RE: cfhttp and Google Search Appliance
> Hey Dave Watts, > > Can you use cfhttp to add/delete/update > collection configuration in a Google mini? > For example when we add a new > collection on one of our systems can we > use cfhttp to update the other or do we > need to do it manually thru the admin > console? Hey, Kevin! Yes, you can! However, it's a pain. You'll need to capture the cookie from your initial request, then send admin credentials in an HTTP POST, then do the collection submission. Dave Watts, CTO, Fig Leaf Software ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311365 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
This is totally off topic in this list, but I'll make this comment and that's an end to it. Your expression "asked for rape" defies the logic of your argument. Asked for rape would mean she asked for sex and would therefore be a consenting adult, ie, not a rape victim. Overall a really bad and totally insensitive analogy, the likes of which I hope we never see on this list again. Enough -Original Message- From: Mark Kruger [mailto:[EMAIL PROTECTED] Sent: 11 August 2008 16:24 To: CF-Talk Subject: RE: SQL injection attack on House of Fusion Rick, While your argument is well put, perhaps we could choose a slightly less inflammatory analogy than rape. We have a large group here and I wouldn't want anyone to be incensed by trivializing such a traumatic event (although obviously that is not the intent). -Mark -Original Message- From: Rick Faircloth [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2008 9:45 AM To: CF-Talk Subject: RE: SQL injection attack on House of Fusion This would probably be more productively viewed as as "responsibility" issue, rather than blame. Both parties, webmaster and attacker, bear responsibility for the status of the server/data/etc. A negligent server/website admin bears a certain amount of responsibility for the situation. The attacker also bears responsibility for the consequences of the attack. A court of law might hold only the attacker ultimately responsible. However, the supervisor of a negligent server/website administrator would view it as shared responsibility between the attacker and the attacked, as in, "Why wasn't the server/website protected in the first place?" Viewing this as a rape case, if a girl was hanging out on a street corner and asking passers-by to rape her, then, yes, she bears some responsibility for putting herself in that situation. It doesn't mean the one who rapes her doesn't bear the greater responsibility for the situation, and, therefore, punishment, but a fair judge would have to ask the girl why was she asking passers-by to rape her in the first place. Girls should reasonably avoid provoking rapists, and rapists should resist their impulses. Likewise, server/website admins should reasonably protect their servers and websites, but hackers should avoid their impulses or share responsibility for the situation. Rick ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311364 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
I'm using WhosOn, an IIS server monitor. It does an auto look up on the location of the IP and I can also set it up to record alerts for keywords, such as DECLARE. www.whoson.com -Original Message- From: Brad Wood [mailto:[EMAIL PROTECTED] Sent: 09 August 2008 18:37 To: CF-Talk Subject: Re: SQL injection attack on House of Fusion Bobby, what have you been using to look up the origin of the IPs en masse? I found a site that let's me do a handful at a time, but I don't know how accurate the data it. It is saying the majority of my IPs originated from the US. ~Brad - Original Message - From: "Bobby Hartsfield" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Saturday, August 09, 2008 11:58 AM Subject: RE: SQL injection attack on House of Fusion > Now look at how many of those are from Asia Pacific Network Info Centre ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311363 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
OK. I thought it was from you. I was sent an email with the link to SQLprev.cfm in an email and they referenced I use your suggestion in the email as well. I stuck the two together.> David Moore, Jr. wrote:> > I am currently using the SQLprev.cfm from Jochem Jochem Wrote? > The what from whom?Please don't shoot me. I am new to all this? Sleep deprived... ~David _ Talk to your Yahoo! Friends via Windows Live Messenger. Find out how. http://www.windowslive.com/explore/messenger?ocid=TXT_TAGLM_WL_messenger_yahoo_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311362 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
David Moore, Jr. wrote: > I am currently using the SQLprev.cfm from Jochem The what from whom? Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311361 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Web Service Issue , pls help
Hi when i try to access the web servies it gives the below error Web service operation RetrieveDocument with parameters {appUserID={_CISWS2},DocumentNumber={189425},ProfileForm={EKRIS_LAD_CPD_PF},DMlib={EKRIS},userID={_CISWS2}} cannot be found. Can someone help me how to acess the ws Below is my WSDL - - http://schemas.xmlsoap.org/wsdl/"; xmlns:conv="http://www.openuri.org/2002/04/soap/conversation/"; xmlns:cw="http://www.openuri.org/2002/04/wsdl/conversation/"; xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"; xmlns:jms="http://www.openuri.org/2002/04/wsdl/jms/"; xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:s="http://www.w3.org/2001/XMLSchema"; xmlns:s0="http://www.openuri.org/"; xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"; targetNamespace="http://www.openuri.org/";> - + http://www.w3.org/2001/XMLSchema"; xmlns:ope="http://www.openuri.org/"; elementFormDefault="qualified" targetNamespace="http://www.openuri.org/";> - - - - - - - - - - - - - - - - - - - - - - - - Retrieve Document Web Service Description: This web service retrieves the required document profile and the document file for the user id Parameters: DMLib - Name of the DM Repository/Library where the document to be retrieved resides in DocumentNumber - The unique identifier of the document to be retrieved VersionNo - Optional parameter. The version of thew document to retrieve. If null, will retrieve latest version ProfileForm - The document profile Form to use appUserID - The user ID of the application account calling this webservice (DM account) userID - The user ID of the actual user using this webservice (DM account) Returns: Document Profile of successfully retrieved document Byte Stream of document Retrieved String Array of Error Messages - - Retrieve Document Web Service Description: This web service retrieves the required document profile and the document file for the user id Parameters: DMLib - Name of the DM Repository/Library where the document to be retrieved resides in DocumentNumber - The unique identifier of the document to be retrieved VersionNo - Optional parameter. The version of thew document to retrieve. If null, will retrieve latest version ProfileForm - The document profile Form to use appUserID - The user ID of the application account calling this webservice (DM account) userID - The user ID of the actual user using this webservice (DM account) Returns: Document Profile of successfully retrieved document Byte Stream of document Retrieved String Array of Error Messages - - Retrieve Document Web Service Description: This web service retrieves the required document profile and the document file for the user id Parameters: DMLib - Name of the DM Repository/Library where the document to be retrieved resides in DocumentNumber - The unique identifier of the document to be retrieved VersionNo - Optional parameter. The version of thew document to retrieve. If null, will retrieve latest version ProfileForm - The document profile Form to use appUserID - The user ID of the application account calling this webservice (DM account) userID - The user ID of the actual user using this webservice (DM account) Returns: Document Profile of successfully retrieved document Byte Stream of document Retrieved String Array of Error Messages - http://schemas.xmlsoap.org/soap/http"; style="document" /> - http://www.openuri.org/RetrieveDocument"; style="document" /> - - - - - - - - - - - - http://urasvr46.ura.gov.sg:8011/webservices/jws/retrieveDocumentAttachment.jws"; /> - http://urasvr46.ura.gov.sg:8011/webservices/jws/retrieveDocumentAttachment.jws"; /> - http://urasvr46.ura.gov.sg:8011/webservices/jws/retrieveDocumentAttachment.jws"; /> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311360 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
>Actually I am a pacifist at heart and always try to not lose my temper (serves >me well with customers, particularly the endlessly annoying ones!) LOLOL. I am actually a moderately conservative liberal. I believe in loosing my temper only when I know I can't find it. > As for not knowing what cfqueryparam is and how to properly secure an > application (there's more to it than just cfqueryparam) hopefully all these > issues that people are dealing with will help such information make it's way > into even beginner CF materials, and not have it be so much of an > afterthought as it seems to have been up to this point. On a serious note, it would have been nice that I would have been more aware when I started coding those many years ago. I have more lines of code that need reworking than I care to think of, but I have to start somewhere. > --- Mary Jo Thanks for your help today! You have been incredibly patient and kind. Now, I must go home because my wife has called for her third and last time, which means I am on the couch... ~David "Rock" Moore _ Get ideas on sharing photos from people like you. Find new ways to share. http://www.windowslive.com/explore/photogallery/posts?ocid=TXT_TAGLM_WL_Photo_Gallery_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311359 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Mary Jo, Sorry. Didn't see all that. First time using this kind of post. > Here's another "smack down" for youit would be nice if you could remove all the extra quoted stuff on your poststake a look at the online web archives, it really makes a mess of the thread! Will do better in the future. No way for me to go in an edit that once it is posted? YUCK. Where's a good Langolier when you need one? Thanks for the education though. ~David P.S. I like your Smack Downs. You got GRIT! Were you wearing a cape or mask when you wrote that SMACK!? _ See what people are saying about Windows Live. Check out featured posts. http://www.windowslive.com/connect?ocid=TXT_TAGLM_WL_connect2_082008 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311358 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> Eric is pretty good at the Smack Down too, Eric The Great takes David > the Geek over the ropes and into the first row of chairs! (Yes, I am > from the South and everything references Wrestling or Nascar) Here's another "smack down" for youit would be nice if you could remove all the extra quoted stuff on your poststake a look at the online web archives, it really makes a mess of the thread! --- Mary Jo ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311357 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
