server using nslookup on my PC. Not to mention what you can find out using these sites. http://www.dnsreport.com/ http://www.dnsstuff.com/ You can change how errors are shown by making changes in the debugging section of the CF Admin. Phil On 10/7/05, [EMAIL PROTECTED] wrote: I heard a challenge from a security consultant that if you are using ColdFusion you do not have a secure server. He maintains that CF is full of things a hacker can access. For example he gave the following example. If you attempt to open a CF website with the following command it will generate an error message that gives you the IP address of the CF server: sitename.org/*.cfm I tried this on a wide variety of sites and found that most CF sites return the error with the IP address. Some, however appear to trap this error somehow. What should be done on a CF server to prevent that type of error exposing the IP address of a CF server? This error is occuring prior to the execution of an application.cfm file in the host root directory so you cannot programatically trap it. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220340 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
On Friday 07 October 2005 15:25, Claude Schneegans wrote: Nice feature indeed, but I wouldn't say is is simpler ;-) It means the server side business stuff doesn't need to care about client side layout at all - it just spits out a bare HTML table with a vague hint that it should be sortable. -- Tom Chiverton Advanced ColdFusion Programmer ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220341 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Image manipulation - Why Macromedia?!
Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220342 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: ColdFusion Security Holes - Best Practices
You're totally right Thomas. Better to use the phone number to get the address, follow him (where him is any suitable employee) from work to the bar, lift his security badge / keycard after he's 3-sheets-to-the-wind, excuse yourself, drive back and enter the building, locate the server room, sit down in front of the machine and have fun Security always has holes -- always!!! I think the point we've all managed to illustrate is that CF is not a security risk in and of itself. CF, .NET, PHP... installations are all just as easily easily left insecure by bad practices and with relatively equivalent ease can be made just about equally secure. --Ferg. Thomas Chiverton wrote: On Friday 07 October 2005 15:08, Mark A Kruger wrote: so you can even call him directly and ask him whatever you want to know about his server ;-)) He will, of course, be well trained in counter-social engineering and work for a company with well defined and enforced information security policies, and immediately demand to know who you are, where you got the number and when would be a good time to call back. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220343 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
It is available in your own language. ColdFusion is really java, and there has been code posted in java to do image manipulation. Anything that could be done in java could be done in ColdFusion. If you need something that performs better, then you go pay for it. ColdFusion can't possibly include everything. Russ -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:00 AM To: CF-Talk Subject: Image manipulation - Why Macromedia?! Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220344 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
Yea, personally I don't remember ever reading any security advisories about ColdFusion. Sure coldfusion has bugs, but I don't ever remember anything serious enough to allow people to hack into the server. (although a poorly configured server is probably full of holes, but that's not coldfusion's fault). Meanwhile I remember a lot of very dangerous bugs in ASP and PHP which caused people's machines to be rooted. That security consultant needs to stop using the knowledge he learned at some fly-by-night security school, and get a real education. Russ -Original Message- From: Ken Ferguson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:10 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices You're totally right Thomas. Better to use the phone number to get the address, follow him (where him is any suitable employee) from work to the bar, lift his security badge / keycard after he's 3-sheets-to-the-wind, excuse yourself, drive back and enter the building, locate the server room, sit down in front of the machine and have fun Security always has holes -- always!!! I think the point we've all managed to illustrate is that CF is not a security risk in and of itself. CF, .NET, PHP... installations are all just as easily easily left insecure by bad practices and with relatively equivalent ease can be made just about equally secure. --Ferg. Thomas Chiverton wrote: On Friday 07 October 2005 15:08, Mark A Kruger wrote: so you can even call him directly and ask him whatever you want to know about his server ;-)) He will, of course, be well trained in counter-social engineering and work for a company with well defined and enforced information security policies, and immediately demand to know who you are, where you got the number and when would be a good time to call back. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220345 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
