Re: How do I remove execute permissions from a directory in IIS?
> I'm allowing people to FTP-upload into one of my web server directories, but > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > I right-clicked on the directory in IIS and changed "execute permissions" to > "none," but it seems the cfm files in that directory are still running. You would have to set read but not execute in Windows Explorer or CACLS/XCACLS/whatever the new version of CACLS is. But the real answer is, as Ian indicated, don't let people upload files into a web directory. Even if you could disable them from running through CF, a user could upload a plain old HTML file with malicious JavaScript in it, and another user could conceivably run that. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325579 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting implicit arrays?
On Thu, Aug 20, 2009 at 4:30 PM, Tony Bentley wrote: > > I thought this would be something fun to discuss. How do you output implicit > arrays? Once you create the array, there is no difference between an "implicitly created" array and an array created via ArrayNew() So... you output it just like any other array. -- Rick Root New Brian Vander Ark Album, songs in the music player and cool behind the scenes video at www.myspace.com/brianvanderark ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325578 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting implicit arrays?
The same was as non-literal arrays? CFLOOP, CFDUMP, serializeJson, there are lots of ways. I'm not sure what you want to discuss? On Thu, Aug 20, 2009 at 1:30 PM, Tony Bentley wrote: > > I thought this would be something fun to discuss. How do you output implicit > arrays? > > here is the array (we will use a navigation as an example): > > > > navigation = [ > {name="home",href="index.cfm",class="nav"}, > {name="contact",href="contact.cfm",class="nav"} > ]; > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325577 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Outputting implicit arrays?
I thought this would be something fun to discuss. How do you output implicit arrays? here is the array (we will use a navigation as an example): navigation = [ {name="home",href="index.cfm",class="nav"}, {name="contact",href="contact.cfm",class="nav"} ]; ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325576 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ajax cfc not working for Access DB -- odd stuff
>If the cfc is being hit, and with the right data, you can absolutely rule >out the cfajaxproxy tag. Can we clarify that the data being returned from >the method is the problem? Try posting a form directly to the cfc method, >e.g. > > > > > >From there, debugging should be more straight forward. > >Dominic Forgot, I could simply use pathtocfc.cfc?method=fubar¶m1=727¶m2='blablaText' from URL to test it and did, it only returned these structures but action outcome. But I've spent over 1.4 hours on it, there's another option, opted out... thanks though. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325575 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How do I remove execute permissions from a directory in IIS?
There are multiple ways you can do it depending on your setup. 1. Have your ftp folder below the web root 2. Add cfabort to a directory above the ftp folder in the web root so that it stops any processing on any sub folders. 3. uncheck all options (Read, Write etc) under Directory for that folder and set the execute permission to None On Thu, Aug 20, 2009 at 11:47 AM, Philip Kaplan wrote: > > That's a clever idea but I would preferably like to give users "delete" > permission on that directory, in which case someone could just delete the > application.cfm file. > > On Thu, Aug 20, 2009 at 11:40 AM, Agha Mehdi wrote: > > > > > You can add application.cfm or Application.cfc to the folder and > > > any request. that will ensure that no cfm file is executed > > > > On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan > wrote: > > > > > > > > I'm allowing people to FTP-upload into one of my web server > directories, > > > but > > > I don't want them to be able to upload and run cfm (or asp, etc) > scripts. > > > > > > I right-clicked on the directory in IIS and changed "execute > permissions" > > > to > > > "none," but it seems the cfm files in that directory are still running. > > > > > > Here's an example: > > > http://hitmelater.com/affiliate/index.cfm > > > > > > Any ideas? > > > > > > > > > > > > > > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325574 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How do I remove execute permissions from a directory in IIS?
ssl...@rubbergumball.net wrote: > Phil- > Your FTP folder should be below your web root - > I beleive that quote should be "above" or "outside" or possible "not be below". I.E. Yes, your FTP folder should have NO relation to your web root folder. Only after you have scrutinized ANYTHING uploaded would you then move it to such a vulnerable location. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325573 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How do I remove execute permissions from a directory in IIS?
Phil- Your FTP folder should be below your web root - I believe anything in the web path will be served via the browser. I don't think you can turn off processing for a directory in the web path. If you are using the content of the FTP as web content, you can use an upload function through ColdFusion instead and allow only certain file types and extensions. /S On Thu, 20 Aug 2009 11:21:53 -0700, Philip Kaplan wrote: > > I'm allowing people to FTP-upload into one of my web server directories, > but > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > I right-clicked on the directory in IIS and changed "execute permissions" > to > "none," but it seems the cfm files in that directory are still running. > > Here's an example: > http://hitmelater.com/affiliate/index.cfm > > Any ideas? > > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325572 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How do I remove execute permissions from a directory in IIS?