> P.S. Speaking of Smack Down's. Mary Jo's got a great right cross :) Go > get'em girl! LOL, actually I am a pacifist at heart and always try to not lose my temper (serves me well with customers, particularly the endlessly annoying ones!) As for not knowing what cfqueryparam is and how to properly secure an application (there's more to it than just cfqueryparam) hopefully all these issues that people are dealing with will help such information make it's way into even beginner CF materials, and not have it be so much of an afterthought as it seems to have been up to this point. --- Mary Jo ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311356 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: onTap Framework FAST Installation videos
2008/8/20 s. isaac dealey <[EMAIL PROTECTED]>: > Have the onTap framework plus ORM and other plugins installed and > running inside of 5 minutes, with no coding. And no webserver mapping > (re: FarCry). Worth noting that you've been able to run FarCry direct from the webroot since the release of 5.0 earlier this year. I published a video of installing FarCry by dropping into the webroot on OpenBD (of all things) last weekend as fate would have it: http://www.farcrycore.org/tv Regards, geoff http://www.daemon.com.au/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311355 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Form submission issue
Thank you all. I managed to sort it out. I tried various methods to solve the problem, but the hidden field method worked out best for me. THanks ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311354 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Coldfusion Install Hangs on Installing Web Connectors
Hello everyone. I am stuck and am hoping someone here can help. I am trying to install CF8 x64 on a Windows Server 2008 x64 box. Unfortunately, The installer hangs when trying to install the web connectors. Before the install, I disabled Windows' firewall. I also made sure that ISAPI Filters and IIS 6 Management Compatibility roles were installed. Anyone here know how to get through this? The deadline looms... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311353 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Coldfusion IDE for Linux
right... with the recently released beta, you need to implement the fix you just mentioned. that's also referenced on the wiki at http://trac.cfeclipse.org/cfeclipse/wiki/KnownIssues#Missinglinenumbers it might take some tweaking, but given what you get for the price, i think it's worth the tweaks. ymmv. On Wed, Aug 20, 2008 at 6:25 PM, Jesse Beckton <[EMAIL PROTECTED]> wrote: > Sorry Charlie but that fix does not fix! > > Luckily I came across another thread that provides a fix, you have to edit > a file under your workspace, I would imagine that if you ever change your > workspace you would have to make the same change there as well. > > >Um... it's been changed to "won't fix" because it doesn't need fixin'. > >There's a link on the trac page you linked to that'll take you to the wiki > >and show you the resolution to the "issue". > > > >-- > >A byte walks into a bar and orders a pint. Bartender asks him "What's > >wrong?" Byte says "Parity error." Bartender nods and says "Yeah, I thought > >you looked a bit off." > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311352 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Coldfusion IDE for Linux
Maybe I'll try and run Homesite in wine? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311351 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Coldfusion IDE for Linux
Sorry Charlie but that fix does not fix! Luckily I came across another thread that provides a fix, you have to edit a file under your workspace, I would imagine that if you ever change your workspace you would have to make the same change there as well. >Um... it's been changed to "won't fix" because it doesn't need fixin'. >There's a link on the trac page you linked to that'll take you to the wiki >and show you the resolution to the "issue". > >-- >A byte walks into a bar and orders a pint. Bartender asks him "What's >wrong?" Byte says "Parity error." Bartender nods and says "Yeah, I thought >you looked a bit off." ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311350 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cfhttp and Google Search Appliance
Hey Dave Watts, Can you use cfhttp to add/delete/update collection configuration in a Google mini? For example when we add a new collection on one of our systems can we use cfhttp to update the other or do we need to do it manually thru the admin console? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311349 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Coldfusion IDE for Linux
I run CFEclipse on Linux, and its no issue for me? Ubuntu 8.04, Eclipse 3.4.0, Java 1.6.0_06-b02, CFEclipse 1.0.3 Mark On Thu, Aug 21, 2008 at 11:01 AM, Jesse Beckton <[EMAIL PROTECTED]> wrote: > Is there a decent Coldfusion IDE out there for Linux? > > And please don't say "CFEclipse" because it's just broke! The line numbers in > the gutter do not display and I have seen the open tickets for this issue in > their bug tracker and they have closed them with a "won't fix"! > > http://trac.cfeclipse.org/cfeclipse/ticket/323 > > I would really like to run Linux as my primary OS but unfortunately their are > no CF IDE's to speak of for the linux platform. > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311348 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Coldfusion IDE for Linux
When eclipse breaks for me (like the recent JVM-1.6.whatever issue) i go back to gedit (and tell gnome to colour .cfm files like html). really there are only two IDEs for Coldfusion on any platform - dreamweaver and eclipse. neither were built with cf in mind, so neither of them are great. i keep a windows machine for testing and playing Oblivion, and sometimes i use eclipse there... my discovery of the week though, was the subversion plugin for Thunar. it's not tortoise, but it's good enough. asdwerf On Wed, 2008-08-20 at 21:01 -0400, Jesse Beckton wrote: > Is there a decent Coldfusion IDE out there for Linux? > > And please don't say "CFEclipse" because it's just broke! The line numbers in > the gutter do not display and I have seen the open tickets for this issue in > their bug tracker and they have closed them with a "won't fix"! > > http://trac.cfeclipse.org/cfeclipse/ticket/323 > > I would really like to run Linux as my primary OS but unfortunately their are > no CF IDE's to speak of for the linux platform. > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311347 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Coldfusion IDE for Linux
On Wed, Aug 20, 2008 at 6:01 PM, Jesse Beckton <[EMAIL PROTECTED]> wrote: > Is there a decent Coldfusion IDE out there for Linux? > > And please don't say "CFEclipse" because it's just broke! The line numbers > in the gutter do not display and I have seen the open tickets for this issue > in their bug tracker and they have closed them with a "won't fix"! > > http://trac.cfeclipse.org/cfeclipse/ticket/323 > Um... it's been changed to "won't fix" because it doesn't need fixin'. There's a link on the trac page you linked to that'll take you to the wiki and show you the resolution to the "issue". -- A byte walks into a bar and orders a pint. Bartender asks him "What's wrong?" Byte says "Parity error." Bartender nods and says "Yeah, I thought you looked a bit off." ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311346 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Coldfusion IDE for Linux
Is there a decent Coldfusion IDE out there for Linux? And please don't say "CFEclipse" because it's just broke! The line numbers in the gutter do not display and I have seen the open tickets for this issue in their bug tracker and they have closed them with a "won't fix"! http://trac.cfeclipse.org/cfeclipse/ticket/323 I would really like to run Linux as my primary OS but unfortunately their are no CF IDE's to speak of for the linux platform. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311345 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Accessing Sharepoint file
> My mission is to copy the file directly from a sharepoint > directory (which can only be accessed through url path like > http://sharepointserver/docs/getfile.doc) into the coldfusion > application server path (defined by mapping) > > Issue is I tried using the cffile tag for it but I guess > cffile doesn't handle the url path like > (http://sharepointserver/docs/getfile.doc), so I went with > cfhttp to resolve the url and get the content. > > I am able to pass through all the syntax issues but it gives > me an error saying "you are not authenticated", actually > there are no credentials set on the sharepoint server even > though it gives me with the error message. If you can get something via an HTTP request from a browser, but you can't do the same with CFHTTP, you need to compare the two HTTP requests and see what's different between them. You can use a packet sniffer or a recording proxy to examine HTTP traffic. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311344 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Accessing Sharepoint file
Hi, My mission is to copy the file directly from a sharepoint directory (which can only be accessed through url path like http://sharepointserver/docs/getfile.doc) into the coldfusion application server path (defined by mapping) Issue is I tried using the cffile tag for it but I guess cffile doesn't handle the url path like (http://sharepointserver/docs/getfile.doc), so I went with cfhttp to resolve the url and get the content. I am able to pass through all the syntax issues but it gives me an error saying "you are not authenticated", actually there are no credentials set on the sharepoint server even though it gives me with the error message. I'd appreciate if any one has a solution for this? Thanks & Regards, Vamsi ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311343 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Query Too Complex for Access?