I'm not asking CF to provide everything. But this is something that almost every needs at one point or another. How many people us cfchart compared to the number of people that would want to manipulate images? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:08 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! It is available in your own language. ColdFusion is really java, and there has been code posted in java to do image manipulation. Anything that could be done in java could be done in ColdFusion. If you need something that performs better, then you go pay for it. ColdFusion can't possibly include everything. Russ -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:00 AM To: CF-Talk Subject: Image manipulation - Why Macromedia?! Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220347 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
silent install problems: CFMX7 enterprise on Solaris
Hello, I am trying to perform a silent installation on Solaris, and i keep winding up with the developer version, not the enterprise version. I have checked that i am using a valid enterprise serial number (if i enter this in the admin after installation and deployment it works just fine, if i run the installer in interactive mode it also works just fine). I deploy CFMX as a j2ee app in weblogic (8.1) my installer.properties file: # Install is silent INSTALLER_UI=SILENT # # License information - full | trial | developer SILENT_LICENSE_MODE=full SILENT_SERIAL_NUMBER=[**my cfmx serial**] SILENT_PREV_SERIAL_NUMBER= # # Configuration - standalone | jrun | ear | war SILENT_INSTALLER_TYPE=war # # Components to install SILENT_INSTALL_ODBC=false SILENT_INSTALL_VERITY=false SILENT_INSTALL_SAMPLES=false # (UNIX only) whether to start CFMX7 when booting SILENT_CONFIGURE_SYSTEM_INIT=false # # Directories SILENT_INSTALL_FOLDER=/opt/coldfusionmx7 # EAR/WAR only SILENT_VERITY_INSTALL_FOLDER= # # Context root SILENT_CONTEXT_ROOT=hsmc # # Runtime user for UNIX SILENT_RUNTIME_USER= # # ColdFusion administrator password SILENT_ADMIN_PASSWORD=[**my cfadmin password **] # # Flash forms - EAR/WAR only SILENT_FLEX_ENABLED=true # # Enable RDS and password SILENT_ENABLE_RDS=false SILENT_RDS_PASSWORD= after installation, the log file /opt/coldfusionmx7/Macromedia_ColdFusion_MX_7_InstallLog.log says: Summary --- Installation: Successful. 95 SUCCESSES 0 WARNINGS 0 NONFATAL ERRORS 0 FATAL ERRORS and then a whole long list of info... when i deploy the app in weblogic and access the administrator, i see: Server Details Server ProductColdFusion MX Version 7,0,0,91690 Edition Developer Serial Number Developer Operating System UNIX OS Version5.8 any thoughts? /t ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220346 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Outlook integration?
Hi, We are doing integration with Outlook as we speak with a company called Infotriever. Contact me off list if you want and I will connect you with the right person. /regards Marius Milosav www.scorpiosoft.com It's not about technology, it's about people -Original Message- From: DRE [mailto:[EMAIL PROTECTED] Sent: October 7, 2005 10:50 AM To: CF-Talk Subject: Re: Outlook integration? Thanks Cutter, I imagined it would be like this! DRE On 10/7/05, Cutter (CF-Talk) [EMAIL PROTECTED] wrote: Aw, come on now Damien. Why don't we give some good advice and possible recommendations, rather than off handedly trash DRE's client for poor program choices;) I do agree with Damien, Outlook is a very poor choice for this (or any other) type of application. That being said, what you ask is not entirely impossible. It really depends upon your client's internal architecture. Is your client using Exchange? Is their app an Exchange based app? Are they using a custom form Outlook application? Where is Outlook housed (client machine, server, etc.)? Is there currently scripting within Outlook to prevent double location bookings, or is this something you must build into the server side processing of your application? Having answered these questions, if you are still using Outlook, you'll want to look at the specs for vCal. You can find a great deal of information on programming for Outlook at msdn.microsoft.comhttp://msdn.microsoft.com. Sue Mosher's slipstick.com http://slipstick.com has been a resource for Outlook developer's since the Office '97 days (she has also written several informative books). Doing a search, I see that she's expanded to OutlookCode.com. CFComet has always been a good resource for CF/MS Office integration as well (http://cfregex.com/cfcomet/outlook/ for outlook specific help). Chris Wigginton posted a vCal UDF library (http://www.cflib.org/udf.cfm?ID=385). I personally can't imagine why anyone would write a reservations or property management package based upon Outlook? But, then again, every music scheduling program (that I know of) for radio stations are built on top of Access databases (which may be part of the reason you hear the same 1,000 or so songs over and over again on most radio stations). In any event, I hope some of the above information assists you. Cutter Damien McKenna wrote: -Original Message- From: DRE [mailto:[EMAIL PROTECTED] Hi, I have a customer that has an app that manages properties. People can reserve rooms and auditoriums and or whatever is on various properties thru the site. He'd like to integrate it with outlook such that the location gets autmatically reserved. Please explain what the intention is regarding integrating with Outlook and whether Exchange Server would be part of the equation also. Outlook's calendar system is really quite atrocious, Microsoft have wasted several years of development time and it still doesn't do half of what Apple's iCal does for simple collaboration, so I'm really not sure you'll really be able to do anything. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220348 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Image manipulation - Why Macromedia?!
