Re: Oracle 11g
The ironic drawback is that the Oracle drivers don't support stored procedures which the DD drivers do. And we need that. The current delivered drivers support just 10g. On Tue, Oct 28, 2008 at 18:29, AJ Mercer <[EMAIL PROTECTED]> wrote: > you can do a JDBC connect then use the drivers from your Oracle client > > Here are a couple of blog posts to get your started >http://www.talkingtree.com/blog/index.cfm/2005/11/14/Oracle10gJDBCHowTo > > http://blog.sixsigns.com/2008/01/25/configure-the-jdbc-driver-for-oracle-on-coldfusion-8-standard-edition/ > > > > > On Tue, Oct 28, 2008 at 9:45 PM, Maureen Barger <[EMAIL PROTECTED]> wrote: > >> Hi - does anyone know of any plans to push out free DataDirect drivers >> (an updated macromedia.jar) in support of Oracle 11g? >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314513 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Oracle 11g
you can do a JDBC connect then use the drivers from your Oracle client Here are a couple of blog posts to get your started http://www.talkingtree.com/blog/index.cfm/2005/11/14/Oracle10gJDBCHowTo http://blog.sixsigns.com/2008/01/25/configure-the-jdbc-driver-for-oracle-on-coldfusion-8-standard-edition/ On Tue, Oct 28, 2008 at 9:45 PM, Maureen Barger <[EMAIL PROTECTED]> wrote: > Hi - does anyone know of any plans to push out free DataDirect drivers > (an updated macromedia.jar) in support of Oracle 11g? > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314512 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Adding & Updating empty values
Ah! Thank you! I've been looking for resources like this! Excellent! Thank you! -Original Message- From: Gerald Guido [mailto:[EMAIL PROTECTED] Sent: October-28-08 6:27 PM To: cf-talk Subject: Re: Adding & Updating empty values Rick, It may be time to make yourself acquainted with the wonderful world of code generators. Here is a partial list of the various offerings. I make heavy use of cfcgenerator and cfcblaster. I rarely create CRUD's by hand. http://code.google.com/p/cfcgenerator/ http://completecodegen.riaforge.org/ http://beanmachine.riaforge.org/ http://mrmx.blogspot.com/2006/09/cfcblaster-simple-code-generator.html http://cfcstub.riaforge.org/ Happy coding. ~G~ On Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Is that the only way? > > It's a questionnaire form with 50 questions! You mean I have to do a > for every question and assign it a blank value if there's no value!? > > -Original Message- > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:42 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > wrap it in a so.. > > > > > Rob > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Hey all, > > > > > > > > In my form some values may be left empty. For example a form field named > > q1. > > > > It's fine if it's empty because the user can go back and fill it in later > > if > > they wish. > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want > to > > do is enter an empty value. How can I allow it to do that for insert and > > updates? > > > > > > > > Thanks! > > > > > > > > LogoSig > > > > Rick Sanders > > > > Webenergy > > > > Canada: 902-431-7279 > > > > USA: 919-799-9076 > > > > Canada: www.webenergy.ca > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314511 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: admin api login error handling
Thanks fellas. That was pretty silly. I didn't think hard enough about it I guess haha. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314510 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Adding & Updating empty values
I forgot squidhead http://squidhead.riaforge.org/ On Tue, Oct 28, 2008 at 5:27 PM, Gerald Guido <[EMAIL PROTECTED]>wrote: > Rick, > It may be time to make yourself acquainted with the wonderful world of code > generators. Here is a partial list of the various offerings. I make heavy > use of cfcgenerator and cfcblaster. I rarely create CRUD's by hand. > > > http://code.google.com/p/cfcgenerator/ > http://completecodegen.riaforge.org/ > http://beanmachine.riaforge.org/ > http://mrmx.blogspot.com/2006/09/cfcblaster-simple-code-generator.html > http://cfcstub.riaforge.org/ > > > Happy coding. > > ~G~ > > -- Gerald Guido http://www.myinternetisbroken.com "Neurotics build castles in the air, psychotics live in them. My mother cleans them." -- Rita Rudner ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314509 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Adding & Updating empty values
Rick, It may be time to make yourself acquainted with the wonderful world of code generators. Here is a partial list of the various offerings. I make heavy use of cfcgenerator and cfcblaster. I rarely create CRUD's by hand. http://code.google.com/p/cfcgenerator/ http://completecodegen.riaforge.org/ http://beanmachine.riaforge.org/ http://mrmx.blogspot.com/2006/09/cfcblaster-simple-code-generator.html http://cfcstub.riaforge.org/ Happy coding. ~G~ On Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Is that the only way? > > It's a questionnaire form with 50 questions! You mean I have to do a > for every question and assign it a blank value if there's no value!? > > -Original Message- > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:42 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > wrap it in a so.. > > > > > Rob > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Hey all, > > > > > > > > In my form some values may be left empty. For example a form field named > > q1. > > > > It's fine if it's empty because the user can go back and fill it in later > > if > > they wish. > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want > to > > do is enter an empty value. How can I allow it to do that for insert and > > updates? > > > > > > > > Thanks! > > > > > > > > LogoSig > > > > Rick Sanders > > > > Webenergy > > > > Canada: 902-431-7279 > > > > USA: 919-799-9076 > > > > Canada: www.webenergy.ca > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314508 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
Be sure that one of the radio options is checked by default. Yes That way you should never get an empty radio, but the user still has to choose "yes" where appropriate. >Yup, you're right. > >It's the radio buttons that are giving me the hassle! > >text fields are defined even if they are empty. the value is simply an >empty string. > > > >is ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314507 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CF8 HTML CFGRID with checkbox possible with binding?
So are the docs wrong? Because that's not what happens. >If your cfgrid is marked as selectMode='edit', and your cfgridcolumn has >a type='boolean' (and the cell is editable, which should be the >default), then the docs say: > >boolean: column displays as check box; if cell is editable, user can >change the check mark. > >Steve "Cutter" Blades >Adobe Certified Professional >Advanced Macromedia ColdFusion MX 7 Developer >_ >http://blog.cutterscrossing.com > >Asim . wrote: >> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314506 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
here is a good method to add defaults for a form to the page you are posting to. NOTE: remember to remove the (name="submit") from your submit button. This way it will not be included in the form.fieldnames list. Another bug I have found is you cant name the form fields numeric as in For some reason coldfusion gets confused when trying to evaluate it and simply returns the field name and not the value. if you wish to get the value of the field use the evaluate function as so: #evaluate("#i#")# I use this method to insert into DB's without all the coding. Providing your column names are the same as your form fields. field name: #i# value: #evaluate("#i#")# >>> How do I get passed the "q1 is not defined in Form" CF error? All I want >to > >Actually, you'd never want to have to deal with "not defined" errors in your >core code. That's what is for, all form fields should be defined >(default them to "" if needed) higher up, along with form field validation, >and so on. > >--- Ben > > > >Write a code generator for it. > > >fill out the form, and loop over the #Form.FIELDNAMES# > >Like so > > > > >> > > > > > > > > >> Is that the only way? >> >> It's a questionnaire form with 50 questions! You mean I have to do a > >later ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314505 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4>
Re: admin api login error handling
> I've never really used the admin api until today. I'm having a problem > catching a bad login. I tried wrapping the instantiation/login in a > try catch, but it seems to be ignoring the catch. Is there any easy > way to catch a bad admin api login? I'm not seeing anything in the > docs or examples I've found. If you mean administrator.login(), it returns a boolean (ie True if the login was successful). ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314504 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: admin api login error handling
Try this The result is True or False Wil Genovese On Tue, Oct 28, 2008 at 3:36 PM, Dana Kowalski <[EMAIL PROTECTED]>wrote: > I've never really used the admin api until today. I'm having a problem > catching a bad login. I tried wrapping the instantiation/login in a try > catch, but it seems to be ignoring the catch. Is there any easy way to catch > a bad admin api login? I'm not seeing anything in the docs or examples I've > found. > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314503 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
On Tue, Oct 28, 2008 at 1:36 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > I agree, but I still have to enter all the form field names in the > anyways so I'm not really gaining anything. Coding templates are your friend. But regardless, I offered a suggestion to solve this earlier in a message that perhaps you missed. If you are basically matching form fields against the db, just do something like this: SELECT field1, field2, field3 FROM footable WHERE 0=1 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314502 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
well, is shorter than: do stuff especially over 50 iterations :) On Tue, Oct 28, 2008 at 1:36 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > I agree, but I still have to enter all the form field names in the > > anyways so I'm not really gaining anything. > > -Original Message- > From: Ben Forta [mailto:[EMAIL PROTECTED] > Sent: October-28-08 5:32 PM > To: cf-talk > Subject: RE: Adding & Updating empty values > > >> How do I get passed the "q1 is not defined in Form" CF error? All I want > to > >> do is enter an empty value. How can I allow it to do that for insert > >> and updates? > > Actually, you'd never want to have to deal with "not defined" errors in > your > core code. That's what is for, all form fields should be defined > (default them to "" if needed) higher up, along with form field validation, > and so on. > > --- Ben > > > > -Original Message- > From: Gerald Guido [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 28, 2008 4:10 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > Write a code generator for it. > > > fill out the form, and loop over the #Form.FIELDNAMES# > > Like so > > > > >> > > > > > > > On Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Is that the only way? > > > > It's a questionnaire form with 50 questions! You mean I have to do a > > > for every question and assign it a blank value if there's no value!? > > > > -Original Message- > > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > > Sent: October-28-08 4:42 PM > > To: cf-talk > > Subject: Re: Adding & Updating empty values > > > > wrap it in a so.. > > > > > > > > > > Rob > > > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > > > Hey all, > > > > > > > > > > > > In my form some values may be left empty. For example a form field > named > > > q1. > > > > > > It's fine if it's empty because the user can go back and fill it in > later > > > if > > > they wish. > > > > > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I > want > > to > > > do is enter an empty value. How can I allow it to do that for insert > and > > > updates? > > > > > > > > > > > > Thanks! > > > > > > > > > > > > LogoSig > > > > > > Rick Sanders > > > > > > Webenergy > > > > > > Canada: 902-431-7279 > > > > > > USA: 919-799-9076 > > > > > > Canada: www.webenergy.ca > > > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314501 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4>
admin api login error handling
I've never really used the admin api until today. I'm having a problem catching a bad login. I tried wrapping the instantiation/login in a try catch, but it seems to be ignoring the catch. Is there any easy way to catch a bad admin api login? I'm not seeing anything in the docs or examples I've found. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314500 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Adding & Updating empty values