>>Does anyone else know of any other ways? Plenty of them, but no one is better ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311342 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Don't feel bad, David. I am a freelance CF programmer. I spend most of my time working on bug fixes or feature enhancements on code written by others.And the vast majority of files I work on have no http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311341 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
ColdFusion and Flex jobs
http://cfrecruiter.blogspot.com/ ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311340 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
A while ago I read a totally rivetting book called "The Art Of Intrusion" by Kevin D Mitnick, the legendary hacker who was sent to jail for his intrusion exploits.He runs a security company now, that tests you security and reports back on how well you've done. He says one of the most common failures of security systems of all kinds is that they rely on a secure perimeter.The theory is that if we keep the hoards out of the city at the boundaries, that's all we need to do. Unfortunately all the bad guys need is a single crack in that outer perimeter and tehy can go wherever they like. So his hacking attempts usually meant hunting for some hole in the wall, and once through that hole the entire enterprise was laid out for the taking. He'd find a router left online but unsecure by some lazy support person who wanted to be able to work from home. Or a long-forgotten modem somewhere, and once through that security hole, there were no other security blockers and teh whole network was his for the raping and pillaging. The lesson we learn from this?Dont rely on only one defense mechanism. All it takes is one crack in that armour and you're dead. You need to use all the weapons you have at your disposal. In this case, we need to use the Regex blockers, http://afpwebworks.com ColdFusion, PHP, ASP, ASP.NET hosting from AUD$15/month ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311339 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
> When you say "Update Your Code", are you saying using > ? Yes. That is the only mechanism guaranteed to prevent known and future SQL injection attacks. Using a filter can protect you from the current attack long enough for you to fix your broken code. > But even so, the SQL injection still will use > up countless resources instead of cutting it off early. So, > go back and fix 1,000's of lines of code I have developed > over the last 'upteen' years or stop it before it starts? Is > this something new to CF8 or just a necessary evil because of > SQL Injection Attacks. It's only possible to stop something before it starts if you can clearly identify what "it" is. In this attack, for example, there are some specific keywords that you can use in a filter: DECLARE and CAST. The next attack may use different keywords, or different permutations of the same keywords (using Unicode sequences instead of ASCII characters, for example). Your main concern is not the consumption of resources as a result of an automated attack. That's just like any other denial of service attack, basically. If you can filter it out successfully, that's good for you, but you should be far more concerned with the results of a successful SQL injection attack. > is something a lot of programmers really use? A lot of (arguably, almost all) competent programmers use it. Fewer incompetent programmers use it. I'm not trying to pick a fight with you either; I'm not calling you incompetent. But at this point, web application programmers using almost any language should be familiar with the concept of prepared statements (what you're building with CFQUERYPARAM) and why they're important. > I am afraid all I know is what I have learned from books and > forums. This is the first I have ever heard of using . It's been mentioned periodically on this list for years. It's covered in the official Adobe courseware, and in all of the CF books I've seen. That said, I can see how you might not know about it if you don't pay relatively close attention to all this stuff. But with THAT said, it is your job and responsibility as a web developer to be aware of best practices and requirements within that field. There are PLENTY of resources about building secure web applications. Those resources might not cover CF specifically all that much, but if you read in Open Web Application Security Project (http://www.owasp.org/index.php/Top_10_2007), for example, about the top ten vulnerabilities in web applications, you would see that SQL injection is on the list and that you use prepared statements to prevent it. Your next question should be, "how do I build a prepared statement in ColdFusion?" You, as the web developer, are often responsible for ALL SORTS of things that you're not going to learn in books or forums: development issues like application security, interface issues like usability and accessibility, business issues, deplooyment issues, etc, etc. What's more, your responsibility may well be legally binding; in other words, you might get sued for doing the wrong thing for a client. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311338 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
Consider me connected. At the same time, I will try not to just suck the life out of the list and provide substance where I can. I was a morning radio announcer for 20 years before becoming a web programmer, so if you can't remember the name of that song or artist - just ask. :) As for the can o' worms. If you're ever in Spartanburg, SC, just bring 'em along and I can show you some really nice fishin! Seriously, thanks everyone! ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 18:17:34 -0400> > > I certainly don't feel picked on. I feel blessed to have a place where I can learn from people who do know so much. And you are right. I (we) only seem to learn under fire. I am a one man business owner in a small town with limited resources and time. 10 hour days, work weekends, what is family time except coaching baseball-soccer-basketball, and I have forgotten what sleep even is. So, what do we do?> > Well, the first step is getting more connected to the community, being > exposed to different styles, and being on a list such as this one is a > great start. Presentations at user groups can also cover topics such as > this if you have one near your area.> > > So, what is PCI-DSS (he asks sheepishly) or is that a whole nother Post> > In short, PCI-DSS is the Payment Card Industry Data Security Standard. > It is required for any merchant who accepts, processes, handles, stores, > or transmits credit card or debit card information. It isn't law, but > your merchant account (or those of your clients) will have provisions in > their contracts that require compliance with these rules. You can read > more about it at:> > https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml> > That's another whole can o' worms though.> > > -Justin Scott> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311337 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> So, I have found like the "Mother Load" of good programmers who really care > about Cold Fusion and take the time to do it right? Pretty much. The skill level on the list varies from "can express the meaning of life in ColdFusion" to "what's a database" so your experience may vary. I'd like to think that everyone here, including me, is looking to learn through the experience of others, so you're in the right place. Welcome! -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311336 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
> I certainly don't feel picked on. I feel blessed to have a place where I can > learn from people who do know so much. And you are right. I (we) only seem to > learn under fire. I am a one man business owner in a small town with limited > resources and time. 10 hour days, work weekends, what is family time except > coaching baseball-soccer-basketball, and I have forgotten what sleep even is. > So, what do we do? Well, the first step is getting more connected to the community, being exposed to different styles, and being on a list such as this one is a great start. Presentations at user groups can also cover topics such as this if you have one near your area. > So, what is PCI-DSS (he asks sheepishly) or is that a whole nother Post In short, PCI-DSS is the Payment Card Industry Data Security Standard. It is required for any merchant who accepts, processes, handles, stores, or transmits credit card or debit card information. It isn't law, but your merchant account (or those of your clients) will have provisions in their contracts that require compliance with these rules. You can read more about it at: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml That's another whole can o' worms though. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311335 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