It cant include everything but it does pretty much everything now! Also considering that Macromedia will become part of Adobe why not a real good set of image manipulation tags (Photoshop image scaling alogarithm anyone?) I agree with Andy here, ok.. we cant do the most esoteric things but we can do uploads natively, move files, list directories, ftp things, create reports and what not, why not a few image manip tags? MD On 07/10/05, Russ [EMAIL PROTECTED] wrote: It is available in your own language. ColdFusion is really java, and there has been code posted in java to do image manipulation. Anything that could be done in java could be done in ColdFusion. If you need something that performs better, then you go pay for it. ColdFusion can't possibly include everything. Russ -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:00 AM To: CF-Talk Subject: Image manipulation - Why Macromedia?! Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220349 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
I agree, that's a fair question. CF's whole purpose is RAD and inclusion of things that make development far easier. CFGRID is one of those things, CFGRAPH is one, there could easily be CFIMAGE. All MM/Adobe needs to do is buy something like the ImageCR product and integrate it. I imagine it would be a great reason in favor up upgrading to the next version. Matthew Small -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:12 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! I'm not asking CF to provide everything. But this is something that almost every needs at one point or another. How many people us cfchart compared to the number of people that would want to manipulate images? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:08 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! It is available in your own language. ColdFusion is really java, and there has been code posted in java to do image manipulation. Anything that could be done in java could be done in ColdFusion. If you need something that performs better, then you go pay for it. ColdFusion can't possibly include everything. Russ -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:00 AM To: CF-Talk Subject: Image manipulation - Why Macromedia?! Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220350 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Image manipulation - Why Macromedia?!
On 10/7/05, Andy Matthews [EMAIL PROTECTED] wrote: I'm not asking CF to provide everything. But this is something that almost every needs at one point or another. How many people us cfchart compared to the number of people that would want to manipulate images? http://www.macromedia.com/go/wish Regards, Dave. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220351 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Image manipulation - Why Macromedia?!
BlueDragon Server includes a CFIMAGE tag which does basic image manipulation. -JM Matthew Small wrote: I agree, that's a fair question. CF's whole purpose is RAD and inclusion of things that make development far easier. CFGRID is one of those things, CFGRAPH is one, there could easily be CFIMAGE. All MM/Adobe needs to do is buy something like the ImageCR product and integrate it. I imagine it would be a great reason in favor up upgrading to the next version. Matthew Small -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:12 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! I'm not asking CF to provide everything. But this is something that almost every needs at one point or another. How many people us cfchart compared to the number of people that would want to manipulate images? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:08 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! It is available in your own language. ColdFusion is really java, and there has been code posted in java to do image manipulation. Anything that could be done in java could be done in ColdFusion. If you need something that performs better, then you go pay for it. ColdFusion can't possibly include everything. Russ -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:00 AM To: CF-Talk Subject: Image manipulation - Why Macromedia?! Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220352 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
Agreed... Rick -Original Message- From: Mark Drew [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:12 AM To: CF-Talk Subject: Re: Image manipulation - Why Macromedia?! It cant include everything but it does pretty much everything now! Also considering that Macromedia will become part of Adobe why not a real good set of image manipulation tags (Photoshop image scaling alogarithm anyone?) I agree with Andy here, ok.. we cant do the most esoteric things but we can do uploads natively, move files, list directories, ftp things, create reports and what not, why not a few image manip tags? tions Support: http://www.houseoffusion.com/tiny.cfm/54 ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220353 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Image manipulation - Why Macromedia?!