That's a clever idea but I would preferably like to give users "delete" permission on that directory, in which case someone could just delete the application.cfm file. On Thu, Aug 20, 2009 at 11:40 AM, Agha Mehdi wrote: > > You can add application.cfm or Application.cfc to the folder and > any request. that will ensure that no cfm file is executed > > On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan wrote: > > > > > I'm allowing people to FTP-upload into one of my web server directories, > > but > > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > > > I right-clicked on the directory in IIS and changed "execute permissions" > > to > > "none," but it seems the cfm files in that directory are still running. > > > > Here's an example: > > http://hitmelater.com/affiliate/index.cfm > > > > Any ideas? > > > > > > > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325571 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
(ot) jQueryGrid
So I'm using this jquerygrid plugin () and it's working pretty well. I'm trying to use the inline edit feature to edit a couple fields in the row using checkboxes... the values in the DB are 1 and 0. So in my colModel, I have this: {name:'ISOWNER',index:'ISOWNER', width:50, editable:true, edittype:"checkbox", editoptions: {value:"1:0"}}, {name:'SENDALERT',index:'SENDALERT', width:50, editable:true, edittype:"checkbox", editoptions: {value:"1:0"}}, It works great. Most importantly, if I uncheck something, then go to another row, the original value of the checkbox is restored (because I didn't save). So if it was a 1, and I unchecked it, then went to another row, it would revert to a 1 - as it should. But If I change it to this: {name:'ISOWNER',index:'ISOWNER', width:50, editable:true, formatter:yesNoFormatter, edittype:"checkbox", editoptions: {value:"Yes:No"}}, {name:'SENDALERT',index:'SENDALERT', width:50, editable:true, formatter:yesNoFormatter, edittype:"checkbox", editoptions: {value:"Yes:No"}}, the checkboxes LOAD properly, but the restore of the row fails and the values are always reverted to "No" I'm gonna hit up the jqgrid forums too but thought I'd toss this out here.. lots of smart people on cf-talk! -- Rick Root New Brian Vander Ark Album, songs in the music player and cool behind the scenes video at www.myspace.com/brianvanderark ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325570 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How do I remove execute permissions from a directory in IIS?
You can add application.cfm or Application.cfc to the folder and any request. that will ensure that no cfm file is executed On Thu, Aug 20, 2009 at 11:21 AM, Philip Kaplan wrote: > > I'm allowing people to FTP-upload into one of my web server directories, > but > I don't want them to be able to upload and run cfm (or asp, etc) scripts. > > I right-clicked on the directory in IIS and changed "execute permissions" > to > "none," but it seems the cfm files in that directory are still running. > > Here's an example: > http://hitmelater.com/affiliate/index.cfm > > Any ideas? > > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325569 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Inserting NULL between characers using CFFILE
> I had got it working in the meantime by doing this: Jason, I give you an "A" for a creative work-around ;) -Leigh ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325568 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
How do I remove execute permissions from a directory in IIS?
I'm allowing people to FTP-upload into one of my web server directories, but I don't want them to be able to upload and run cfm (or asp, etc) scripts. I right-clicked on the directory in IIS and changed "execute permissions" to "none," but it seems the cfm files in that directory are still running. Here's an example: http://hitmelater.com/affiliate/index.cfm Any ideas? ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325567 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: returning all table records ColdBox & ColdSpring via an object?
On Thu, Aug 20, 2009 at 3:52 AM, Glyn Jackson wrote: > > @ Judah McAuley > > thanks very detailed response. its just a simple record set to display. So > what your saying makes sense. Of course. It has taken me some time to figure it out myself and without the help of others I wouldn't be at the (limited) understanding I'm at now. More than anything else, the best advice I've gotten is to try things with the understanding that you won't get it perfect. Later you'll realize that you could have done it better and then will do it better next time. This process should continue forever. Cheers, Judah ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325566 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
What ColdFusion Instance Memory values to use...