So, I have found like the "Mother Load" of good programmers who really care about Cold Fusion and take the time to do it right? Becuase every peice of code I have ever gotten from Adobe Exchange or Purchase from other sites has never had . And I know Ben is going to shoot me, because looking back at some of his Advanced books now I see where he says I should be using it. I guess my 10 hour days just turned into 14 hours. Anybody got a Starbucks Supersize Java Java Double Caffeine coupon? Eric is pretty good at the Smack Down too, Eric The Great takes David the Geek over the ropes and into the first row of chairs! (Yes, I am from the South and everything references Wrestling or Nascar) ~David> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 16:59:26 -0500> > >is something a lot of programmers really use?> > > Only the good ones. ;)> > > Thanks,> > Eric> > David Moore, Jr. wrote:> > When you say "Update Your Code", are you saying using ? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. > > > > Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is something a lot of programmers really use? I have never seen used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using .> > > > ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 17:01:42 -0400> > > I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a "my SQL Injection blocker is better than yours", yet trying to educate myself on just what is going on and what is best to do. > > My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) > just checks for basic SQL keywords with a semicolon in URL variables. > It's a quick and dirty way to give you some protection from bots > short-term while your code base is updated to use best practices and > secure coding methods. Mary Jo's is more thorough in that it checks > additional variable scopes, and can help protect better against > hand-drafted attacks, but may have a higher p> otential for false > positives (though it's improved recently from what I can tell).> > SQLPrev has a version compatible with CF5 for those who need it where > the other script relies on CFMX functions to run. I'm not saying one is > better than the other, they both get the job done. Just use whatever > works best for you, and update your code so that you don't need either > of them .> > > -Justin Scott> > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311334 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Well, it is my goal :) not there yet...> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 16:59:26 -0500> > >is something a lot of programmers really use?> > > Only the good ones. ;)> > > Thanks,> > Eric> > David Moore, Jr. wrote:> > When you say "Update Your Code", are you saying using ? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. > > > > Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is something a lot of programmers really use? I have never seen used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using .> > > > ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 17:01:42 -0400> > > I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a "my SQL Injection blocker is better than yours", yet trying to educate myself on just what is going on and what is best to do. > > My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) > just checks for basic SQL keywords with a semicolon in URL variables. > It's a quick and dirty way to give you some protection from bots > short-term while your code base is updated to use best practices and > secure coding methods. Mary Jo's is more thorough in that it checks > additional variable scopes, and can help protect better against > hand-drafted attacks, but may have a higher p> otential for false > positives (though it's improved recently from what I can tell).> > SQLPrev has a version compatible with CF5 for those who need it where > the other script relies on CFMX functions to run. I'm not saying one is > better than the other, they both get the job done. Just use whatever > works best for you, and update your code so that you don't need either > of them .> > > -Justin Scott> > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311333 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
The only way I found the SQL Injection Attack was my server kept crawling to a dead hault. I looked in SeeFusion (some softwear I purchased that lets me see what is going on live with the websites) and I noticed that the sites Total Time just kept going up and never resolving, basically every website coming to a hault and bringing my server to a scretching hault. I would reboot CF to get it to unlock. After a scan of Cold Fusion logfiles application.cfm file, I saw this weird URL string and thus my search landed me here. Whether or not that is what was or is bringing my server to a hault, I don't know - but I can only hope. I am pretty sure it has something to do with the (don't everyone scream all at once) 45 access databases I am using to run the individual websites off of or not, but just maybe. ~ David G. Moore, Jr. P.S. Can't wait to see everyone's response to this one? I am pretty sure I am about to get another SMACK DOWN...> Subject: RE: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 17:59:23 -0400> > > Does this thing just raise it's ugly head every now and then > > and go away for a while? This is the first I have seen of it > > on my server.> > This is the first large-scale automated SQL injection attack. Automated> attacks have been around for a long time, as have SQL injection attacks.> > Honestly, this current attack is just a nuisance. SQL injection attacks are> usually more destructive, in that they often involve the theft of sensitive> data. In those cases, of course, the attack is manual rather than automated.> But if your site is vulnerable to this automated attack, it has always been> vulnerable to these manual, destructive attacks - which may have already> occurred without your knowledge.> > Dave Watts, CTO, Fig Leaf Software> http://www.figleaf.com/> > Fig Leaf Software provides the highest caliber vendor-authorized> instruction at our training centers in Washington DC, Atlanta,> Chicago, Baltimore, Northern Virginia, or on-site at your location.> Visit http://training.figleaf.com/ for more information!> > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311332 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
Eric, A good answer might be "it is now" :) -Original Message- From: Eric Cobb [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 4:59 PM To: CF-Talk Subject: Re: SQL injection attack on House of Fusion >is something a lot of programmers really use? Only the good ones. ;) Thanks, Eric David Moore, Jr. wrote: > When you say "Update Your Code", are you saying using ? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. > > Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is something a lot of programmers really use? I have never seen used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using . > > ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of > Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> > Date: Wed, 20 Aug 2008 17:01:42 -0400> > > I am currently using the > SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth > suckage from my server, but was wondering what the difference would be > with this one. I am not looking to start a "my SQL Injection blocker > is better than yours", yet trying to educate myself on just what is > going on and what is best to do. > > My original SQLprev script > (http://www.gravityfree.com/_sqlprev.cfm.txt) > just checks for basic > SQL keywords with a semicolon in URL variables. > It's a quick and > dirty way to give you some protection from bots > short-term while > your code base is updated to use best practices and > secure coding > methods. Mary Jo's is more thorough in that it checks > additional > variable scopes, and can help protect better against > hand-drafted > attacks, but may have a higher p otential for false > positives (though it's improved recently from what I can tell).> > SQLPrev has a version compatible with CF5 for those who need it where > the other script relies on CFMX functions to run. I'm not saying one is > better than the other, they both get the job done. Just use whatever > works best for you, and update your code so that you don't need either > of them .> > > -Justin Scott> > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311331 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
Right on Dave... That's a point I've been making as well. It is the SQL injection attacks that don't "obviously" do anything that are more insidious. For those of you who have found your sites vulnerable, this attack is not the one that should be keeping you up at night. Instead, it should be those attacks that came in and left with your data without arousing any alarm at all :) -Mark Mark A. Kruger, CFG, MCSE (402) 408-3733 ext 105 www.cfwebtools.com www.coldfusionmuse.com www.necfug.com -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 4:59 PM To: CF-Talk Subject: RE: SQL injection attack on House of Fusion > Does this thing just raise it's ugly head every now and then and go > away for a while? This is the first I have seen of it on my server. This is the first large-scale automated SQL injection attack. Automated attacks have been around for a long time, as have SQL injection attacks. Honestly, this current attack is just a nuisance. SQL injection attacks are usually more destructive, in that they often involve the theft of sensitive data. In those cases, of course, the attack is manual rather than automated. But if your site is vulnerable to this automated attack, it has always been vulnerable to these manual, destructive attacks - which may have already occurred without your knowledge. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311330 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