I tend to agree with other responses. Image manipulation is available in the underlying java, and it's not that difficult to implement. There are several cfcs out there - some are free - that do image manipulation. I do admit that it'd be nice to see them implement CFIMAGE like Bluedragon has done, but it doesn't bother me that much because there are plenty of cheap and/or free alternatives that aren't difficult to implement. Alternatively, generating PDFs and doing reporting from within CF was always possible before, but only by using costly products or methods that were extremely difficult to implement (I had integrated JasperReports with CFMX 6.1. JasperReports is the open source java reporting solution that the CFMX7 solution is built on) Rick Andy Matthews wrote: Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220354 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
Here here! !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Matthew Small [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:19 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! I agree, that's a fair question. CF's whole purpose is RAD and inclusion of things that make development far easier. CFGRID is one of those things, CFGRAPH is one, there could easily be CFIMAGE. All MM/Adobe needs to do is buy something like the ImageCR product and integrate it. I imagine it would be a great reason in favor up upgrading to the next version. Matthew Small -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:12 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! I'm not asking CF to provide everything. But this is something that almost every needs at one point or another. How many people us cfchart compared to the number of people that would want to manipulate images? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:08 AM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! It is available in your own language. ColdFusion is really java, and there has been code posted in java to do image manipulation. Anything that could be done in java could be done in ColdFusion. If you need something that performs better, then you go pay for it. ColdFusion can't possibly include everything. Russ -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:00 AM To: CF-Talk Subject: Image manipulation - Why Macromedia?! Okay... This is related to my original post about image manipulation, but is NOT asking about a specific program. My question is that since SO MANY people look for image manipulation in their programming language, why don't more developers add this feature into their language. Even PHP doesn't have this stuff natively (that I know of) but does allow you to add it in via extra libraries. So consider this an open letter to Macromedia/Adobe. Why isn't something which is so desired by so many people added into your language? I could go and pay $75 for an excellent codebase (Alagad's Image Component) but doesn't it make sense to include this into the language itself? I just don't understand it. Can anyone enlighten me on this? !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220355 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
I remember one advisory, it was related to CF3 Administrator. The password field length was only secured by the form maxlength attribute, not on server side. Thus, someone could kill a CF server by posting to the administrator login screen password field some very long string. The application would than try to compare that string with actual password - which was a time consuming operation for large strings. Through this in itself doesn't give root access it crashes the CF server and possibly makes server hacking easier. TK -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:12 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Yea, personally I don't remember ever reading any security advisories about ColdFusion. Sure coldfusion has bugs, but I don't ever remember anything serious enough to allow people to hack into the server. (although a poorly configured server is probably full of holes, but that's not coldfusion's fault). Meanwhile I remember a lot of very dangerous bugs in ASP and PHP which caused people's machines to be rooted. That security consultant needs to stop using the knowledge he learned at some fly-by-night security school, and get a real education. Russ -Original Message- From: Ken Ferguson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:10 AM To: CF-Talk Subject: Re: ColdFusion Security Holes - Best Practices You're totally right Thomas. Better to use the phone number to get the address, follow him (where him is any suitable employee) from work to the bar, lift his security badge / keycard after he's 3-sheets-to-the-wind, excuse yourself, drive back and enter the building, locate the server room, sit down in front of the machine and have fun Security always has holes -- always!!! I think the point we've all managed to illustrate is that CF is not a security risk in and of itself. CF, .NET, PHP... installations are all just as easily easily left insecure by bad practices and with relatively equivalent ease can be made just about equally secure. --Ferg. Thomas Chiverton wrote: On Friday 07 October 2005 15:08, Mark A Kruger wrote: so you can even call him directly and ask him whatever you want to know about his server ;-)) He will, of course, be well trained in counter-social engineering and work for a company with well defined and enforced information security policies, and immediately demand to know who you are, where you got the number and when would be a good time to call back. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220356 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