I agree, but I still have to enter all the form field names in the anyways so I'm not really gaining anything. -Original Message- From: Ben Forta [mailto:[EMAIL PROTECTED] Sent: October-28-08 5:32 PM To: cf-talk Subject: RE: Adding & Updating empty values >> How do I get passed the "q1 is not defined in Form" CF error? All I want to >> do is enter an empty value. How can I allow it to do that for insert >> and updates? Actually, you'd never want to have to deal with "not defined" errors in your core code. That's what is for, all form fields should be defined (default them to "" if needed) higher up, along with form field validation, and so on. --- Ben -Original Message- From: Gerald Guido [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 4:10 PM To: cf-talk Subject: Re: Adding & Updating empty values Write a code generator for it. fill out the form, and loop over the #Form.FIELDNAMES# Like soOn Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Is that the only way? > > It's a questionnaire form with 50 questions! You mean I have to do a > for every question and assign it a blank value if there's no value!? > > -Original Message- > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:42 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > wrap it in a so.. > > > > > Rob > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Hey all, > > > > > > > > In my form some values may be left empty. For example a form field named > > q1. > > > > It's fine if it's empty because the user can go back and fill it in later > > if > > they wish. > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want > to > > do is enter an empty value. How can I allow it to do that for insert and > > updates? > > > > > > > > Thanks! > > > > > > > > LogoSig > > > > Rick Sanders > > > > Webenergy > > > > Canada: 902-431-7279 > > > > USA: 919-799-9076 > > > > Canada: www.webenergy.ca > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314499 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Adding & Updating empty values
>> How do I get passed the "q1 is not defined in Form" CF error? All I want to >> do is enter an empty value. How can I allow it to do that for insert >> and updates? Actually, you'd never want to have to deal with "not defined" errors in your core code. That's what is for, all form fields should be defined (default them to "" if needed) higher up, along with form field validation, and so on. --- Ben -Original Message- From: Gerald Guido [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2008 4:10 PM To: cf-talk Subject: Re: Adding & Updating empty values Write a code generator for it. fill out the form, and loop over the #Form.FIELDNAMES# Like soOn Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Is that the only way? > > It's a questionnaire form with 50 questions! You mean I have to do a > for every question and assign it a blank value if there's no value!? > > -Original Message- > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:42 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > wrap it in a so.. > > > > > Rob > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Hey all, > > > > > > > > In my form some values may be left empty. For example a form field named > > q1. > > > > It's fine if it's empty because the user can go back and fill it in later > > if > > they wish. > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want > to > > do is enter an empty value. How can I allow it to do that for insert and > > updates? > > > > > > > > Thanks! > > > > > > > > LogoSig > > > > Rick Sanders > > > > Webenergy > > > > Canada: 902-431-7279 > > > > USA: 919-799-9076 > > > > Canada: www.webenergy.ca > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314498 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
Judah McAuley wrote: > Barney's solution is good but doesn't change the fact that you are > authenticating based on a piece of information that someone else can > grab (a cookie). I understand that one of your requirements is that > people not have to use a username and password to log in every time. > That just means that a level of insecurity is built into your > application. That can be mitigated to some extent though. *nods* I agree it isn't Fort Knox, but it's enough security for the information provided. > Make sure that cookie reads and writes take place over SSL. That way > people can't easily grab the cookie value over the wire. I don't have access to SSL on my hosting server. So that isn't an option for me. > Include, as > Barney mentioned, an expiration date and keep it short. Change the > value of the cookie each time the user visits. That way if I do steal > your cookie, I can only use it for a short time and when the real user > goes to visit, they won't have the correct cookie anyore and will have > to log in, therefore invalidating the old cookie. *nods* I keep it for a day. With the level of traffic and return times for people, that seems to work the best. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314497 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
>The first way I read that line, is this is a company that already deals > >If they do not do this, then much work and risk is ahead for you and them. ;P Thanks, Ian. Unfortunately, it's the latter. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314496 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
> When you say "You know the secret key", are you referring to the site or > the user? Sorry, I wasn't very clear. The site knows the key, so only the site can validate the contents of cookies. > Either way, how would this stop someone from copying the key and using > it on another computer? Yes, they could certainly do that. But they can't change the values or it won't validate when it gets server-side. Which means you can use incredibly tight expirations (or use single-use IDs) to prevent attackers from being able to steal and use the cookies. Because of the secret key, attackers can't create their own modified cookies either. It's not foolproof, of course, since if you're really on the ball you can grab a cookie and use it before the person it was sent to gets a chance to use it. If you have that in place, it's easy to do session locking if an attack is detected. I.e. if you double-use an ID, no cookies for that account are accepted and all users have to log in again manually. Like anything else, it's not foolproof. Security never is. Even x509 is vulnerable to private key theft. cheers, barneyb On Tue, Oct 28, 2008 at 1:22 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > When you say "You know the secret key", are you referring to the site or > the user? > > Either way, how would this stop someone from copying the key and using > it on another computer? > > Let's say the phrase "SecretKey" was the secret key.. So my cookie would > look like this.. > > PVector:1/1/2010:7f98w7f9f98wfh9wh6f976h326 > > So... What is to stop someone from taking that cookie and using it on > their machine? This doesn't seem to increase security at all. > > > Barney Boisvert wrote: >> create your cookie like this: >> >> #userId#:#expirationDate#:#hash(userId & expirationDate & yourSecretKey)# >> >> Then you can ensure the cookie came from you and that it hasn't been >> manipulated, because only you can properly create the hash (because >> only you know the secret key). >> >> cheers, >> barneyb >> >> On Tue, Oct 28, 2008 at 1:10 PM, Phillip M. Vector >> <[EMAIL PROTECTED]> wrote: >>> So how do you suggest I validate the cookie without requiring User input >>> (invalidating the purpose of the cookie in the first place)? >>> >>> Barney Boisvert wrote: A spin attack is when you manipulate some form of captured user input. It's usually a number, so the name comes from spinning a numeric dial. Any user input, which includes cookies, has to be validated. If you just trust the cookie, anyone who steals the cookie can impersonate the user. Even encrypting it doesn't help, because the attacker doesn't need the actual value, he just has to pass the cookie. On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > Perhaps you weren't reading it clearly. Allow me to explain. > > I give the UserID (in UUID form and encrypted) out when someone hits my > site. > > When a user has it, I load up that profile and they "log in" to the site. > > If a user doesn't have it, they need to log in with a username and > password. > > I fail to see why this is insecure. How do you suggest that I > authenticate that it's the correct person without any user input and > allowing them to log into the site from more then one computer/ip? > > and I'm not falimiar with a spin attack. What is that? > > Barney Boisvert wrote: >> WHAT You store a userId in a cookie and trust it Are you >> mad??? Numbers are as inherently secure as UUIDs - they're both >> simply identifiers. Authentication and authorization are where >> security happens. If an application is susceptible to spin attacks >> like that, I suppose that a UUID might assist to some degree, but much >> better to just prevent the spin attack. >> >> cheers, >> barneyb >> >> On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector >> <[EMAIL PROTECTED]> wrote: >>> Oh.. I have that as well. But take for example the UserID that I store >>> as a cookie to someone else based on the UserID field. >>> >>> It's easy to change a cookie to a 1 and hope to get admin access. >>> >>> It's harder to figure out someone elses ID. :) >>> >>> and yeah, I can set it to the IP and so on, but honestly, using a UUID >>> is allot more secure then auto increase. >>> >>> Matt Quackenbush wrote: On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > The only thing I've noticed in using that is that you can guess the > next > number. > > If you have a URL string of id set to 7, I've always tried manually > typing in 6 and seeing what happens. Sometimes, 5. :) > > That's what permission checking in your application is for. :-) >>> >> >> > >
Re: Random record identifiers in MySQL 5.0
Well, I set the cookie every page load, but you are saying.. If the cookie doesn't match up with what the last "Counter" I used (I.e. if the cookie shows a counterID of 5 and it should be a 6), then redirect to the login. Right? If that's correct, once they stop using the page, what's to prevent someone from grabbing the last cookie and using it? Also, I can't see how it makes it easy to handle multiple tabs to the site feasible. If I'm mistaken in understand what you are suggesting, please explain. I'm honestly curious how I can do this any better then I am already. Barney Boisvert wrote: > The simplest mechanism is to only allow a cookie to be used once, and > then reset it each request. You get the cookie, ensure it's valid, > ensure the id hasn't been used before, create a new cookie, set it, > and then process the request. If the cookie isn't valid or the id has > been used, you clear the cookie and redirect to the login form. You > can do the same thing but only check the cookie if the CF session > isn't already considered authenticated. That'll reduce the amount of > checking you have to do, but significantly reduces the security. > > And unless you're on SSL it's easy to grab cookies without machine > access. Even with SSL it can still be done in some cases. > > cheers, > barneyb > > On Tue, Oct 28, 2008 at 12:56 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> If you managed to copy a cookie to your machine, then either 1 of 2 >> things happened. >> >> 1) I gave you permission to do so and therefore, I understand the >> concept that I'm giving you my ID on the site basically. >> 2) You took it without me knowing. This would involve you accessing my >> computer in some way and if I don't know you well enough to trust you, >> then you aren't going to access my machine. Anyway, you can just log >> into the site from my machine anyway. :) >> >> I should also point out that there is a "Logout" function that removes >> the cookie. So people who are security conscious can log out if needed. >> >> Either way, how do you suggest I "authenticate" a person with the cookie >> to make sure it's really the proper user without having the user >> re-login to the site? I suppose I can have them relog in if their IP >> changes, but IP's can be faked as well. >> >> Judah McAuley wrote: >>> What if I copied your cookie to my machine? I go to your site, it >>> checks to see if I have a cookie, I do, so it grabs the encrypted UUID >>> value in that cookie, checks it against your db, matches your record, >>> then logs me in as you. >>> >>> I don't have to know the value of the UUID. It doesn't matter that it >>> is encrypted. I only have to have the same value that you do. >>> >>> Judah >>> >>> On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector >>> <[EMAIL PROTECTED]> wrote: Perhaps you weren't reading it clearly. Allow me to explain. I give the UserID (in UUID form and encrypted) out when someone hits my site. When a user has it, I load up that profile and they "log in" to the site. If a user doesn't have it, they need to log in with a username and password. I fail to see why this is insecure. How do you suggest that I authenticate that it's the correct person without any user input and allowing them to log into the site from more then one computer/ip? and I'm not falimiar with a spin attack. What is that? Barney Boisvert wrote: > WHAT You store a userId in a cookie and trust it Are you > mad??? Numbers are as inherently secure as UUIDs - they're both > simply identifiers. Authentication and authorization are where > security happens. If an application is susceptible to spin attacks > like that, I suppose that a UUID might assist to some degree, but much > better to just prevent the spin attack. > > cheers, > barneyb > > On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> Oh.. I have that as well. But take for example the UserID that I store >> as a cookie to someone else based on the UserID field. >> >> It's easy to change a cookie to a 1 and hope to get admin access. >> >> It's harder to figure out someone elses ID. :) >> >> and yeah, I can set it to the IP and so on, but honestly, using a UUID >> is allot more secure then auto increase. >> >> Matt Quackenbush wrote: >>> On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: >>> The only thing I've noticed in using that is that you can guess the next number. If you have a URL string of id set to 7, I've always tried manually typing in 6 and seeing what happens. Sometimes, 5. :) >>> That's what permission checking in your application is for. :-) >>> >>> >>> >>> >> > > ~
Re: Random record identifiers in MySQL 5.0