>is something a lot of programmers really use? Only the good ones. ;) Thanks, Eric David Moore, Jr. wrote: > When you say "Update Your Code", are you saying using ? But > even so, the SQL injection still will use up countless resources instead of > cutting it off early. So, go back and fix 1,000's of lines of code I have > developed over the last 'upteen' years or stop it before it starts? Is this > something new to CF8 or just a necessary evil because of SQL Injection > Attacks. > > Not trying to pick a fight, becuase I am sure you have forgotten more code > than I will ever know (seriously) and I am probably just being lazy > (seriously), but is something a lot of programmers really use? > I have never seen used on any tags I have purchased or > exchanged and I am afraid all I know is what I have learned from books and > forums. This is the first I have ever heard of using . > > ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of Fusion> > From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug > 2008 17:01:42 -0400> > > I am currently using the SQLprev.cfm from Jochem to > stop the onslaught of superfluous bandwidth suckage from my server, but was > wondering what the difference would be with this one. I am not looking to > start a "my SQL Injection blocker is better than yours", yet trying to > educate myself on just what is going on and what is best to do. > > My > original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) > just > checks for basic SQL keywords with a semicolon in URL variables. > It's a > quick and dirty way to give you some protection from bots > short-term while > your code base is updated to use best practices and > secure coding methods. > Mary Jo's is more thorough in that it checks > additional variable scopes, > and can help protect better against > hand-drafted attacks, but may have a > higher p otential for false > positives (though it's improved recently from what I can tell).> > SQLPrev has a version compatible with CF5 for those who need it where > the other script relies on CFMX functions to run. I'm not saying one is > better than the other, they both get the job done. Just use whatever > works best for you, and update your code so that you don't need either > of them .> > > -Justin Scott> > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311329 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
Justin, I certainly don't feel picked on. I feel blessed to have a place where I can learn from people who do know so much. And you are right. I (we) only seem to learn under fire. I am a one man business owner in a small town with limited resources and time. 10 hour days, work weekends, what is family time except coaching baseball-soccer-basketball, and I have forgotten what sleep even is. So, what do we do? I am a little embarrassed to say I didn't know, but at least in honesty I can learn and get a complete picture. So, what is PCI-DSS (he asks sheepishly) or is that a whole nother Post Thanks everyone! ~David G. Moore, Jr. P.S. Speaking of Smack Down's. Mary Jo's got a great right cross :) Go get'em girl!> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 17:41:12 -0400> > > When you say "Update Your Code", are you saying using ? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. > > Essentially, yes, code should be using cfqueryparam and other secure > coding methods to keep the baddies out. The resources will get used > either way, really. You can either rely on a filter up-front and use up > CPU cycles regardless of whether a user is legitimate or not, or even > whether or not a query is being run in the page or not, etc. Or, you > can implement cfqueryparam where appropriate and only use those cycles > where they're needed, and you'll get the added benefit of prepared > statements on the SQL Server in most cases and the queries will run > slightly faster as a result. Either way you go, protect yourself and > your clients.> > SQL injection attacks have been around since before I got started in web > development, and secure coding against them has been a best practice > just as long. I remember updating "old" CF code I inherited way back > when I was using ColdFusion 4, so it's certainly nothing new.> > It's unfortunate that you haven't seen this in practice until now, but > it really is something you should be doing. It's been my observation > over the years that web programmers in general (not just limited to > ColdFusion) tend to learn about security only when there is a breach of > some kind, and then have to scramble to learn under fire. Just as an > example, how many out there run e-commerce applications and have never > heard of PCI-DSS?> > I'm not picking on you specifically, David, so please don't think I'm > calling you out or anything. I'm always learning new things myself, but > we web developers need to collectively get more educated about the risks > and threats we face and alter our practice accordingly.> > > -Justin Scott> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311328 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
> Does this thing just raise it's ugly head every now and then > and go away for a while? This is the first I have seen of it > on my server. This is the first large-scale automated SQL injection attack. Automated attacks have been around for a long time, as have SQL injection attacks. Honestly, this current attack is just a nuisance. SQL injection attacks are usually more destructive, in that they often involve the theft of sensitive data. In those cases, of course, the attack is manual rather than automated. But if your site is vulnerable to this automated attack, it has always been vulnerable to these manual, destructive attacks - which may have already occurred without your knowledge. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311327 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
As someone who was hit by the attack on the first day. I will say I've used cfqueryparam for years and yet I had a handful of pages with old code where I was not using cfqueryparam. It just takes one page that's publically accessible to do damage. Once I fixed the pages in question, try as they might, I have not been effected since. Using cfqueryparam is a good habit to get into, to protect your sites and client sites. I was also running a forum program I purchased years ago CFForum2000 I think, and all the code in that product was not using cfqueryparam either. I had to go through and edit the code throughout. It's possible their newer versions are using proper coding but it was a bit of a pain, and really my own fault for not rechecking that code long ago. Kelly David Moore, Jr. wrote: > When you say "Update Your Code", are you saying using ? But > even so, the SQL injection still will use up countless resources instead of > cutting it off early. So, go back and fix 1,000's of lines of code I have > developed over the last 'upteen' years or stop it before it starts? Is this > something new to CF8 or just a necessary evil because of SQL Injection > Attacks. > > Not trying to pick a fight, becuase I am sure you have forgotten more code > than I will ever know (seriously) and I am probably just being lazy > (seriously), but is something a lot of programmers really use? > I have never seen used on any tags I have purchased or > exchanged and I am afraid all I know is what I have learned from books and > forums. This is the first I have ever heard of using . > > ~David G. Moore, ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311326 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> When you say "Update Your Code", are you saying using ? But > even so, the SQL injection still will use up countless resources instead of > cutting it off early. So, go back and fix 1,000's of lines of code I have > developed over the last 'upteen' years or stop it before it starts? Is this > something new to CF8 or just a necessary evil because of SQL Injection > Attacks. Essentially, yes, code should be using cfqueryparam and other secure coding methods to keep the baddies out. The resources will get used either way, really. You can either rely on a filter up-front and use up CPU cycles regardless of whether a user is legitimate or not, or even whether or not a query is being run in the page or not, etc. Or, you can implement cfqueryparam where appropriate and only use those cycles where they're needed, and you'll get the added benefit of prepared statements on the SQL Server in most cases and the queries will run slightly faster as a result. Either way you go, protect yourself and your clients. SQL injection attacks have been around since before I got started in web development, and secure coding against them has been a best practice just as long. I remember updating "old" CF code I inherited way back when I was using ColdFusion 4, so it's certainly nothing new. It's unfortunate that you haven't seen this in practice until now, but it really is something you should be doing. It's been my observation over the years that web programmers in general (not just limited to ColdFusion) tend to learn about security only when there is a breach of some kind, and then have to scramble to learn under fire. Just as an example, how many out there run e-commerce applications and have never heard of PCI-DSS? I'm not picking on you specifically, David, so please don't think I'm calling you out or anything. I'm always learning new things myself, but we web developers need to collectively get more educated about the risks and threats we face and alter our practice accordingly. -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311325 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: SQL injection attack on House of Fusion
And this is where I am. I have been using CF since 4.5. Very Scary. Glad I have found this list. I am sure to learn a lot. I will try to read and not bother. Thanks for the SMACK DOWN. I will start to write it in and become more learned. I can say, just in the last weeks since joining I have learned a lot. ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 14:35:19 -0700> > > Not trying to pick a fight, becuase I am sure you have forgotten more code > > than I will ever know (seriously) and I am probably just >being lazy > > (seriously), but is something a lot of programmers really > > use? I have never seen used on >any tags I have purchased > > or exchanged and I am afraid all I know is what I have learned from books > > and forums. This is the first I >have ever heard of using .> > It depends on what you mean by "a lot". But, if you'd been hanging out on > this list at all, you'd have heard of cfqueryparam. It's discussed quite > often. But, since most people learn ColdFusion on their own, and it's not a > "necessary" tag to know about to get things done, you could go for years > without using it or even understanding why it's needed.> > -- Josh> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311324 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