Done. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Dave Carabetta [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:20 AM To: CF-Talk Subject: Re: Image manipulation - Why Macromedia?! On 10/7/05, Andy Matthews [EMAIL PROTECTED] wrote: I'm not asking CF to provide everything. But this is something that almost every needs at one point or another. How many people us cfchart compared to the number of people that would want to manipulate images? http://www.macromedia.com/go/wish Regards, Dave. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220357 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: dynamic structure name
That worked, thanks! George On 10/7/05, Adrocknaphobia [EMAIL PROTECTED] wrote: Try using a different notation like: UserGroup[permID].permName -Adam On 10/7/05, George Abraham [EMAIL PROTECTED] wrote: Hi, One of the structures I am dealing with is populated dynamically. It looks thus: perm.public.UserGroup.#PermID#.Permname. I have a number of PermIDs I want to loop through and set some variables. Hence: cfloop list=#listOfPermIDs# index=thisPermID cfif StructKeyExists(perm.public.UserGroup.#thisPermID#,'PermName') cfdoSomething / /cfif /cfloop However I keep getting an error that the Structure name cannot end in a period(.). How can I get this to work? Thanks, George ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220358 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: image manipulation in coldfusion?
Well ya weren't following that close KevinI posted CFC methods to check image dimensions AND another to re-sizea couplde of CFIFs and those will get ya what ya want ;-) Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220359 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: image manipulation in coldfusion?
ImageCR3 does that impeccably. When specifying dimensions for the resize you put 250x100 and it will resize the width down to 250 if greater and/or the height down to 100 is greater than 100 with prefect quality results. as does minelook at the scaleBy attributeensures that dimension is within given size limit Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220360 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: File uploading with firefox
Anyway, someone mentioned before about posting the info about the headers in order to further diagnose this problem? how is that done? by using the liveHTTPheaders plugin for firefox - Damien McKenna suggested it here: http://www.houseoffusion.com/go.cfm/m:4:42610:220233 ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220361 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
How to use CFMX connection pool?
I have a need to create a JAVA CFX tag that needs database access. I would rather use the existing CFMX connection pool than create my own. Any pointers available. Apologies if this is the wrong spot for this question. (I found this post in the Java section). Is it possible to use the CFMX connection pool? Any ideas on how to do this? Any suggestions are appreciated. TIA ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220362 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: The form data has expired, Please reload this page in your browser.
This seems to be a common problem. Itâs frustrating that it works like this. - I am having the same problem. Hopefully someone can shed some light on this. - Hello, I have been receiving this error a lot with CF Flash Forms: The form data has expired, Please reload this page in your browser. I have worked with the timeout setting on the flash forms but nothing has really worked. The only solution that I can think of will be to force a page fresh if the flash form expires. I found the code below on another website. This person was also trying to resolve the same issue. My only question is how to you determine if the flash from expired or needs refreshing. Does a CGI variable or Flash Forms kick out a predetermined variable for this? Any help would be great. cfoutput InvalidTag language=javascript type=text/javascript location = #CGI.SCRIPT_NAME#; /script /cfoutput /cfif ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220363 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Highlighting a Search Term
Ok, I've got a search that looks through several fields in a database and returns a list of dynamically generated docs (Newsletters, mostly). Current search is here: http://www.nelsonmullins.com/news/nelson-mullins-news.cfm Search for medicare, for example. I'd like to be able to click a specific doc in these results, and when taken to it, the original search term medicare for is highlighted. Ideas? -- --- Les Mizzell ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220364 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: ColdFusion Security Holes - Best Practices