I would add the following: Barney's solution is good but doesn't change the fact that you are authenticating based on a piece of information that someone else can grab (a cookie). I understand that one of your requirements is that people not have to use a username and password to log in every time. That just means that a level of insecurity is built into your application. That can be mitigated to some extent though. Make sure that cookie reads and writes take place over SSL. That way people can't easily grab the cookie value over the wire. Include, as Barney mentioned, an expiration date and keep it short. Change the value of the cookie each time the user visits. That way if I do steal your cookie, I can only use it for a short time and when the real user goes to visit, they won't have the correct cookie anyore and will have to log in, therefore invalidating the old cookie. Not fool proof, but better. Judah On Tue, Oct 28, 2008 at 1:14 PM, Barney Boisvert <[EMAIL PROTECTED]> wrote: > create your cookie like this: > > #userId#:#expirationDate#:#hash(userId & expirationDate & yourSecretKey)# > > Then you can ensure the cookie came from you and that it hasn't been > manipulated, because only you can properly create the hash (because > only you know the secret key). > > cheers, > barneyb ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314493 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
The simplest mechanism is to only allow a cookie to be used once, and then reset it each request. You get the cookie, ensure it's valid, ensure the id hasn't been used before, create a new cookie, set it, and then process the request. If the cookie isn't valid or the id has been used, you clear the cookie and redirect to the login form. You can do the same thing but only check the cookie if the CF session isn't already considered authenticated. That'll reduce the amount of checking you have to do, but significantly reduces the security. And unless you're on SSL it's easy to grab cookies without machine access. Even with SSL it can still be done in some cases. cheers, barneyb On Tue, Oct 28, 2008 at 12:56 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > If you managed to copy a cookie to your machine, then either 1 of 2 > things happened. > > 1) I gave you permission to do so and therefore, I understand the > concept that I'm giving you my ID on the site basically. > 2) You took it without me knowing. This would involve you accessing my > computer in some way and if I don't know you well enough to trust you, > then you aren't going to access my machine. Anyway, you can just log > into the site from my machine anyway. :) > > I should also point out that there is a "Logout" function that removes > the cookie. So people who are security conscious can log out if needed. > > Either way, how do you suggest I "authenticate" a person with the cookie > to make sure it's really the proper user without having the user > re-login to the site? I suppose I can have them relog in if their IP > changes, but IP's can be faked as well. > > Judah McAuley wrote: >> What if I copied your cookie to my machine? I go to your site, it >> checks to see if I have a cookie, I do, so it grabs the encrypted UUID >> value in that cookie, checks it against your db, matches your record, >> then logs me in as you. >> >> I don't have to know the value of the UUID. It doesn't matter that it >> is encrypted. I only have to have the same value that you do. >> >> Judah >> >> On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector >> <[EMAIL PROTECTED]> wrote: >>> Perhaps you weren't reading it clearly. Allow me to explain. >>> >>> I give the UserID (in UUID form and encrypted) out when someone hits my >>> site. >>> >>> When a user has it, I load up that profile and they "log in" to the site. >>> >>> If a user doesn't have it, they need to log in with a username and password. >>> >>> I fail to see why this is insecure. How do you suggest that I >>> authenticate that it's the correct person without any user input and >>> allowing them to log into the site from more then one computer/ip? >>> >>> and I'm not falimiar with a spin attack. What is that? >>> >>> Barney Boisvert wrote: WHAT You store a userId in a cookie and trust it Are you mad??? Numbers are as inherently secure as UUIDs - they're both simply identifiers. Authentication and authorization are where security happens. If an application is susceptible to spin attacks like that, I suppose that a UUID might assist to some degree, but much better to just prevent the spin attack. cheers, barneyb On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > Oh.. I have that as well. But take for example the UserID that I store > as a cookie to someone else based on the UserID field. > > It's easy to change a cookie to a 1 and hope to get admin access. > > It's harder to figure out someone elses ID. :) > > and yeah, I can set it to the IP and so on, but honestly, using a UUID > is allot more secure then auto increase. > > Matt Quackenbush wrote: >> On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: >> >>> The only thing I've noticed in using that is that you can guess the next >>> number. >>> >>> If you have a URL string of id set to 7, I've always tried manually >>> typing in 6 and seeing what happens. Sometimes, 5. :) >>> >>> >> That's what permission checking in your application is for. :-) >> >> >> >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314492 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
When you say "You know the secret key", are you referring to the site or the user? Either way, how would this stop someone from copying the key and using it on another computer? Let's say the phrase "SecretKey" was the secret key.. So my cookie would look like this.. PVector:1/1/2010:7f98w7f9f98wfh9wh6f976h326 So... What is to stop someone from taking that cookie and using it on their machine? This doesn't seem to increase security at all. Barney Boisvert wrote: > create your cookie like this: > > #userId#:#expirationDate#:#hash(userId & expirationDate & yourSecretKey)# > > Then you can ensure the cookie came from you and that it hasn't been > manipulated, because only you can properly create the hash (because > only you know the secret key). > > cheers, > barneyb > > On Tue, Oct 28, 2008 at 1:10 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> So how do you suggest I validate the cookie without requiring User input >> (invalidating the purpose of the cookie in the first place)? >> >> Barney Boisvert wrote: >>> A spin attack is when you manipulate some form of captured user input. >>> It's usually a number, so the name comes from spinning a numeric >>> dial. Any user input, which includes cookies, has to be validated. >>> If you just trust the cookie, anyone who steals the cookie can >>> impersonate the user. Even encrypting it doesn't help, because the >>> attacker doesn't need the actual value, he just has to pass the >>> cookie. >>> >>> On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector >>> <[EMAIL PROTECTED]> wrote: Perhaps you weren't reading it clearly. Allow me to explain. I give the UserID (in UUID form and encrypted) out when someone hits my site. When a user has it, I load up that profile and they "log in" to the site. If a user doesn't have it, they need to log in with a username and password. I fail to see why this is insecure. How do you suggest that I authenticate that it's the correct person without any user input and allowing them to log into the site from more then one computer/ip? and I'm not falimiar with a spin attack. What is that? Barney Boisvert wrote: > WHAT You store a userId in a cookie and trust it Are you > mad??? Numbers are as inherently secure as UUIDs - they're both > simply identifiers. Authentication and authorization are where > security happens. If an application is susceptible to spin attacks > like that, I suppose that a UUID might assist to some degree, but much > better to just prevent the spin attack. > > cheers, > barneyb > > On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> Oh.. I have that as well. But take for example the UserID that I store >> as a cookie to someone else based on the UserID field. >> >> It's easy to change a cookie to a 1 and hope to get admin access. >> >> It's harder to figure out someone elses ID. :) >> >> and yeah, I can set it to the IP and so on, but honestly, using a UUID >> is allot more secure then auto increase. >> >> Matt Quackenbush wrote: >>> On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: >>> The only thing I've noticed in using that is that you can guess the next number. If you have a URL string of id set to 7, I've always tried manually typing in 6 and seeing what happens. Sometimes, 5. :) >>> That's what permission checking in your application is for. :-) >>> >>> >>> >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314491 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Adding & Updating empty values
Yup, you're right. It's the radio buttons that are giving me the hassle! -Original Message- From: Charlie Griefer [mailto:[EMAIL PROTECTED] Sent: October-28-08 5:14 PM To: cf-talk Subject: Re: Adding & Updating empty values text fields are defined even if they are empty. the value is simply an empty string. On Tue, Oct 28, 2008 at 12:58 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > I hear you, and already did that for checkboxes. But, I have text fields > and > radio buttons in my form! > > > -Original Message- > From: Jason Fisher [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:47 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > The other option is to use "yes" and "no" radio buttons instead of > checkboxes, where the radio buttons default to "no". That way, the field > always exists, but you still get the difference between 1 and 0. Checkbox > that is unchecked really doesn't exist in the POST, so the CFIF solution is > pretty much required otherwise, yes. > > > > >Is that the only way? > > > >It's a questionnaire form with 50 questions! You mean I have to do a > > >for every question and assign it a blank value if there's no value!? > > > >wrap it in a so.. > > > > > > > > > >Rob > > > > > > > >to > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314490 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
then it looks as though there are a lot of CFIFs in your future. of course, if you are returning results in the format shown ie q1, q2, q3, you could throw it all into a loop and use an Evaluate statement to build the q# portion Rob On Tue, Oct 28, 2008 at 3:58 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > I hear you, and already did that for checkboxes. But, I have text fields > and > radio buttons in my form! > > > -Original Message- > From: Jason Fisher [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:47 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > The other option is to use "yes" and "no" radio buttons instead of > checkboxes, where the radio buttons default to "no". That way, the field > always exists, but you still get the difference between 1 and 0. Checkbox > that is unchecked really doesn't exist in the POST, so the CFIF solution is > pretty much required otherwise, yes. > > > > >Is that the only way? > > > >It's a questionnaire form with 50 questions! You mean I have to do a > > >for every question and assign it a blank value if there's no value!? > > > >wrap it in a so.. > > > > > > > > > >Rob > > > > > > > >to > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314489 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
create your cookie like this: #userId#:#expirationDate#:#hash(userId & expirationDate & yourSecretKey)# Then you can ensure the cookie came from you and that it hasn't been manipulated, because only you can properly create the hash (because only you know the secret key). cheers, barneyb On Tue, Oct 28, 2008 at 1:10 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > So how do you suggest I validate the cookie without requiring User input > (invalidating the purpose of the cookie in the first place)? > > Barney Boisvert wrote: >> A spin attack is when you manipulate some form of captured user input. >> It's usually a number, so the name comes from spinning a numeric >> dial. Any user input, which includes cookies, has to be validated. >> If you just trust the cookie, anyone who steals the cookie can >> impersonate the user. Even encrypting it doesn't help, because the >> attacker doesn't need the actual value, he just has to pass the >> cookie. >> >> On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector >> <[EMAIL PROTECTED]> wrote: >>> Perhaps you weren't reading it clearly. Allow me to explain. >>> >>> I give the UserID (in UUID form and encrypted) out when someone hits my >>> site. >>> >>> When a user has it, I load up that profile and they "log in" to the site. >>> >>> If a user doesn't have it, they need to log in with a username and password. >>> >>> I fail to see why this is insecure. How do you suggest that I >>> authenticate that it's the correct person without any user input and >>> allowing them to log into the site from more then one computer/ip? >>> >>> and I'm not falimiar with a spin attack. What is that? >>> >>> Barney Boisvert wrote: WHAT You store a userId in a cookie and trust it Are you mad??? Numbers are as inherently secure as UUIDs - they're both simply identifiers. Authentication and authorization are where security happens. If an application is susceptible to spin attacks like that, I suppose that a UUID might assist to some degree, but much better to just prevent the spin attack. cheers, barneyb On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > Oh.. I have that as well. But take for example the UserID that I store > as a cookie to someone else based on the UserID field. > > It's easy to change a cookie to a 1 and hope to get admin access. > > It's harder to figure out someone elses ID. :) > > and yeah, I can set it to the IP and so on, but honestly, using a UUID > is allot more secure then auto increase. > > Matt Quackenbush wrote: >> On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: >> >>> The only thing I've noticed in using that is that you can guess the next >>> number. >>> >>> If you have a URL string of id set to 7, I've always tried manually >>> typing in 6 and seeing what happens. Sometimes, 5. :) >>> >>> >> That's what permission checking in your application is for. :-) >> >> >> >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314488 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