> Not trying to pick a fight, becuase I am sure you have forgotten more code > than I will ever know (seriously) and I am probably just >being lazy > (seriously), but is something a lot of programmers really > use? I have never seen used on >any tags I have purchased > or exchanged and I am afraid all I know is what I have learned from books > and forums. This is the first I >have ever heard of using . It depends on what you mean by "a lot". But, if you'd been hanging out on this list at all, you'd have heard of cfqueryparam. It's discussed quite often. But, since most people learn ColdFusion on their own, and it's not a "necessary" tag to know about to get things done, you could go for years without using it or even understanding why it's needed. -- Josh ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311323 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
David Moore, Jr. wrote: > Not trying to pick a fight, becuase I am sure you have forgotten more code > than I will ever know (seriously) and I am probably just being lazy > (seriously), but is something a lot of programmers really use? > I have never seen used on any tags I have purchased or > exchanged and I am afraid all I know is what I have learned from books and > forums. This is the first I have ever heard of using . Yes is well used and for very good reasons. One of which is what do you want to happen if the next clever hacker comes along with an attack that gets around all these solutions that have been developed to stop them at the gate? Do you really want to gamble your data and possible career on that fact that you can out guess every hacker who collectively have almost endless time and resources to figure out ways around these solutions? I equate it to this analogy I have been dying to use for some time. Would you never build the city walls and gates just because you have sentries watching the road? No matter how good and undefeatable you think your sentries are. Or why have database passwords if you have a firewall. (That one might be better) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311322 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> When you say "Update Your Code", are you saying using ? Yes, that's what he is saying. > so, go back and fix 1,000's of lines > of code I have developed over the last 'upteen' years or stop it > before it starts? Because if you don't, you are putting a LOT of faith in these blockers and assuming that hackers won't find other ways to attack a vulnerable application that doesn't get by them. Personally, I'm not sure I'd put *that* much trust in them, if I really cared about my sites being safe. > Is this something new to CF8 or just a necessary > evil because of SQL Injection Attacks. Nothing new, and certainly not unique to ColdFusion either. > is something a lot of programmers > really use? Uh, yes. > This is the first I have ever heard of using . That is a truly scary thought. I hope you will spend some time on the ColdFusion blogs which have lots of information on the importance of using it. --- Mary Jo ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311321 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
When you say "Update Your Code", are you saying using ? But even so, the SQL injection still will use up countless resources instead of cutting it off early. So, go back and fix 1,000's of lines of code I have developed over the last 'upteen' years or stop it before it starts? Is this something new to CF8 or just a necessary evil because of SQL Injection Attacks. Not trying to pick a fight, becuase I am sure you have forgotten more code than I will ever know (seriously) and I am probably just being lazy (seriously), but is something a lot of programmers really use? I have never seen used on any tags I have purchased or exchanged and I am afraid all I know is what I have learned from books and forums. This is the first I have ever heard of using . ~David G. Moore, Jr.> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 17:01:42 -0400> > > I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a "my SQL Injection blocker is better than yours", yet trying to educate myself on just what is going on and what is best to do. > > My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) > just checks for basic SQL keywords with a semicolon in URL variables. > It's a quick and dirty way to give you some protection from bots > short-term while your code base is updated to use best practices and > secure coding methods. Mary Jo's is more thorough in that it checks > additional variable scopes, and can help protect better against > hand-drafted attacks, but may have a higher potential for false > positives (though it's improved recently from what I can tell).> > SQLPrev has a version compatible with CF5 for those who need it where > the other script relies on CFMX functions to run. I'm not saying one is > better than the other, they both get the job done. Just use whatever > works best for you, and update your code so that you don't need either > of them .> > > -Justin Scott> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311320 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Flash Site Links Sanity Check
Tried w/ FF3, IE7 and Safari 3.1.2 for Windows. Had no problems. Mark Leder wrote: > Hi all, > > > > We're having reports of links not being clickable in a site: > > > > Take a look at this URL (which has been live for 3 years): > > http://www.mypersonalbrilliance.com > > > > Also, look at this URL (also live for 3 years): > > http://blog.mypersonalbrilliance.com > > > > For both sites, click a few of the links in the black bar at top, and the > four floating links in the "lights" area at top. > > > > Clickable with redirection? Any problems? > > > > I've rechecked the crossdomain.xml file and inserted the eolas js fix from > adobe (for the double click problem in IE). I can't find any issues (nor > recreate the problem), but my client is having intermittent problems. We've > tried it here and remotely on several machines, using WinXP - FF2, FF3, IE6 > and IE7. > > > > Thank for your help. > > > > Mark > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311319 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Query Too Complex for Access?
David, I don't know if it will or not, you will just need to test. I'm sure there is some upper limit as to how many bytes you can send in a call to the DB, but I'm also betting that's driver dependent. Oh, if there is a possibility that getActiveWorks might be empty, you will want this: AND Works.Inventory NOT IN (#listQualify(valueList(getActiveWorks.ThisReference),"'")#) If you don't have that condition around it, you could end up with this SQL, which would bomb: AND Works.Inventory NOT IN () If your app is going to exceed some limit, you may need to break your query down somehow. Hopefuly that won't be an issue though. Hope this helps! Dave -Original Message- From: David Moore, Jr. [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 3:48 PM To: CF-Talk Subject: RE: Query Too Complex for Access? I noticed that after I hit the 'send' button. I had a to check if there were actual records before running the statement. I didn't think I needed to show all that, so I took it out, but left the stray end code. The code works well. I haven't tested it at a lot of values though. This will not have the same issue once their are like 100 records in the getActiveWorks query. Right? ~David G. Moore, Jr. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311318 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
> I am currently using the SQLprev.cfm from Jochem to stop the onslaught of > superfluous bandwidth suckage from my server, but was wondering what the > difference would be with this one. I am not looking to start a "my SQL > Injection blocker is better than yours", yet trying to educate myself on just > what is going on and what is best to do. My original SQLprev script (http://www.gravityfree.com/_sqlprev.cfm.txt) just checks for basic SQL keywords with a semicolon in URL variables. It's a quick and dirty way to give you some protection from bots short-term while your code base is updated to use best practices and secure coding methods. Mary Jo's is more thorough in that it checks additional variable scopes, and can help protect better against hand-drafted attacks, but may have a higher potential for false positives (though it's improved recently from what I can tell). SQLPrev has a version compatible with CF5 for those who need it where the other script relies on CFMX functions to run. I'm not saying one is better than the other, they both get the job done. Just use whatever works best for you, and update your code so that you don't need either of them . -Justin Scott ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311317 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Flash Site Links Sanity Check
At one point my browser hung and only revealed an "Email Jim" hyperlink. This was in the address bar "http://www.mypersonalbrilliance.com/about/";. I clicked through them 20 or so times after that without a problem. -Original Message- From: Mark Leder [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 11:46 AM To: CF-Talk Subject: Flash Site Links Sanity Check Hi all, We're having reports of links not being clickable in a site: Take a look at this URL (which has been live for 3 years): http://www.mypersonalbrilliance.com Also, look at this URL (also live for 3 years): http://blog.mypersonalbrilliance.com For both sites, click a few of the links in the black bar at top, and the four floating links in the "lights" area at top. Clickable with redirection? Any problems? I've rechecked the crossdomain.xml file and inserted the eolas js fix from adobe (for the double click problem in IE). I can't find any issues (nor recreate the problem), but my client is having intermittent problems. We've tried it here and remotely on several machines, using WinXP - FF2, FF3, IE6 and IE7. Thank for your help. Mark ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311316 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Query Too Complex for Access?