-Original Message- From: Adkins, Randy [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 9:09 AM To: CF-Talk Subject: RE: ColdFusion Security Holes - Best Practices Anyone can get the IP Address of the server, simply ping the domain name. That's only true if it's configured like that. In many enterprise environments public servers are only accessed via appliances (load balancers, site selectors, etc). These appliances allow ping but the servers do not. For example ping: www.nefapps.nefn.com - you'll get the IP address (and name) of the load-balancer but not address the server itself (actually there are several servers but you get the point). The ping doesn't complete because the ping port is firewall-blocked: you get the DNS lookup but never actually get to the server. Regardless CF is completely securable (at least as much as anything else in its class). But it does take some knowledge - which is why so many CF sites are insecure. MM could address at install (or later) with a lockdown script of sorts which would place a dummy server-wide error handler, disable debugging and error output, eliminate the sample code and so forth. In fact WE could do that as a community using the administrator API... a script which could be run to set secure CF admin settings (debugging, RDS, error handling, etc), check for security related patches and so forth. Another good idea I'll never do anything with. ;^) Jim Davis ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220365 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Highlighting a Search Term
check out cflib.org. Someone has written something that does that. -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220366 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
What's this mean?? : 500 Invalid method signature: (Ljava/lang/String;[Ljava/lang/String;)Ljava/lang/Object;
500 Invalid method signature: (Ljava/lang/String;[Ljava/lang/String;)Ljava/lang/Object; Invalid method signature: (Ljava/lang/String;[Ljava/lang/String;)Ljava/lang/Object; This electronic message transmission contains information from Collegiate Funding Services, LLC or its subsidiaries or affiliates that may be confidential or privileged. The information is intended to be for the use of only the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify the sender by reply e-mail @cfsloans.com immediately and delete this e-mail and any attachments from your system and any copies you may have made, electronic or otherwise. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220367 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Highlighting a Search Term
Yep... http://www.cflib.org/codeView.cfm?ID=133 !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Matt Robertson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:26 AM To: CF-Talk Subject: Re: Highlighting a Search Term check out cflib.org. Someone has written something that does that. -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220368 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Highlighting a Search Term
i find it quite easy to just do this: #replaceNoCase(getEntries.username,form.searchTerm,'span style=background:##dd#capFirst(form.searchTerm)#/span','all')# basically just replacing the content of the value form.searchterm, in the display with the value and a pale yellow background. tw On 10/7/05, Matt Robertson [EMAIL PROTECTED] wrote: check out cflib.org. Someone has written something that does that. -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220369 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
HTMLDOC is causing problems
Hi- I am having a severe problem with HTMLDOC.EXE. I am using HTMLDOC to create PDF files in ColdFusion 5.0 using CFexecute via the cf_html2pdf custom tag. It seems like the sequence of events I am seeing is first I'll get timeouts: Timeout period expired without completion of c:\htmldoc\htmldoc.exe --permissions no-modify --size 8.5x11in --portrait --fontsize 13pt --fontspacing 1 --bodyfont Arial --left 22 --top 7 --bottom 7 --right 22 --header ... --footer ... --webpage -f c:\domain.com\statusRequests\Request10072005.pdf c:\domain.com\statusRequests\Generated_10-7-2005_12-39-7-P.cfm pThe error occurred while processing an element with a general identifier of (CFEXECUTE), occupying document position (130:1) to (132:162) in the template file C:\CFusion\CustomTags\html2pdf3.cfm. And then later (apparently related to this, but possibly not) the server will start to grind to a halt--becoming very very slow. I've been using this tag for a long time without much trouble, but now something seems like its gumming the works. (Again, I am not 100% sure this second part is to blame, but seems to be coincidental. I haven't made any major changes to the system lately and can't think of any minor ones either. I am running a virus scan now, but so far, everything seems alright on that end. Thanks! __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220370 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Image manipulation - Why Macromedia?!