text fields are defined even if they are empty. the value is simply an empty string. On Tue, Oct 28, 2008 at 12:58 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > I hear you, and already did that for checkboxes. But, I have text fields > and > radio buttons in my form! > > > -Original Message- > From: Jason Fisher [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:47 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > The other option is to use "yes" and "no" radio buttons instead of > checkboxes, where the radio buttons default to "no". That way, the field > always exists, but you still get the difference between 1 and 0. Checkbox > that is unchecked really doesn't exist in the POST, so the CFIF solution is > pretty much required otherwise, yes. > > > > >Is that the only way? > > > >It's a questionnaire form with 50 questions! You mean I have to do a > > >for every question and assign it a blank value if there's no value!? > > > >wrap it in a so.. > > > > > > > > > >Rob > > > > > > > >to > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314487 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Adding & Updating empty values
Use cfparam for all of your form fields, that way they exist for certain, and param them to an empty string (or 0 in the case of numbers). Actually, I tend to param them all to an empty string and then your sql query param fields will turn the empty string into an int/numeric for you (you are using them, right?). And if you decide that typing out the field names in the cfparams is too troublesome, you could always do a select against the table in a query, then loop over the column names in and do your cfparam in a loop dynamically. Judah On Tue, Oct 28, 2008 at 12:58 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > I hear you, and already did that for checkboxes. But, I have text fields and > radio buttons in my form! > > > -Original Message- > From: Jason Fisher [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:47 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > The other option is to use "yes" and "no" radio buttons instead of > checkboxes, where the radio buttons default to "no". That way, the field > always exists, but you still get the difference between 1 and 0. Checkbox > that is unchecked really doesn't exist in the POST, so the CFIF solution is > pretty much required otherwise, yes. > > > >>Is that the only way? >> >>It's a questionnaire form with 50 questions! You mean I have to do a >>for every question and assign it a blank value if there's no value!? >> >>wrap it in a so.. >> >> >> >> >>Rob >> >> >> >>to > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314486 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
So how do you suggest I validate the cookie without requiring User input (invalidating the purpose of the cookie in the first place)? Barney Boisvert wrote: > A spin attack is when you manipulate some form of captured user input. > It's usually a number, so the name comes from spinning a numeric > dial. Any user input, which includes cookies, has to be validated. > If you just trust the cookie, anyone who steals the cookie can > impersonate the user. Even encrypting it doesn't help, because the > attacker doesn't need the actual value, he just has to pass the > cookie. > > On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> Perhaps you weren't reading it clearly. Allow me to explain. >> >> I give the UserID (in UUID form and encrypted) out when someone hits my >> site. >> >> When a user has it, I load up that profile and they "log in" to the site. >> >> If a user doesn't have it, they need to log in with a username and password. >> >> I fail to see why this is insecure. How do you suggest that I >> authenticate that it's the correct person without any user input and >> allowing them to log into the site from more then one computer/ip? >> >> and I'm not falimiar with a spin attack. What is that? >> >> Barney Boisvert wrote: >>> WHAT You store a userId in a cookie and trust it Are you >>> mad??? Numbers are as inherently secure as UUIDs - they're both >>> simply identifiers. Authentication and authorization are where >>> security happens. If an application is susceptible to spin attacks >>> like that, I suppose that a UUID might assist to some degree, but much >>> better to just prevent the spin attack. >>> >>> cheers, >>> barneyb >>> >>> On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector >>> <[EMAIL PROTECTED]> wrote: Oh.. I have that as well. But take for example the UserID that I store as a cookie to someone else based on the UserID field. It's easy to change a cookie to a 1 and hope to get admin access. It's harder to figure out someone elses ID. :) and yeah, I can set it to the IP and so on, but honestly, using a UUID is allot more secure then auto increase. Matt Quackenbush wrote: > On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > >> The only thing I've noticed in using that is that you can guess the next >> number. >> >> If you have a URL string of id set to 7, I've always tried manually >> typing in 6 and seeing what happens. Sometimes, 5. :) >> >> > That's what permission checking in your application is for. :-) > > > >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314485 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
Well, then isDefined("form.q1") or structKeyExists(form, "q1") should both be true, whether or not q1 is blank. If you're getting the not defined error for a text input, then something else is going on ... is there a redirect or a layer of translation between the post and the processing or some layer that's not able to 'see' the form scope? >I hear you, and already did that for checkboxes. But, I have text fields and >radio buttons in my form! > > >The other option is to use "yes" and "no" radio buttons instead of >checkboxes, where the radio buttons default to "no". That way, the field >always exists, but you still get the difference between 1 and 0. Checkbox >that is unchecked really doesn't exist in the POST, so the CFIF solution is >pretty much required otherwise, yes. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314484 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Adding & Updating empty values
Write a code generator for it. fill out the form, and loop over the #Form.FIELDNAMES# Like soOn Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Is that the only way? > > It's a questionnaire form with 50 questions! You mean I have to do a > for every question and assign it a blank value if there's no value!? > > -Original Message- > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:42 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > wrap it in a so.. > > > > > Rob > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Hey all, > > > > > > > > In my form some values may be left empty. For example a form field named > > q1. > > > > It's fine if it's empty because the user can go back and fill it in later > > if > > they wish. > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want > to > > do is enter an empty value. How can I allow it to do that for insert and > > updates? > > > > > > > > Thanks! > > > > > > > > LogoSig > > > > Rick Sanders > > > > Webenergy > > > > Canada: 902-431-7279 > > > > USA: 919-799-9076 > > > > Canada: www.webenergy.ca > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314483 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
>> The client's exact words were: "I want visitors to fill out a form and >> submit it and get approved for a line of credit they can use to pay for >> services on my site." The first way I read that line, is this is a company that already deals with credit lines. If so, my first question would be "How do you do this currently." I.E. what is their process when a customer walks into their establishment and wants to open a line of credit. If they do do this, then start there and discuss how the on-line version could mesh with the current manual process. If they do not do this, then much work and risk is ahead for you and them. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314482 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Lines of credit or credit account online
Wow! All wonderful information, guys, and many different points that I'm sure my client has not considered. I really, really appreciate this. I guess I'm going to have to go back to this client and hash out the exact requirements before I can give the price estimate for this portion. But you all have given me a lot I can use to guide them to a final outcome -- thanks! Any other input is definitely welcome -- I'm not going to be talking to the client again until next week ... keep it coming! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314481 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFCHART & Developer Edition Watermark
Nope - just a single instance! -reed ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314480 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Adding & Updating empty values
I hear you, and already did that for checkboxes. But, I have text fields and radio buttons in my form! -Original Message- From: Jason Fisher [mailto:[EMAIL PROTECTED] Sent: October-28-08 4:47 PM To: cf-talk Subject: Re: Adding & Updating empty values The other option is to use "yes" and "no" radio buttons instead of checkboxes, where the radio buttons default to "no". That way, the field always exists, but you still get the difference between 1 and 0. Checkbox that is unchecked really doesn't exist in the POST, so the CFIF solution is pretty much required otherwise, yes. >Is that the only way? > >It's a questionnaire form with 50 questions! You mean I have to do a >for every question and assign it a blank value if there's no value!? > >wrap it in a so.. > > > > >Rob > > > >to ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314479 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
A spin attack is when you manipulate some form of captured user input. It's usually a number, so the name comes from spinning a numeric dial. Any user input, which includes cookies, has to be validated. If you just trust the cookie, anyone who steals the cookie can impersonate the user. Even encrypting it doesn't help, because the attacker doesn't need the actual value, he just has to pass the cookie. On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > Perhaps you weren't reading it clearly. Allow me to explain. > > I give the UserID (in UUID form and encrypted) out when someone hits my > site. > > When a user has it, I load up that profile and they "log in" to the site. > > If a user doesn't have it, they need to log in with a username and password. > > I fail to see why this is insecure. How do you suggest that I > authenticate that it's the correct person without any user input and > allowing them to log into the site from more then one computer/ip? > > and I'm not falimiar with a spin attack. What is that? > > Barney Boisvert wrote: >> WHAT You store a userId in a cookie and trust it Are you >> mad??? Numbers are as inherently secure as UUIDs - they're both >> simply identifiers. Authentication and authorization are where >> security happens. If an application is susceptible to spin attacks >> like that, I suppose that a UUID might assist to some degree, but much >> better to just prevent the spin attack. >> >> cheers, >> barneyb >> >> On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector >> <[EMAIL PROTECTED]> wrote: >>> Oh.. I have that as well. But take for example the UserID that I store >>> as a cookie to someone else based on the UserID field. >>> >>> It's easy to change a cookie to a 1 and hope to get admin access. >>> >>> It's harder to figure out someone elses ID. :) >>> >>> and yeah, I can set it to the IP and so on, but honestly, using a UUID >>> is allot more secure then auto increase. >>> >>> Matt Quackenbush wrote: On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > The only thing I've noticed in using that is that you can guess the next > number. > > If you have a URL string of id set to 7, I've always tried manually > typing in 6 and seeing what happens. Sometimes, 5. :) > > That's what permission checking in your application is for. :-) >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314478 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: RSS Issue
cfhttp is not neccessary here if you are using CF7 or above. Either... http://www4.esu.edu/news.xml";) /> ...or.. http://www4.esu.edu/news.xml"; query="qry_feed" /> CFFEED is CF8+ only: http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Tags_f_01.html HTH Dominic 2008/10/28 Steve LaBadie <[EMAIL PROTECTED]>: > I am pulling an RSS feed to my page using this code: > > > > > > http://www4.esu.edu/news.xml"; method="get"> > > > > > > > > > > > > #objRSS.rss.channel.item[i].title.xmltext# > > > > #objRSS.rss.channel.item[i].description.xmltext# > > | class="eventlink">more > > > > all news >>> > > > > > > If I use the closing tag I get an error stating FILECONTENT is > undefined, if I leave it off the page takes a long time to load. > > > > Any advice would be appreciated. > > > > Steve LaBadie, Web Manager > > East Stroudsburg University > > 200 Prospect St. > > East Stroudsburg, Pa 18301 > > 570-422-3999 > > http://www.esu.edu > > [EMAIL PROTECTED] > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314477 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