I noticed that after I hit the 'send' button. I had a to check if there were actual records before running the statement. I didn't think I needed to show all that, so I took it out, but left the stray end code. The code works well. I haven't tested it at a lot of values though. This will not have the same issue once their are like 100 records in the getActiveWorks query. Right? ~David G. Moore, Jr.> Subject: RE: Query Too Complex for Access?> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 15:18:11 -0500> > Acutally, the first part is correct. The listQualify() function actually> just places 'single quotes' around each of the values in your valuelist> since that would be required by the DB.> > List qualify doesn't check any variables.> > I noticed you had a stray tag. Were you missing a condition> as you only wanted to compare against 'some' of the records in> getActiveWorks? If so, send your CFIF statement as we'll have to modify> what I sent you earlier.> > Dave> > -Original Message-> From: David Moore, Jr. [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2008 1:37 PM> To: CF-Talk> Subject: RE: Query Too Complex for Access?> > No I haven't. > > What you are saying is that I should use valueList to build a full list from> all values in the getActiveWorks query and then listQualify to see if any> variable matches.> > Thanks David! I will give it a shot. > > Does anyone else know of any other ways?> > David G. Moore, Jr.> UpstateWeb. LLC> Subject: RE: Query Too Complex for Access?> From:> [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed,> 20 Aug 2008 13:27:34 -0500> > Have you tried:> > AND Works.ThisInventory not> in> (#listQualify(valueList(getActiveWorks.ThisReference),"'")#)> > ??> >> Dave> -Original Message-> From: David Moore> [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2008 1:18 PM>> To: CF-Talk> Subject: Query Too Complex for Access?> > I know I am setting> myself up for another "Query too complex" issue, so> before I start I> thought I would ask for suggestions. I run into this when I> have to> reference two different Access databases that are Client imposed> (don't> ask). Basically, I have to use one for active data and one to show>> available date (minus the active data). This is, of coures, where the>> problem comes in. The queries will help:> > datasource="#DSN#">> SELECT * > FROM Works > WHERE Works.PageReference => #FORM.ThisPage#> AND Works.TypeReference = '#FORM.ThisType#'> > >> > SELECT *> FROM Works, Artists> > WHERE Artists.ArtistNumber = Works.ArtistNumber> AND Works.Type => '#FORM.ThisType#'> > AND Works.ThisInventory> <> '#getActiveWorks.ThisReference#'> > ORDER BY Works.Title> Asc> > > Where the cfloop is is where the problem is going to come> into play when the> "Active Works" get to a certain level and the Query> becomes "Too Complex".> What is the Best way to handle this? > > I am using> CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector.> > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311315 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> I am currently using the SQLprev.cfm from Jochem to stop the onslaught > of superfluous bandwidth suckage from my server, but was wondering > what the difference would be with this one. Since I am not familiar with his, I cannot say what the difference would be. I did include URL, form, cookie and common CGI variables into mine as well so it's pretty comprehensive for both this attack and others that might start looking for other vulnerable areas. It uses Gabriel's method of leveraging the java regex pattern matcher which seems to give better performance and less likely to hang on large strings than with CF. Luis Melo who contributed the RegEx that I am now using has his own SQLi blocker as well that includes a bunch of additional functions (such as keeping a list of blacklisted IP addresses in application memory) which some people may like as well. My goal was to just try and put something together that could easily be dropped in any application and do its thing with fairly minimal overhead. > Does this thing just raise it's ugly head every now and then and go > away for a while? This is the first I have seen of it on my server. This particular attack? It does seem to come and go. I have no doubt the hackers will look for other avenues to exploit once it seems that this one is no longer having much effect. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311314 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: SQL injection attack on House of Fusion
I am currently using the SQLprev.cfm from Jochem to stop the onslaught of superfluous bandwidth suckage from my server, but was wondering what the difference would be with this one. I am not looking to start a "my SQL Injection blocker is better than yours", yet trying to educate myself on just what is going on and what is best to do. Does this thing just raise it's ugly head every now and then and go away for a while? This is the first I have seen of it on my server. Thanks in advance, ~David G. Moore, Jr. UpstateWeb, LLC> Subject: Re: SQL injection attack on House of Fusion> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 14:36:46 -0400> > > I also had a concern about thread safety; it's caching the java.util.> > regex.Matcher object in Application scope, and calling Application.> > injChecker.reset(testvar) for each url/form/etc variable -- seems like > > Matcher.reset() changes state of the cached Matcher object? > > Thanks for pointing this out...I updated the tool on my site to address this and also switched it to use a different RegEx that seems to work better and throw less false positives. Same link to download as before:> > http://www.cfwebstore.com/index.cfm?fuseaction=page.download&downloadID=18> > --- Mary Jo> > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311313 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Query Too Complex for Access?
Acutally, the first part is correct. The listQualify() function actually just places 'single quotes' around each of the values in your valuelist since that would be required by the DB. List qualify doesn't check any variables. I noticed you had a stray tag. Were you missing a condition as you only wanted to compare against 'some' of the records in getActiveWorks? If so, send your CFIF statement as we'll have to modify what I sent you earlier. Dave -Original Message- From: David Moore, Jr. [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 1:37 PM To: CF-Talk Subject: RE: Query Too Complex for Access? No I haven't. What you are saying is that I should use valueList to build a full list from all values in the getActiveWorks query and then listQualify to see if any variable matches. Thanks David! I will give it a shot. Does anyone else know of any other ways? David G. Moore, Jr. UpstateWeb. LLC> Subject: RE: Query Too Complex for Access?> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 13:27:34 -0500> > Have you tried:> > AND Works.ThisInventory not in> (#listQualify(valueList(getActiveWorks.ThisReference),"'")#)> > ??> > Dave> -Original Message-> From: David Moore [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2008 1:18 PM> To: CF-Talk> Subject: Query Too Complex for Access?> > I know I am setting myself up for another "Query too complex" issue, so> before I start I thought I would ask for suggestions. I run into this when I> have to reference two different Access databases that are Client imposed> (don't ask). Basically, I have to use one for active data and one to show> available date (minus the active data). This is, of coures, where the> problem comes in. The queries will help:> > > SELECT * > FROM Works > WHERE Works.PageReference = #FORM.ThisPage#> AND Works.TypeReference = '#FORM.ThisType#'> > > > SELECT *> FROM Works, Artists > WHERE Artists.ArtistNumber = Works.ArtistNumber> AND Works.Type = '#FORM.ThisType#'> > AND Works.ThisInventory <> '#getActiveWorks.ThisReference#'> > ORDER BY Works.Title Asc> > > Where the cfloop is is where the problem is going to come into play when the> "Active Works" get to a certain level and the Query becomes "Too Complex".> What is the Best way to handle this? > > I am using CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector.> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311312 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
> I also had a concern about thread safety; it's caching the java.util. > regex.Matcher object in Application scope, and calling Application. > injChecker.reset(testvar) for each url/form/etc variable -- seems like > Matcher.reset() changes state of the cached Matcher object? Thanks for pointing this out...I updated the tool on my site to address this and also switched it to use a different RegEx that seems to work better and throw less false positives. Same link to download as before: http://www.cfwebstore.com/index.cfm?fuseaction=page.download&downloadID=18 --- Mary Jo ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311311 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Query Too Complex for Access?
No I haven't. What you are saying is that I should use valueList to build a full list from all values in the getActiveWorks query and then listQualify to see if any variable matches. Thanks David! I will give it a shot. Does anyone else know of any other ways? David G. Moore, Jr. UpstateWeb. LLC> Subject: RE: Query Too Complex for Access?> From: [EMAIL PROTECTED]> To: cf-talk@houseoffusion.com> Date: Wed, 20 Aug 2008 13:27:34 -0500> > Have you tried:> > AND Works.ThisInventory not in> (#listQualify(valueList(getActiveWorks.ThisReference),"'")#)> > ??> > Dave> -Original Message-> From: David Moore [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 20, 2008 1:18 PM> To: CF-Talk> Subject: Query Too Complex for Access?> > I know I am setting myself up for another "Query too complex" issue, so> before I start I thought I would ask for suggestions. I run into this when I> have to reference two different Access databases that are Client imposed> (don't ask). Basically, I have to use one for active data and one to show> available date (minus the active data). This is, of coures, where the> problem comes in. The queries will help:> > > SELECT * > FROM Works > WHERE Works.PageReference = #FORM.ThisPage#> AND Works.TypeReference = '#FORM.ThisType#'> > > > SELECT *> FROM Works, Artists > WHERE Artists.ArtistNumber = Works.ArtistNumber> AND Works.Type = '#FORM.ThisType#'> > AND Works.ThisInventory <> '#getActiveWorks.ThisReference#'> > ORDER BY Works.Title Asc> > > Where the cfloop is is where the problem is going to come into play when the> "Active Works" get to a certain level and the Query becomes "Too Complex".> What is the Best way to handle this? > > I am using CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector.> > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311310 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Query Too Complex for Access?