I tend to agree with other responses. Image manipulation is available in the underlying java Java is not a panacea for CF users nor an excuse for any lack of some tool in CF. Many CF developers do not wish to learn and use Java. Developers who really want to use Java would go JSP instead. It would be like a restaurant telling you If you want some French fries with your steak, go get them for the Macdo next door ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220371 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
It means the server side business stuff doesn't need to care about client side layout at all I agree, however, some programer had to develop the Javascript stuff at some time. ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220372 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
Precisely my thoughts Claude. I don't know Java. I don't care to learn Java (at this point). I just want a toolset in my favorite language, coldfusion. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:57 AM To: CF-Talk Subject: Re: Image manipulation - Why Macromedia?! I tend to agree with other responses. Image manipulation is available in the underlying java Java is not a panacea for CF users nor an excuse for any lack of some tool in CF. Many CF developers do not wish to learn and use Java. Developers who really want to use Java would go JSP instead. It would be like a restaurant telling you If you want some French fries with your steak, go get them for the Macdo next door ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220373 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
executing multiple queries
Hi, Is there any way to execute multiple queries with ColdFusion MX 6.1 and Oracle Database 9i R2? The cfquery tag seems to support a single query only ... Thanks. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220374 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
The original message mentioned that image manipulation doesn't come with php, but as a free community provided plugin. There has been code posted many times on this list that does image manipulation. It is already or can easily be converted to a cfc. Now, unless someone has a problem with the quality that it produces, or the features that it has, I don't see what everyone is whining about? You have been given the code... stick it in a cfc, and use it... no need to learn java, other people have done it for you. -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 1:05 PM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! Precisely my thoughts Claude. I don't know Java. I don't care to learn Java (at this point). I just want a toolset in my favorite language, coldfusion. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:57 AM To: CF-Talk Subject: Re: Image manipulation - Why Macromedia?! I tend to agree with other responses. Image manipulation is available in the underlying java Java is not a panacea for CF users nor an excuse for any lack of some tool in CF. Many CF developers do not wish to learn and use Java. Developers who really want to use Java would go JSP instead. It would be like a restaurant telling you If you want some French fries with your steak, go get them for the Macdo next door ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220375 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
I've done that Russ...I'm using Massimo's tmt_img.cfc. It works well. I simply stated that I wished MM would include this functionality in Coldfusion itself. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Russ [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 12:11 PM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! The original message mentioned that image manipulation doesn't come with php, but as a free community provided plugin. There has been code posted many times on this list that does image manipulation. It is already or can easily be converted to a cfc. Now, unless someone has a problem with the quality that it produces, or the features that it has, I don't see what everyone is whining about? You have been given the code... stick it in a cfc, and use it... no need to learn java, other people have done it for you. -Original Message- From: Andy Matthews [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 1:05 PM To: CF-Talk Subject: RE: Image manipulation - Why Macromedia?! Precisely my thoughts Claude. I don't know Java. I don't care to learn Java (at this point). I just want a toolset in my favorite language, coldfusion. !//-- andy matthews web developer ICGLink, Inc. [EMAIL PROTECTED] 615.370.1530 x737 --//- -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:57 AM To: CF-Talk Subject: Re: Image manipulation - Why Macromedia?! I tend to agree with other responses. Image manipulation is available in the underlying java Java is not a panacea for CF users nor an excuse for any lack of some tool in CF. Many CF developers do not wish to learn and use Java. Developers who really want to use Java would go JSP instead. It would be like a restaurant telling you If you want some French fries with your steak, go get them for the Macdo next door ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220376 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Image manipulation - Why Macromedia?!