If you managed to copy a cookie to your machine, then either 1 of 2 things happened. 1) I gave you permission to do so and therefore, I understand the concept that I'm giving you my ID on the site basically. 2) You took it without me knowing. This would involve you accessing my computer in some way and if I don't know you well enough to trust you, then you aren't going to access my machine. Anyway, you can just log into the site from my machine anyway. :) I should also point out that there is a "Logout" function that removes the cookie. So people who are security conscious can log out if needed. Either way, how do you suggest I "authenticate" a person with the cookie to make sure it's really the proper user without having the user re-login to the site? I suppose I can have them relog in if their IP changes, but IP's can be faked as well. Judah McAuley wrote: > What if I copied your cookie to my machine? I go to your site, it > checks to see if I have a cookie, I do, so it grabs the encrypted UUID > value in that cookie, checks it against your db, matches your record, > then logs me in as you. > > I don't have to know the value of the UUID. It doesn't matter that it > is encrypted. I only have to have the same value that you do. > > Judah > > On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> Perhaps you weren't reading it clearly. Allow me to explain. >> >> I give the UserID (in UUID form and encrypted) out when someone hits my >> site. >> >> When a user has it, I load up that profile and they "log in" to the site. >> >> If a user doesn't have it, they need to log in with a username and password. >> >> I fail to see why this is insecure. How do you suggest that I >> authenticate that it's the correct person without any user input and >> allowing them to log into the site from more then one computer/ip? >> >> and I'm not falimiar with a spin attack. What is that? >> >> Barney Boisvert wrote: >>> WHAT You store a userId in a cookie and trust it Are you >>> mad??? Numbers are as inherently secure as UUIDs - they're both >>> simply identifiers. Authentication and authorization are where >>> security happens. If an application is susceptible to spin attacks >>> like that, I suppose that a UUID might assist to some degree, but much >>> better to just prevent the spin attack. >>> >>> cheers, >>> barneyb >>> >>> On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector >>> <[EMAIL PROTECTED]> wrote: Oh.. I have that as well. But take for example the UserID that I store as a cookie to someone else based on the UserID field. It's easy to change a cookie to a 1 and hope to get admin access. It's harder to figure out someone elses ID. :) and yeah, I can set it to the IP and so on, but honestly, using a UUID is allot more secure then auto increase. Matt Quackenbush wrote: > On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > >> The only thing I've noticed in using that is that you can guess the next >> number. >> >> If you have a URL string of id set to 7, I've always tried manually >> typing in 6 and seeing what happens. Sometimes, 5. :) >> >> > That's what permission checking in your application is for. :-) > > > >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314476 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Adding & Updating empty values
Or use radio buttons, so that your values always exist in the post method of the form. Rob On Tue, Oct 28, 2008 at 3:46 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Is that the only way? > > It's a questionnaire form with 50 questions! You mean I have to do a > for every question and assign it a blank value if there's no value!? > > -Original Message- > From: Rob Parkhill [mailto:[EMAIL PROTECTED] > Sent: October-28-08 4:42 PM > To: cf-talk > Subject: Re: Adding & Updating empty values > > wrap it in a so.. > > > > > Rob > > On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > > > Hey all, > > > > > > > > In my form some values may be left empty. For example a form field named > > q1. > > > > It's fine if it's empty because the user can go back and fill it in later > > if > > they wish. > > > > > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want > to > > do is enter an empty value. How can I allow it to do that for insert and > > updates? > > > > > > > > Thanks! > > > > > > > > LogoSig > > > > Rick Sanders > > > > Webenergy > > > > Canada: 902-431-7279 > > > > USA: 919-799-9076 > > > > Canada: www.webenergy.ca > > > > USA: www.webenergyusa.com > > > > > > > > > > > > > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314475 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
What if I copied your cookie to my machine? I go to your site, it checks to see if I have a cookie, I do, so it grabs the encrypted UUID value in that cookie, checks it against your db, matches your record, then logs me in as you. I don't have to know the value of the UUID. It doesn't matter that it is encrypted. I only have to have the same value that you do. Judah On Tue, Oct 28, 2008 at 12:46 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > Perhaps you weren't reading it clearly. Allow me to explain. > > I give the UserID (in UUID form and encrypted) out when someone hits my > site. > > When a user has it, I load up that profile and they "log in" to the site. > > If a user doesn't have it, they need to log in with a username and password. > > I fail to see why this is insecure. How do you suggest that I > authenticate that it's the correct person without any user input and > allowing them to log into the site from more then one computer/ip? > > and I'm not falimiar with a spin attack. What is that? > > Barney Boisvert wrote: >> WHAT You store a userId in a cookie and trust it Are you >> mad??? Numbers are as inherently secure as UUIDs - they're both >> simply identifiers. Authentication and authorization are where >> security happens. If an application is susceptible to spin attacks >> like that, I suppose that a UUID might assist to some degree, but much >> better to just prevent the spin attack. >> >> cheers, >> barneyb >> >> On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector >> <[EMAIL PROTECTED]> wrote: >>> Oh.. I have that as well. But take for example the UserID that I store >>> as a cookie to someone else based on the UserID field. >>> >>> It's easy to change a cookie to a 1 and hope to get admin access. >>> >>> It's harder to figure out someone elses ID. :) >>> >>> and yeah, I can set it to the IP and so on, but honestly, using a UUID >>> is allot more secure then auto increase. >>> >>> Matt Quackenbush wrote: On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > The only thing I've noticed in using that is that you can guess the next > number. > > If you have a URL string of id set to 7, I've always tried manually > typing in 6 and seeing what happens. Sometimes, 5. :) > > That's what permission checking in your application is for. :-) >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314474 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
The other option is to use "yes" and "no" radio buttons instead of checkboxes, where the radio buttons default to "no". That way, the field always exists, but you still get the difference between 1 and 0. Checkbox that is unchecked really doesn't exist in the POST, so the CFIF solution is pretty much required otherwise, yes. >Is that the only way? > >It's a questionnaire form with 50 questions! You mean I have to do a >for every question and assign it a blank value if there's no value!? > >wrap it in a so.. > > > > >Rob > > > >to ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314473 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
Aha, so the client is offering direct credit: "we'll let you buy up to $500 on our site and bill you later for it" or something along those lines? If that's the case, then they don't need a bank, but they'll need some pretty robust business rules: a) how do you verify that the person is 'good' for a $500 line on my site? b) how do you verify that the person placing an order today still has enough 'credit' left to make the current purchase? ($350 sale yesterday out of $500 line, means a $120 sale this afternoon is still good) c) how do you make sure that you can collect? if you offer credit and you send the $500 worth of ordered goods without payment, what's the penalty for non-payment? have to make sure that the lawyers are involved and that they agree they can make collections for you on the basis of whatever online agreement is signed with the customer; if the lawyers don't think your agreements for credit are tight enough for you to collect bad debt in court, then you better not be sending un-paid orders to anyone! I'm sure there are other risks as well, but these were my first 3 thoughts :) -Jason > That's a very good question. I'm not sure my client really knows which > one is needed and I have absolutely no knowledge of how this process > works ... so my answer is "Dunno!" > > The client's exact words were: "I want visitors to fill out a form and > submit it and get approved for a line of credit they can use to pay > for services on my site." > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314472 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Lines of credit or credit account online
Well, I guess that my suggestion should have been more full bodied to say that using a Credit Card as your line of credit would simplify the process, and there are lots of different ways to basically build that e-commerce-ness of a site without storing the data within your own site. I guess what needs to be asked is what is the client really after? As the way the statement is phrased, seems to lead to a very interesting solution, involving lots of potential pitfalls. Rob (I know storing credit card information is bad :) ) On Tue, Oct 28, 2008 at 3:37 PM, Phillip M. Vector < [EMAIL PROTECTED]> wrote: > Storing a credit card online is a very, VERY bad idea. > > If you go that route (Which WOULD be simplier), you may want to check > out a separate company to handle the transactions. I know Shift4 > (www.Shift4.com) is very good security wise (not good to work for, but > good in what they do). > > But storing credit card information (or at least enough information to > make a charge) is just asking for trouble. > > Rob Parkhill wrote: > > Why not just have them provide a credit card that you can keep on file. > It > > is already a line of credit :) > > Rob > > > > On Tue, Oct 28, 2008 at 3:26 PM, ColdFusion Developer < > [EMAIL PROTECTED]>wrote: > > > >>> Are you looking for an actual credit-check service with an API? or are > >>> you looking for the bank that would actually back the credit line? > >>> > >> That's a very good question. I'm not sure my client really knows which > one > >> is needed and I have absolutely no knowledge of how this process works > ... > >> so my answer is "Dunno!" > >> > >> The client's exact words were: "I want visitors to fill out a form and > >> submit it and get approved for a line of credit they can use to pay for > >> services on my site." > >> > >> > >> > >> > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314471 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
Perhaps you weren't reading it clearly. Allow me to explain. I give the UserID (in UUID form and encrypted) out when someone hits my site. When a user has it, I load up that profile and they "log in" to the site. If a user doesn't have it, they need to log in with a username and password. I fail to see why this is insecure. How do you suggest that I authenticate that it's the correct person without any user input and allowing them to log into the site from more then one computer/ip? and I'm not falimiar with a spin attack. What is that? Barney Boisvert wrote: > WHAT You store a userId in a cookie and trust it Are you > mad??? Numbers are as inherently secure as UUIDs - they're both > simply identifiers. Authentication and authorization are where > security happens. If an application is susceptible to spin attacks > like that, I suppose that a UUID might assist to some degree, but much > better to just prevent the spin attack. > > cheers, > barneyb > > On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> Oh.. I have that as well. But take for example the UserID that I store >> as a cookie to someone else based on the UserID field. >> >> It's easy to change a cookie to a 1 and hope to get admin access. >> >> It's harder to figure out someone elses ID. :) >> >> and yeah, I can set it to the IP and so on, but honestly, using a UUID >> is allot more secure then auto increase. >> >> Matt Quackenbush wrote: >>> On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: >>> The only thing I've noticed in using that is that you can guess the next number. If you have a URL string of id set to 7, I've always tried manually typing in 6 and seeing what happens. Sometimes, 5. :) >>> That's what permission checking in your application is for. :-) >>> >>> >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314470 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Prototype problems with cfgrid
I wonder if I used the Ext "Prototype Adapter" if that would do anything? Thoughts on that? On Tue, Oct 28, 2008 at 2:32 PM, Phillip M. Vector < [EMAIL PROTECTED]> wrote: > I've had the same issue. All I can offer is not to use prototype on the > page your cfgrid is in. > > Charles Lewis wrote: > > Hello everyone, this is my first post here on the Cf-Talk mailing list. > Hoping you guys can help me work through a problem I'm having. > > > > Basically I have a page that contains a cfwindow. On a certain event, I > show the cfwindow, and navigate it to a url. On the code that's now inside > of the cfwindow, I've got a cfgrid inside of a cfform. When it loads the > grid, it throws a "this.refresh is not a function" javascript error in the > grid.js file of the EXT library included with ColdFusion. Then when I try to > edit an item in a row, it throws a "this.selModel is undefined" error in > edit-grid.js > > > > I isolated the problem to the fact that I'm using Prototype.js. The > calling page includes prototype and some other little prototype helpers to > do form validation, rounded corners, and a date picker. > > > > So the problem it appears is that prototype and extjs aren't playing well > together. I'm kinda scratching my head here trying to figure out the best > way to take care of this. Is there any way to solve this problem other than > not using cfgrid or switching to extjs instead of prototype? > > > > Thanks! > > -Charles > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314469 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: Adding & Updating empty values