Have you tried: AND Works.ThisInventory not in (#listQualify(valueList(getActiveWorks.ThisReference),"'")#) ?? Dave -Original Message- From: David Moore [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 20, 2008 1:18 PM To: CF-Talk Subject: Query Too Complex for Access? I know I am setting myself up for another "Query too complex" issue, so before I start I thought I would ask for suggestions. I run into this when I have to reference two different Access databases that are Client imposed (don't ask). Basically, I have to use one for active data and one to show available date (minus the active data). This is, of coures, where the problem comes in. The queries will help: SELECT * FROM Works WHERE Works.PageReference = #FORM.ThisPage# AND Works.TypeReference = '#FORM.ThisType#' SELECT * FROM Works, Artists WHERE Artists.ArtistNumber = Works.ArtistNumber AND Works.Type = '#FORM.ThisType#' AND Works.ThisInventory <> '#getActiveWorks.ThisReference#' ORDER BY Works.Title Asc Where the cfloop is is where the problem is going to come into play when the "Active Works" get to a certain level and the Query becomes "Too Complex". What is the Best way to handle this? I am using CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311309 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
cfgrid and cfform enctype="multipart/form-data"
Greetings! I'm having a problem with cfgrid and I need some assistance. Whenever I try to submit an HTML format grid with the enctype="multipart/form-data" attribute applied to the cfform tag, I receive "The submitted cfgrid form field is corrupt (name: __CFGRID__MYTEST__MYGRID value: ,__CFGRID__COLUMN__=DESCRIPTION; __CFGRID__DATA__=my Test 1)" as an error. Traditionally, I would look for semicolons in the grid data. This time, it appears as though the "myGrid" field is being passed twice to the action page. If I remove the enctype attribute, the form works and submits the grid data just fine. Has anyone else experienced this and/or have a workaround? variables.myQuery = queryNew("ID,Description","integer,varchar"); queryAddRow(variables.myQuery,1); querySetCell(variables.myQuery,"ID",1); querySetCell(variables.myQuery,"Description","my Test 1"); queryAddRow(variables.myQuery,1); querySetCell(variables.myQuery,"ID",2); querySetCell(variables.myQuery,"Description","my Test 2"); TIA... I sincerely appreciate any input you have. David Byers Applications Developer - Internet Shift4 Corporation 1491 Center Crossing Road Las Vegas, NV 89144-7047 702.597.2480 fax 702.597.2499 www.shift4.com [EMAIL PROTECTED] Shift4 Corporation Copyright and Confidentiality Statement The information contained in this electronic mail message may be proprietary to, confidential to, privileged information of, and/or the copyright of the Shift4 Corporation. It may be controlled in part or in full by contracted relationship and/or non-disclosure documentation. It is intended solely for the addressee(s). ACCESS BY ANY OTHER PARTY IS UNAUTHORIZED AND STRICTLY FORBIDDEN. The sender does not waive any related rights and obligations. If this message (or any attachments contained therein) has been sent to your organization in error, or have been otherwise intercepted, please do not review, distribute, or copy contents. Please reply to the sender that "A MESSAGE WAS RECEIVED IN ERROR" and then please delete the message including all related attachments from all (where applicable) email transfer agents, message stores, email gateways, email scanning systems, and/or logging systems. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311308 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Query Too Complex for Access?
I know I am setting myself up for another "Query too complex" issue, so before I start I thought I would ask for suggestions. I run into this when I have to reference two different Access databases that are Client imposed (don't ask). Basically, I have to use one for active data and one to show available date (minus the active data). This is, of coures, where the problem comes in. The queries will help: SELECT * FROM Works WHERE Works.PageReference = #FORM.ThisPage# AND Works.TypeReference = '#FORM.ThisType#' SELECT * FROM Works, Artists WHERE Artists.ArtistNumber = Works.ArtistNumber AND Works.Type = '#FORM.ThisType#' AND Works.ThisInventory <> '#getActiveWorks.ThisReference#' ORDER BY Works.Title Asc Where the cfloop is is where the problem is going to come into play when the "Active Works" get to a certain level and the Query becomes "Too Complex". What is the Best way to handle this? I am using CF8, Windows Server 2003, and MS Access w/Unicode ODBC Connector. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311307 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
I am still getting around 50 to 75 attacks a day on about 20 of my websites. I applied the solution from JOCHEM that aborts the attach in the application.cfm file and then sends me an email. They just keep coming from different IP addresses so it is useless to do anything other than wait for the storm to pass and watch them eat up bandwidth. In the words of one of my all time favoritesAUGH! (that would be Charlie Brown for all you young ones) David G. Moore, Jr. UpstateWeb, LLC ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311306 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Increasing Max Memory
Yeah, the setting was part of 7. Steve, to clarify, log into your ColdFusion Administrator for that server. Click on the "Settings" menu under "Server Settings" There should be two settings in there that might affect you: Near the top of the page there is a setting called "Maximum size of post data" Change the number in the text input to be as large or larger than what you are trying to upload. Also, check out the "Request Throttle Memory" setting at the bottom of the page. ~Brad - Original Message - From: "Dave Watts" <[EMAIL PROTECTED]> To: "CF-Talk" Sent: Wednesday, August 20, 2008 11:38 AM Subject: RE: Increasing Max Memory ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311305 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Increasing Max Memory
> I'm trying to increase the allowed memory for CF to > accommodate large file uploads. I've experimented with > various settings, but can't seem to correlate them with the > file size I'm trying. Currently trying to upload a 300Mb > file. Have the following settings in the Java and JVM window: > Maximum JVM Heap Size (MB): 1024; JVM Arguments: -XX:MaxPermSize=384m. > > Upload attempt results in the error: > coldfusion.util.MemorySemaphore$MemoryUnavailableException: > Memory required (300616607 bytes) exceeds the maximum allowed memory. > > Are there other settings, or changes to the above, that will > allow me to perform this upload? The maximum memory you can allocate on a 32-bit Windows OS is less than 1.5 GB. You should be able to upload the file with 1 GB allocated, but you will need to change the maximum file upload size if you're using CF 8 (I don't remember if that option is in 7, off the top of my head). Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311304 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Increasing Max Memory
In CFAdmin if you go to Settings and scroll down to Request Size Limits, what are your settings there? I believe the Maximum Size of Post Data would need to be at least 300Mb. Kelly Steve Moore wrote: > I'm trying to increase the allowed memory for CF to accommodate large file > uploads. I've experimented with various settings, but can't seem to correlate > them with the file size I'm trying. Currently trying to upload a 300Mb file. > Have the following settings in the Java and JVM window: Maximum JVM Heap Size > (MB): 1024; JVM Arguments: -XX:MaxPermSize=384m. > > Upload attempt results in the error: > coldfusion.util.MemorySemaphore$MemoryUnavailableException: Memory required > (300616607 bytes) exceeds the maximum allowed memory. > > Are there other settings, or changes to the above, that will allow me to > perform this upload? > > Steve Moore > Larimer County Colorado > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311303 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Increasing Max Memory
I'm trying to increase the allowed memory for CF to accommodate large file uploads. I've experimented with various settings, but can't seem to correlate them with the file size I'm trying. Currently trying to upload a 300Mb file. Have the following settings in the Java and JVM window: Maximum JVM Heap Size (MB): 1024; JVM Arguments: -XX:MaxPermSize=384m. Upload attempt results in the error: coldfusion.util.MemorySemaphore$MemoryUnavailableException: Memory required (300616607 bytes) exceeds the maximum allowed memory. Are there other settings, or changes to the above, that will allow me to perform this upload? Steve Moore Larimer County Colorado ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311302 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFDocument Header Not Responding to Font-Size
I know this was months ago, but I've just had the same problem and the correct answer was google hit number 41... in CF8 (but not CF7) the header and footer are forced within margintop and marginbottom. so no matter how big you make your text and images, if you leave the default margins they'll be tiny. try: >Hey Everyone - >Just wondering if other people can duplicate this: > >If I put this in my CFDocument: >I >am in the Body > >The text fonts, weights, and sizes correctly. > >If I put this in my CFDocumentitem type="header" (inside my CFDocument): >I >am in the Header > >The text fonts and weights, but does not size (size is default size). > >If this can be duplicated, is this a bug, is this something I can work >around (and if yes, what would be the process to work around this problem?). > >Thanks - >Stephen ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311301 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Anyone going to BFlex / BFusion and wants to share a ride?
There's a FREE 2 day ColdFusion / Flex conference coming up in two weeks (September 6th & 7th) in Bloomington, Indiana (close to Indy): http://bflex.info/ I'm going, but wanted to find out if if there's anyone in the Nashville, TN area that was interested in going so that we can share gas money going up. It's about a 4-5 hour drive and I'm planning on leaving a little early on Friday to get up there for some hang time before it starts. So I guess anyone in Memphis, Knoxville, Chattanooga, Birmingham, etc. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311300 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4