There are many things that we'd like to see in CF...but with a little effort you can write your own. I mean heywouldn't it be nice if CF came with payment gateway tags?? ;-) This is the power of CFif it don't come built in...you can build it yourself with relative ease. I might add I wrote both my posted image methods without knowing ANY Javajust found some Java code...read it...tried my best to understand it (not too hard to read any langauge and get the general idea of what it does)converted it to CF code...not hard at all. Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220377 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: MOD
On Friday 07 October 2005 15:14, Larry Lyons wrote: A simpler way would be to create 2 styles, lets call one results1 and the other results0 Simpler is what we do here- give the table the class 'sortable' or 'zebrastrip' and the common javascript code zebra strips it client-side, with optional sorting by clicking the th cells. Next mission is to make it do client-side paging to. -- Tom Chiverton Advanced ColdFusion Programmer Simpler? Lets see about 1 line of cf code and 3 or so for the stylesheet vs at least 10 for the javascript. Also lets not forget that many people turn JS off. If that's your definition of simple, then you have a bright future with the Bush administration. larry ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220378 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
CFMX 6.1 download
Can anyone give me a copy of CFMX6.1 seeing as you can no longer download it from the MM site. Russ ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220379 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: executing multiple queries
Sorry, it's the other way around. Oracle does not support multiple queries in a query string. I fought this for a long time before I found an Oracle blog/tech note/something that indicated you can't do multiple queries. Stored procedures are probably the only way to go I think, but I've not done that yet. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA C code. C code run. Run code run. Please! - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220380 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: executing multiple queries
Yep...pretty sure with Oracle it's still single query onlybut not in SQL Server ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220381 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Image manipulation - Why Macromedia?!
I believe it goes more like We don't serve French fries here, but here is a menu for the place next door, pick what you what, and we'll go and get it for you. We'll even put it on the same bill... you'll never know that it was from next door unless we told you. Now what you are asking is for them to put it on their own menu, but still get it from next door without telling you. I mean, yea, it would be nice, since you wouldn't have to look at the menu from the place next door, but I think you're just being lazy :-P Russ -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 12:57 PM To: CF-Talk Subject: Re: Image manipulation - Why Macromedia?! I tend to agree with other responses. Image manipulation is available in the underlying java Java is not a panacea for CF users nor an excuse for any lack of some tool in CF. Many CF developers do not wish to learn and use Java. Developers who really want to use Java would go JSP instead. It would be like a restaurant telling you If you want some French fries with your steak, go get them for the Macdo next door ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220382 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: executing multiple queries
Meaning SQL server is more vulnerable to SQL injection attacks. Hmm... wonder what this does? cfset url.parameter='1; drop table orders;' cfquery name=qryname datasource=somedsn Select * from items where itemId=#url.parameter# /cfquery -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 1:36 PM To: CF-Talk Subject: Re: executing multiple queries Yep...pretty sure with Oracle it's still single query onlybut not in SQL Server ;-) Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220383 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CFMX 6.1 download
It wasn't as easy to find as it could be, but here is the download link for Macromedia. http://www.macromedia.com/cfusion/resourcecenter/resourcecenter.cfm?pagename=cfmx%20updaterloc=en%5Fus; -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA C code. C code run. Run code run. Please! - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220384 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: executing multiple queries
Meaning SQL server is more vulnerable to SQL injection attacks. Hmm... wonder what this does? cfset url.parameter='1; drop table orders;' cfquery name=qryname datasource=somedsn Select * from items where itemId=#url.parameter# /cfquery How do you figure Russ? No matter what DB you use, that snippet would make it vulnerableyou should always use CFQUERYPARAM. So how does running multiple statements make a DB vulnerable to SQL injection if you properly use CFQUERYPARAM?? Cheers Bryan Stevenson B.Comm. VP Director of E-Commerce Development Electric Edge Systems Group Inc. phone: 250.480.0642 fax: 250.480.1264 cell: 250.920.8830 e-mail: [EMAIL PROTECTED] web: www.electricedgesystems.com ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220385 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: CFMX 6.1 download
Cheers, I certainly couldn't find that -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: 07 October 2005 18:54 To: CF-Talk Subject: RE: CFMX 6.1 download It wasn't as easy to find as it could be, but here is the download link for Macromedia. http://www.macromedia.com/cfusion/resourcecenter/resourcecenter.cfm?pagename =cfmx%20updaterloc=en%5Fus -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA C code. C code run. Run code run. Please! - Cynthia Dunning Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220386 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: executing multiple queries
Hmm... wonder what this does? cfset url.parameter='1; drop table orders;' cfquery name=qryname datasource=somedsn Select * from items where itemId=#url.parameter# /cfquery Makes a dba very unhappy (unless they were smart enough to use cfqueryparam ;-) ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:220387 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54