Is that the only way? It's a questionnaire form with 50 questions! You mean I have to do a for every question and assign it a blank value if there's no value!? -Original Message- From: Rob Parkhill [mailto:[EMAIL PROTECTED] Sent: October-28-08 4:42 PM To: cf-talk Subject: Re: Adding & Updating empty values wrap it in a so.. Rob On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Hey all, > > > > In my form some values may be left empty. For example a form field named > q1. > > It's fine if it's empty because the user can go back and fill it in later > if > they wish. > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want to > do is enter an empty value. How can I allow it to do that for insert and > updates? > > > > Thanks! > > > > LogoSig > > Rick Sanders > > Webenergy > > Canada: 902-431-7279 > > USA: 919-799-9076 > > Canada: www.webenergy.ca > > USA: www.webenergyusa.com > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314467 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Random record identifiers in MySQL 5.0
-Original Message- From: Judah McAuley <[EMAIL PROTECTED]> Sent: Tuesday, October 28, 2008 2:45 PM To: cf-talk Subject: Re: Random record identifiers in MySQL 5.0 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314468 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
On Tue, Oct 28, 2008 at 12:37 PM, Jason Fisher <[EMAIL PROTECTED]> wrote: > @Jim, > > If you use CF to generate a UUID, then you do *not* need to hit the DB to > verify uniqueness. Each call to createUUID() will create a unique value, > within all limits of reasonableness. So, yes, autoIncrement works as well, > but to answer your original question, createUUID() is a clean way to create > unique IDs without undue round-trips to the DB server. > For what its worth, I'm usually using CF against an sql server database and you can get the newly created id right back out when you do the insert without having to hit the db again insert (name) values ('foo bar') select scope_identity() as new_id and then adduser.new_id is the value of the newly created autoincremented id. Judah ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314466 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Adding & Updating empty values
wrap it in a so.. Rob On Tue, Oct 28, 2008 at 3:33 PM, Rick Sanders <[EMAIL PROTECTED]> wrote: > Hey all, > > > > In my form some values may be left empty. For example a form field named > q1. > > It's fine if it's empty because the user can go back and fill it in later > if > they wish. > > > > How do I get passed the "q1 is not defined in Form" CF error? All I want to > do is enter an empty value. How can I allow it to do that for insert and > updates? > > > > Thanks! > > > > LogoSig > > Rick Sanders > > Webenergy > > Canada: 902-431-7279 > > USA: 919-799-9076 > > Canada: www.webenergy.ca > > USA: www.webenergyusa.com > > > > > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314465 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
Yeah, I don't think that logically follows at all. An id is not a credential, it shouldn't matter if the id is easy to guess or not. The id is the representation of the item in question. Knowing what/who the item is shouldn't allow you to become that item. I have no problems with using uuid's as primary keys but I don't think it really increases security in any useful fashion. judah On Tue, Oct 28, 2008 at 12:36 PM, Craig Dudley <[EMAIL PROTECTED]> wrote: >> *nods* I do. But the extra layer of UUID is better then using auto increase. > > Personally I strongly disagree with that but hey ho, each to their own ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314464 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
WHAT You store a userId in a cookie and trust it Are you mad??? Numbers are as inherently secure as UUIDs - they're both simply identifiers. Authentication and authorization are where security happens. If an application is susceptible to spin attacks like that, I suppose that a UUID might assist to some degree, but much better to just prevent the spin attack. cheers, barneyb On Tue, Oct 28, 2008 at 12:30 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > Oh.. I have that as well. But take for example the UserID that I store > as a cookie to someone else based on the UserID field. > > It's easy to change a cookie to a 1 and hope to get admin access. > > It's harder to figure out someone elses ID. :) > > and yeah, I can set it to the IP and so on, but honestly, using a UUID > is allot more secure then auto increase. > > Matt Quackenbush wrote: >> On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: >> >>> The only thing I've noticed in using that is that you can guess the next >>> number. >>> >>> If you have a URL string of id set to 7, I've always tried manually >>> typing in 6 and seeing what happens. Sometimes, 5. :) >>> >>> >> That's what permission checking in your application is for. :-) >> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314463 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RSS Issue
I am pulling an RSS feed to my page using this code: http://www4.esu.edu/news.xml"; method="get"> #objRSS.rss.channel.item[i].title.xmltext# #objRSS.rss.channel.item[i].description.xmltext# | more all news >> If I use the closing tag I get an error stating FILECONTENT is undefined, if I leave it off the page takes a long time to load. Any advice would be appreciated. Steve LaBadie, Web Manager East Stroudsburg University 200 Prospect St. East Stroudsburg, Pa 18301 570-422-3999 http://www.esu.edu [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314462 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
@Jim, If you use CF to generate a UUID, then you do *not* need to hit the DB to verify uniqueness. Each call to createUUID() will create a unique value, within all limits of reasonableness. So, yes, autoIncrement works as well, but to answer your original question, createUUID() is a clean way to create unique IDs without undue round-trips to the DB server. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314461 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
Storing a credit card online is a very, VERY bad idea. If you go that route (Which WOULD be simplier), you may want to check out a separate company to handle the transactions. I know Shift4 (www.Shift4.com) is very good security wise (not good to work for, but good in what they do). But storing credit card information (or at least enough information to make a charge) is just asking for trouble. Rob Parkhill wrote: > Why not just have them provide a credit card that you can keep on file. It > is already a line of credit :) > Rob > > On Tue, Oct 28, 2008 at 3:26 PM, ColdFusion Developer <[EMAIL > PROTECTED]>wrote: > >>> Are you looking for an actual credit-check service with an API? or are >>> you looking for the bank that would actually back the credit line? >>> >> That's a very good question. I'm not sure my client really knows which one >> is needed and I have absolutely no knowledge of how this process works ... >> so my answer is "Dunno!" >> >> The client's exact words were: "I want visitors to fill out a form and >> submit it and get approved for a line of credit they can use to pay for >> services on my site." >> >> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314460 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Random record identifiers in MySQL 5.0
> *nods* I do. But the extra layer of UUID is better then using auto increase. Personally I strongly disagree with that but hey ho, each to their own ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314459 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Lines of credit or credit account online
On Tue, Oct 28, 2008 at 12:26 PM, ColdFusion Developer <[EMAIL PROTECTED]> wrote: >> Are you looking for an actual credit-check service with an API? or are >> you looking for the bank that would actually back the credit line? >> > > That's a very good question. I'm not sure my client really knows which one is > needed and I have absolutely no knowledge of how this process works ... so my > answer is "Dunno!" > > The client's exact words were: "I want visitors to fill out a form and submit > it and get approved for a line of credit they can use to pay for services on > my site." > I think the first thing you need to figure out with the client is if the client is providing the line of credit (I'll give you $500 store credit with a 15% APR) and he just wants to establish a credit score for the customer or whether he wants someone else to provide the line of credit (i.e., a bank). In the first instance, I'd make sure that lawyers were contacted first as dealing with credit history can be touchy. Then I'd look into api's from the three major credit agencies and make sure that the client understands that he'll probably have to pay for each credit check run. In the second case, have him talk to his bank. Chances are that in this current business climate the answer is going to be "hahaha...fat chance". But the willingness of his bank to give loans to his customers is going to be an issue before anything technical comes up. Judah ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314458 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
Sounds like you are looking for a bank then. ColdFusion Developer wrote: >> Are you looking for an actual credit-check service with an API? or are >> you looking for the bank that would actually back the credit line? >> > > That's a very good question. I'm not sure my client really knows which one is > needed and I have absolutely no knowledge of how this process works ... so my > answer is "Dunno!" > > The client's exact words were: "I want visitors to fill out a form and submit > it and get approved for a line of credit they can use to pay for services on > my site." > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314455 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Adding & Updating empty values
Hey all, In my form some values may be left empty. For example a form field named q1. It's fine if it's empty because the user can go back and fill it in later if they wish. How do I get passed the "q1 is not defined in Form" CF error? All I want to do is enter an empty value. How can I allow it to do that for insert and updates? Thanks! LogoSig Rick Sanders Webenergy Canada: 902-431-7279 USA: 919-799-9076 Canada: www.webenergy.ca USA: www.webenergyusa.com ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314457 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
Why not just have them provide a credit card that you can keep on file. It is already a line of credit :) Rob On Tue, Oct 28, 2008 at 3:26 PM, ColdFusion Developer <[EMAIL PROTECTED]>wrote: > > Are you looking for an actual credit-check service with an API? or are > > you looking for the bank that would actually back the credit line? > > > > That's a very good question. I'm not sure my client really knows which one > is needed and I have absolutely no knowledge of how this process works ... > so my answer is "Dunno!" > > The client's exact words were: "I want visitors to fill out a form and > submit it and get approved for a line of credit they can use to pay for > services on my site." > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314456 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Prototype problems with cfgrid
I've had the same issue. All I can offer is not to use prototype on the page your cfgrid is in. Charles Lewis wrote: > Hello everyone, this is my first post here on the Cf-Talk mailing list. > Hoping you guys can help me work through a problem I'm having. > > Basically I have a page that contains a cfwindow. On a certain event, I show > the cfwindow, and navigate it to a url. On the code that's now inside of the > cfwindow, I've got a cfgrid inside of a cfform. When it loads the grid, it > throws a "this.refresh is not a function" javascript error in the grid.js > file of the EXT library included with ColdFusion. Then when I try to edit an > item in a row, it throws a "this.selModel is undefined" error in edit-grid.js > > I isolated the problem to the fact that I'm using Prototype.js. The calling > page includes prototype and some other little prototype helpers to do form > validation, rounded corners, and a date picker. > > So the problem it appears is that prototype and extjs aren't playing well > together. I'm kinda scratching my head here trying to figure out the best way > to take care of this. Is there any way to solve this problem other than not > using cfgrid or switching to extjs instead of prototype? > > Thanks! > -Charles > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314454 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
*nods* I do. But the extra layer of UUID is better then using auto increase. Barney Boisvert wrote: > And you can guess my login for Gmail from my email address. But in > order to access it, you have to know my credentials. Hopefully you do > similar checks in your applications? > > On Tue, Oct 28, 2008 at 12:13 PM, Phillip M. Vector > <[EMAIL PROTECTED]> wrote: >> The only thing I've noticed in using that is that you can guess the next >> number. >> >> If you have a URL string of id set to 7, I've always tried manually >> typing in 6 and seeing what happens. Sometimes, 5. :) >> >> Now, can you guess another record if the ID is 3219-D87562EFA- etc.? :) >> >> Barney Boisvert wrote: >>> Can't you just use an AUTO_INCREMENT column? That's what they're there for. >>> >>> On Tue, Oct 28, 2008 at 11:40 AM, Jim McAtee <[EMAIL PROTECTED]> wrote: What are you using for random (unique) record identifiers in MySQL? I could use UUIDs, generated either in my CF application, or in MySQL itself. But for a table that's never likely to have more than a few hundred thousand records I could also just use something like a 10 character randomly generated number or string. The advantage of the latter is that it would be a lot easier for any humans that might need to deal with the string. Whatever is used, if the application generates the random identifier, then it needs to first do a record lookup to be sure the identifier is unique, contained within a transaction along with the insert query. Is that avoidable by using the database to generate the identifier? >>> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314453 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
Oh.. I have that as well. But take for example the UserID that I store as a cookie to someone else based on the UserID field. It's easy to change a cookie to a 1 and hope to get admin access. It's harder to figure out someone elses ID. :) and yeah, I can set it to the IP and so on, but honestly, using a UUID is allot more secure then auto increase. Matt Quackenbush wrote: > On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > >> The only thing I've noticed in using that is that you can guess the next >> number. >> >> If you have a URL string of id set to 7, I've always tried manually >> typing in 6 and seeing what happens. Sometimes, 5. :) >> >> > That's what permission checking in your application is for. :-) > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314452 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Random record identifiers in MySQL 5.0
And you can guess my login for Gmail from my email address. But in order to access it, you have to know my credentials. Hopefully you do similar checks in your applications? On Tue, Oct 28, 2008 at 12:13 PM, Phillip M. Vector <[EMAIL PROTECTED]> wrote: > The only thing I've noticed in using that is that you can guess the next > number. > > If you have a URL string of id set to 7, I've always tried manually > typing in 6 and seeing what happens. Sometimes, 5. :) > > Now, can you guess another record if the ID is 3219-D87562EFA- etc.? :) > > Barney Boisvert wrote: >> Can't you just use an AUTO_INCREMENT column? That's what they're there for. >> >> On Tue, Oct 28, 2008 at 11:40 AM, Jim McAtee <[EMAIL PROTECTED]> wrote: >>> What are you using for random (unique) record identifiers in MySQL? I >>> could use UUIDs, generated either in my CF application, or in MySQL >>> itself. But for a table that's never likely to have more than a few >>> hundred thousand records I could also just use something like a 10 >>> character randomly generated number or string. The advantage of the >>> latter is that it would be a lot easier for any humans that might need to >>> deal with the string. >>> >>> Whatever is used, if the application generates the random identifier, then >>> it needs to first do a record lookup to be sure the identifier is unique, >>> contained within a transaction along with the insert query. Is that >>> avoidable by using the database to generate the identifier? >>> >>> >>> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314451 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Lines of credit or credit account online
> Are you looking for an actual credit-check service with an API? or are > you looking for the bank that would actually back the credit line? > That's a very good question. I'm not sure my client really knows which one is needed and I have absolutely no knowledge of how this process works ... so my answer is "Dunno!" The client's exact words were: "I want visitors to fill out a form and submit it and get approved for a line of credit they can use to pay for services on my site." ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314450 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Prototype problems with cfgrid
Hello everyone, this is my first post here on the Cf-Talk mailing list. Hoping you guys can help me work through a problem I'm having. Basically I have a page that contains a cfwindow. On a certain event, I show the cfwindow, and navigate it to a url. On the code that's now inside of the cfwindow, I've got a cfgrid inside of a cfform. When it loads the grid, it throws a "this.refresh is not a function" javascript error in the grid.js file of the EXT library included with ColdFusion. Then when I try to edit an item in a row, it throws a "this.selModel is undefined" error in edit-grid.js I isolated the problem to the fact that I'm using Prototype.js. The calling page includes prototype and some other little prototype helpers to do form validation, rounded corners, and a date picker. So the problem it appears is that prototype and extjs aren't playing well together. I'm kinda scratching my head here trying to figure out the best way to take care of this. Is there any way to solve this problem other than not using cfgrid or switching to extjs instead of prototype? Thanks! -Charles ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314449 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
On Tue, Oct 28, 2008 at 2:13 PM, Phillip M. Vector wrote: > The only thing I've noticed in using that is that you can guess the next > number. > > If you have a URL string of id set to 7, I've always tried manually > typing in 6 and seeing what happens. Sometimes, 5. :) > > That's what permission checking in your application is for. :-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314448 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: CFCHART & Developer Edition Watermark
If you are using multiple instance, ensure that the new serial has been entered for all of them-- i.e. not just the base instance. ~Brad Original Message Subject: CFCHART & Developer Edition Watermark From: "[EMAIL PROTECTED] [EMAIL PROTECTED]" <[EMAIL PROTECTED]> Date: Tue, October 28, 2008 1:10 pm To: cf-talk [This might sound similar to the September posting for CFDOCUMENT, but it's not] I have servers that were originally installed with the trial edition of CF8 and then changed to standard edition by entering our valid license numbers within the 30 day period. That all worked fine, and the edition changed from Enterprise to Standard. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314447 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFQueryParam question
> The list="yes" parameter of CFQUERYPARAM will properly wrap the single quotes > around each list element. That's not quite right. What it will do is create a parameter for every element in the list and map it to the database type you supply. Even with character data, no single quotes are used when using cfqueryparam. Indeed, it may be important to know that you are sending a different kind of request to the db when you use cfqueryparam. Ie. SELECT foo FROM bar WHERE foo IN () gets translated by ColdFusion, which then sends something like the following to the database server: SQL Statement: SELECT foo FROM bar WHERE foo IN (?,?,?) SQL Parameters: * param 1 (varchar) = 'Hello mum' * param 2 (varchar) = 'Hello world' * param 3 (varchar) = 'I love chocolate' Without using cfqueryparam, you would send the following to the db: SQL Statement: SELECT foo FROM bar WHERE foo IN ('Hello mum','Hello world','I love chocolate'). Further, better and useful quick reading: http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html HTH Dominic ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314446 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
The only thing I've noticed in using that is that you can guess the next number. If you have a URL string of id set to 7, I've always tried manually typing in 6 and seeing what happens. Sometimes, 5. :) Now, can you guess another record if the ID is 3219-D87562EFA- etc.? :) Barney Boisvert wrote: > Can't you just use an AUTO_INCREMENT column? That's what they're there for. > > On Tue, Oct 28, 2008 at 11:40 AM, Jim McAtee <[EMAIL PROTECTED]> wrote: >> What are you using for random (unique) record identifiers in MySQL? I >> could use UUIDs, generated either in my CF application, or in MySQL >> itself. But for a table that's never likely to have more than a few >> hundred thousand records I could also just use something like a 10 >> character randomly generated number or string. The advantage of the >> latter is that it would be a lot easier for any humans that might need to >> deal with the string. >> >> Whatever is used, if the application generates the random identifier, then >> it needs to first do a record lookup to be sure the identifier is unique, >> contained within a transaction along with the insert query. Is that >> avoidable by using the database to generate the identifier? >> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314445 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Random record identifiers in MySQL 5.0
Can't you just use an AUTO_INCREMENT column? That's what they're there for. On Tue, Oct 28, 2008 at 11:40 AM, Jim McAtee <[EMAIL PROTECTED]> wrote: > What are you using for random (unique) record identifiers in MySQL? I > could use UUIDs, generated either in my CF application, or in MySQL > itself. But for a table that's never likely to have more than a few > hundred thousand records I could also just use something like a 10 > character randomly generated number or string. The advantage of the > latter is that it would be a lot easier for any humans that might need to > deal with the string. > > Whatever is used, if the application generates the random identifier, then > it needs to first do a record lookup to be sure the identifier is unique, > contained within a transaction along with the insert query. Is that > avoidable by using the database to generate the identifier? > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:31 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Random record identifiers in MySQL 5.0
What are you using for random (unique) record identifiers in MySQL? I could use UUIDs, generated either in my CF application, or in MySQL itself. But for a table that's never likely to have more than a few hundred thousand records I could also just use something like a 10 character randomly generated number or string. The advantage of the latter is that it would be a lot easier for any humans that might need to deal with the string. Whatever is used, if the application generates the random identifier, then it needs to first do a record lookup to be sure the identifier is unique, contained within a transaction along with the insert query. Is that avoidable by using the database to generate the identifier? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314443 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFCHART & Developer Edition Watermark
[This might sound similar to the September posting for CFDOCUMENT, but it's not] I have servers that were originally installed with the trial edition of CF8 and then changed to standard edition by entering our valid license numbers within the 30 day period. That all worked fine, and the edition changed from Enterprise to Standard. At the time we hadn't been doing much with CFCHART, although we did have one page in production with a CFCHART on it. We've recently started doing development of more charting pages, using both the CFCHART tag directly as well as using the calls via Java to the underlying engine so that we can get the more advanced charts. All of the charts are coming out with the "Adobe ColdFusion Developer Edition Not for Production Use" watermark on them. Note that this is not from the ColdFusion8\lib\watermark.png file because that image's content says "Adobe ColdFusion Developer/Trial Edition Not for Production Use". So this is being triggered from somewhere else. The first question is "where & why?" but the more important second question is "how do I fix this?" I did a clean install where I entered the SN on the installation screen (instead of letting it start out as a Trial Edition) on a PC that has never had CF on it, ran my CFCHART script, and it DID NOT have the watermark. Any ideas? I know for a hard fact that this watermark was not showing up 2 weeks ago, but cannot find any files in the ColdFusion8 folders that have changed recently - plus I'm seeing it on multiple servers and have definitely not been rolling out new software to all of them recently. This is getting to be a hassle, because I have pages that clients see on the server where I first noticed this problem, and don't want them thinking that I'm running bootleg software! thanks everyone, Reed ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314442 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFQueryParam question
Try this: Thanks, Eric Cobb Scott Stewart wrote: > I have a variable passed though a URL that looks like this > > index.cfm?a=1,2,3 > > The variable "a" is passed to a SQL statement WHERE clause as > part of an "IN" operator > > IE: WHERE b in (#url.a#). > > How would I encapsulate "url.a" in a CFQueryParam properly, is this a > case where I wouldn't define the cfsqltype? > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314441 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
RE: CFQueryParam question
cfqp has a list attribute. Adrian Building a database of ColdFusion errors at http://cferror.org/ -Original Message- From: Scott Stewart Sent: 28 October 2008 17:13 To: cf-talk Subject: CFQueryParam question I have a variable passed though a URL that looks like this index.cfm?a=1,2,3 The variable "a" is passed to a SQL statement WHERE clause as part of an "IN" operator IE: WHERE b in (#url.a#). How would I encapsulate "url.a" in a CFQueryParam properly, is this a case where I wouldn't define the cfsqltype? -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314440 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFQueryParam question
WHERE b IN ( ) The list="yes" parameter of CFQUERYPARAM will properly wrap the single quotes around each list element. -Jason >I have a variable passed though a URL that looks like this > >index.cfm?a=1,2,3 > >The variable "a" is passed to a SQL statement WHERE clause as >part of an "IN" operator > >IE: WHERE b in (#url.a#). > >How would I encapsulate "url.a" in a CFQueryParam properly, is this a >case where I wouldn't define the cfsqltype? > >-- >Scott Stewart >ColdFusion Developer > >Office of Research Information Systems >Research & Economic Development >University of North Carolina at Chapel Hill > >Phone:(919)843-2408 >Fax: (919)962-3600 >Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314438 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: CFQueryParam question
Obviously you would need to change the sqltype to what your sql type is. On Tue, Oct 28, 2008 at 10:13 AM, Scott Stewart <[EMAIL PROTECTED]>wrote: > I have a variable passed though a URL that looks like this > > index.cfm?a=1,2,3 > > The variable "a" is passed to a SQL statement WHERE clause as > part of an "IN" operator > > IE: WHERE b in (#url.a#). > > How would I encapsulate "url.a" in a CFQueryParam properly, is this a > case where I wouldn't define the cfsqltype? > > -- > Scott Stewart > ColdFusion Developer > > Office of Research Information Systems > Research & Economic Development > University of North Carolina at Chapel Hill > > Phone:(919)843-2408 > Fax: (919)962-3600 > Email: [EMAIL PROTECTED] > > > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314439 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
CFQueryParam question
I have a variable passed though a URL that looks like this index.cfm?a=1,2,3 The variable "a" is passed to a SQL statement WHERE clause as part of an "IN" operator IE: WHERE b in (#url.a#). How would I encapsulate "url.a" in a CFQueryParam properly, is this a case where I wouldn't define the cfsqltype? -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314437 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Lines of credit or credit account online
Are you looking for an actual credit-check service with an API? or are you looking for the bank that would actually back the credit line? For checking credit ratings, I guess you could check to see whether Experian, Equifax, and TransUnion have APIs. Still, not sure you would be able to verify that a person was who they said they were, but those are the 3 primary credit reporting services, so they should know. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314436 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cfthread and queue management
This is what I think I was trying to get at. Moving the loop into the thread instead of having the loop outside the thread is the part I think I was missing. Having a generic tool to do queue management could be quite handy. Of course I've since realized that my particular situation is slightly more complicated (isn't that always how it goes?) but this is an excellent place to start. Thanks Mark. Judah On Mon, Oct 27, 2008 at 6:02 PM, Mark Mandel <[EMAIL PROTECTED]> wrote: > You really need 5 threads that loop, while there is something to be > executed, and a Queue of CFCs that have a common execute() commands. > > something like: > > > > while(NOT queue.isEmpty()) > { > action = queue.pop(); > action.execute(); > } > > > > While there is probably some error checking, and logging etc, that is > the basic gist of building a queue processing system. > > Mark > > On Tue, Oct 28, 2008 at 10:39 AM, Alan Rother <[EMAIL PROTECTED]> wrote: >> Yeah... I kind of figured that was the deal, but I had to point it out. >> In that case Dave is right (as he almost always is...) keeping a single >> monitoring thread active to watch the others makes the most sense. >> >> One thing to watch our for in fully asynchronous threads is that error >> catching is much tricker. Many of the usual techniques don't work. I had to >> build a complex system that during development failed all the time, yet >> never logged a single error in the CF log files. The only solution I could >> come up with during dev was to wrap every segment of code in a cftry that >> used a webservice to report errors back to me through lighthouse. >> >> =] >> >> -- >> Alan Rother >> Adobe Certified Advanced ColdFusion MX 7 Developer >> Manager, Phoenix Cold Fusion User Group, AZCFUG.org >> >> >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314435 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: passing a list through a url
Thanks Adrian and Tom sas Scott Stewart wrote: > Is it possible to pass a list of values through the url: > > IE: index.cfm?a=1,2,3 > > thanks > > sas > > -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314434 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: passing a list through a url
On Tuesday 28 Oct 2008, Scott Stewart wrote: > IE: index.cfm?a=1,2,3 Yes. As long as it isn't too long. -- Tom Chiverton Helping to administratively optimize mission-critical B2C scalable out-of-the-box e-services This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314433 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: passing a list through a url
Yes, but be careful of the length of the list as browsers have limits. Adrian -Original Message- From: Scott Stewart Sent: 28 October 2008 15:39 To: cf-talk Subject: passing a list through a url Is it possible to pass a list of values through the url: IE: index.cfm?a=1,2,3 thanks sas -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314432 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Lines of credit or credit account online
I work in the Merchant side of the industry. You'll need a bank that backs the line of credit. Each bank is going to have its own underwriting rules. Your online app would have to do whatever it takes to satisfy those guidelines, and then give an approval based on that. Edward A Savage Jr - "Sonny" Senior Software Engineer Creditdiscovery, LLC "I believe in getting into hot water; it keeps you clean." ~ GK Chesterton On Tue, Oct 28, 2008 at 11:25 AM, ColdFusion Developer <[EMAIL PROTECTED]>wrote: > Hi all, > > I had an interesting request from a client and I'm not finding much info > out there on what the client needs. > > Without going into too much detail (love those NDAs!), the client wants to > offer instant-approval lines of credit to Web site visitors. In essence, the > thinking is: visitor goes to the site, enters info on a credit app, and > either gets approval for a set amount of credit or doesn't. > > My question: What service does the client need to approve those credit > apps? A regular merchant account or something else? > > I've helped set up regular merchant accounts for e-commerce but have never > dealt with this area before. > > Thanks in advance for any and all input! > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314431 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Convert variable to UTF-16LE?
> However, I can't for the life of me figure out how to get CF to pass the > password through the LDAPS connection as UTF-16LE, and with double quotes > around it. Not sure if this UDF could help, but it's worth a quick try: http://www.massimocorner.com/coldfusion/udf/convertCharset.zip Massimo Foti, web-programmer for hire Tools for ColdFusion, JavaScript and Dreamweaver: http://www.massimocorner.com ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314430 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
passing a list through a url
Is it possible to pass a list of values through the url: IE: index.cfm?a=1,2,3 thanks sas -- Scott Stewart ColdFusion Developer Office of Research Information Systems Research & Economic Development University of North Carolina at Chapel Hill Phone:(919)843-2408 Fax: (919)962-3600 Email: [EMAIL PROTECTED] ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314429 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Lines of credit or credit account online
Hi all, I had an interesting request from a client and I'm not finding much info out there on what the client needs. Without going into too much detail (love those NDAs!), the client wants to offer instant-approval lines of credit to Web site visitors. In essence, the thinking is: visitor goes to the site, enters info on a credit app, and either gets approval for a set amount of credit or doesn't. My question: What service does the client need to approve those credit apps? A regular merchant account or something else? I've helped set up regular merchant accounts for e-commerce but have never dealt with this area before. Thanks in advance for any and all input! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314428 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Oracle 11g
Hi - does anyone know of any plans to push out free DataDirect drivers (an updated macromedia.jar) in support of Oracle 11g? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314427 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Ben Forta for president?
On Friday 24 Oct 2008, Mike Kear wrote: > first name and last name in the form, and click 'submit'. Then on > the fly, there's a news report using the name you just put in. Whatever it is, the BBC go one step better with their 'Spooks' game. Upload a head on shot of someone, mark the mouth, eyes etc. in a slick Flash application, and then *that face* appears in the video at key points. On someone elses body. It's really creepy :-) -- Tom Chiverton Helping to vitalistically pursue intuitive attention-grabbing customers This email is sent for and on behalf of Halliwells LLP. Halliwells LLP is a limited liability partnership registered in England and Wales under registered number OC307980 whose registered office address is at Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list of members is available for inspection at the registered office. Any reference to a partner in relation to Halliwells LLP means a member of Halliwells LLP. Regulated by The Solicitors Regulation Authority. CONFIDENTIALITY This email is intended only for the use of the addressee named above and may be confidential or legally privileged. If you are not the addressee you must not read it and must not use any information contained in nor copy it nor inform any person other than Halliwells LLP or the addressee of its existence or contents. If you have received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. For more information about Halliwells LLP visit www.halliwells.com. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314426 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Best way to create an .xls file from a page
Another good option is jExcel integration: http://www.cfinsider.com/index.cfm/2008/1/3/Modify-Excel-Spreadsheets-with-ColdFusion-the-easy-way Cheers Marco Antonio On Tue, Oct 28, 2008 at 5:37 AM, Stephane Vantroyen <[EMAIL PROTECTED]> wrote: > Hi, > > another possibility is to use the POI Utility you can find on Ben Nadel's > page : > > > http://www.bennadel.com/blog/865-POIUtility-cfc-Examples-For-Reading-And-Writing-Excel-Files-In-ColdFusion.htm > > Greets > > Stéphane > > > >I wouldn't say it is the *best* way but this will maintain table layouts: > > > >http://mgt.pastebin.com/f27bd1c5a > > > >Another way to do it is what Mike Chabot suggested. > > > >Yet another way: > > > >Create a spreadsheet and fill the places where you want your data to go > with > >CF vars #.yourQury.yourVar# and then save as XML or HTML (I forget) and > use > >the above method to populated it and force it to the browser. > > > >HTH > > > >~G~ > > > >On Mon, Oct 27, 2008 at 3:14 PM, Brian Yager <[EMAIL PROTECTED] > >wrote: > > > >> > > ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314425 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
AW: Apache/CF8 problems
Hi! Will Tomlinson wrote: > The problem we're having is, whenever he hits one of his domains we > setup in his windows hosts file, it directs you to the default apache > website. "It works!" > > But we have directives in the httpd.config file to > direct to C:\webRoot\somesite > What's strange is, this all works on my XP Pro machine. I can't > figure out why you hit one of those domains in the URL, and it will > not take you to the right website in the webroot. Hosts and VirtualHosts configurations look fine. This problem is most probably not related to CF8 in any way. I would guess that you might have missed the NameVirtualHost * or NameVirtualHost *:80 directive before your first VirtualHosts-block. Take a look at the Apache docs here http://httpd.apache.org/docs/1.3/mod/core.html#namevirtualhost. You can verify the configured VirtualHosts by using apache2ctl -S. Kind regards Markus Computec Media AG Sitz der Gesellschaft und Registergericht: Fürth (HRB 8818) Vorstandsmitglieder: Johannes S. Gözalan (Vorsitzender) und Rainer Rosenbusch Vorsitzender des Aufsichtsrates: Jürg Marquard Umsatzsteuer-Identifikationsnummer: DE 812 575 276 ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314424 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Best way to create an .xls file from a page
Hi, another possibility is to use the POI Utility you can find on Ben Nadel's page : http://www.bennadel.com/blog/865-POIUtility-cfc-Examples-For-Reading-And-Writing-Excel-Files-In-ColdFusion.htm Greets Stéphane >I wouldn't say it is the *best* way but this will maintain table layouts: > >http://mgt.pastebin.com/f27bd1c5a > >Another way to do it is what Mike Chabot suggested. > >Yet another way: > >Create a spreadsheet and fill the places where you want your data to go with >CF vars #.yourQury.yourVar# and then save as XML or HTML (I forget) and use >the above method to populated it and force it to the browser. > >HTH > >~G~ > >On Mon, Oct 27, 2008 at 3:14 PM, Brian Yager <[EMAIL PROTECTED]>wrote: > >> ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314423 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4