Hi all, It has been a while... I have a question about multiple instances and memory allocation... I have a box with multiple instances. Each one has a different amount of ram set aside for it in jvm.config files. I have three setups: JVM-BIG.CONFIG has: # Arguments to VM java.args=-server -Xmx1024m -Dsun.io.useCanonCaches=false -XX:MaxPermSize=256m -XX:PermSize=128m -XX:+UseConcMarkSweepGC -XX:NewSize=96m -DJINTEGRA_NATIVE_MODE -DJINTEGRA_PREFETCH_ENUMS -Dcoldfusion.rootDir={application.home}/ -Dmail.smtp.sendpartial=true JVM-SMALL.CONFIG has: # Arguments to VM java.args=-server -Xmx256m -Dsun.io.useCanonCaches=false -XX:MaxPermSize=64m -DJINTEGRA_NATIVE_MODE -DJINTEGRA_PREFETCH_ENUMS -Dcoldfusion.rootDir={application.home}/ -Dmail.smtp.sendpartial=true JVM.CONFIG has: # Arguments to VM java.args=-server -Xmx512m -Dsun.io.useCanonCaches=false -XX:MaxPermSize=128m -DJINTEGRA_NATIVE_MODE -DJINTEGRA_PREFETCH_ENUMS -Dcoldfusion.rootDir={application.home}/ -Dmail.smtp.sendpartial=true I know the following... ColdFusion used .5 Gigs (512m) by default and can handle a max of 1.8 gigs. My problem is that 1.8 Gigs doesn't divide by 1024 evenly. My algebra may be rusty but this is what I was trying: (1Gig / 1024 megs) = (1.8Gigs / X megs) so.. 1X = 1.8 * 1024 = 1843.2! I'm pretty sure I can't use decimals in the declaration. What number should I use for 1.8 Gigs? It would be nice if things were referenced apples to apples. If things have to be entered in megs then list the limits in megs. Unless of course I can do something else... Could I use -Xmx1.8g ? This whole thing came about because we were able to decommission some unused instances on the server and reclaimed the memory. (sorry for the long post) Thanks, Steve ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325565 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: ajax cfc not working for Access DB -- odd stuff
On Wed, Aug 19, 2009 at 7:13 PM, Don L wrote: > > Sorry, Dominic, I wasn't clear about the browser, the inline editing feature > is IE specific, that is, Firefox has a hell time with it, hence, it's IE > only, yes, I like Firefox's firebug and find it very helpful but not for this > case. I have firebug lite set up for the IE7, but it didn't show http call > etc. from cfajaxproxy as in FF/FB... more thoughts? thanks. use a different inline editor =) Otherwise for something a little more helpful, download and install Fiddler for Internet Explorer. http://www.fiddler2.com/fiddler2/ Enable it, then hit your application. You'll see the ajax call show up in fiddler.. you can then see the raw response from your cfc using the session inspector.. -- Rick Root New Brian Vander Ark Album, songs in the music player and cool behind the scenes video at www.myspace.com/brianvanderar ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325564 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Replacing characters in a string
Good call on the parens. I had those in the original since I had ripped from code that did use the /1 element later on. Also, you could use #reReplaceNoCase()# as an alternative to [aA] ... but I like the [aA] better, for no particular reason. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325563 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Replacing characters in a string
> This wouldn't match anchor tags with upper case, > but could be changed like so: > ]*> You've got two syntaxes mixed up there. (?:a|A) or [aA] is what you want - no bar needed for square brackets. > And I think it might be best to use a lazy match: > > ]+> That's not a lazy match - it's still greedy, just with a 1-char minimum match (which means it wont now remove ""). To make it lazy, you would want *? or +? except you don't actually want to make it lazy here. If anything, instead of greedy it should be possessive (using *+ or ++) but with the example here posessive wouldn't make much difference. (It's main benefit is for when you've got "almost matches" which you want to exclude faster, as possessive prevents backtracking.) And either way, you can't do possessive with the CF regex engine - you'd need to use the Java one: ]*+>' , '' ) /> But since there's minimal benefit and that syntax would confuse some people, I'd probably just stick to: ]*>' , '', 'all' ) /> And I'd like to call specific attention to the lack of parentheses compared to the earlier suggestions, because they're completely unnecessary. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325562 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: returning all table records ColdBox & ColdSpring via an object?
@ Judah McAuley thanks very detailed response. its just a simple record set to display. So what your saying makes sense. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325561 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ajax cfc not working for Access DB -- odd stuff
If the cfc is being hit, and with the right data, you can absolutely rule out the cfajaxproxy tag. Can we clarify that the data being returned from the method is the problem? Try posting a form directly to the cfc method, e.g. >From there, debugging should be more straight forward. Dominic 2009/8/20 Don L > > >> I've moved on to an open source cfml engine > >Don't ever do that. > > > >But seriously. First step of debugging ajax: install Firebug for Firefox > if > >you haven't already. Next, enable all the firebug console options for your > >page and while viewing the console tab you should see your http post > request > >made by your proxy js object (when you fire that event). You will then be > >able to examine the the data sent to your cfc and also the response. > > > >If there is no http request sent then the problem may well be with the > >cfajaxproxy code - if a request *is* sent, then we can safely move on from > >the client side code. > > > >With any luck, examining the http response will tell you exactly what's > >going wrong and will be a cf / railo error page. > > > >HTH > > > >Dominic > > Very ODD. > > The line of in the cfc should have been > since we don't need data back from the cfc. > > and was previously . I've enabled the feature in FF. > > case A, > ajax http post succeeds, RESPONSE: the {data} instead of TRUE ? > > case B, in the cfc, > > (just for the heck of it), > ajax http post succeeds, RESPONSE: just the #mf# instead of fielda, #fa#; > fieldb, #fb#; memofield,#mf# ? > > > FYI, the computer is totally offline and wireless device driver was turned > off as well. > > > > ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325560 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ajax cfc not working for Access DB -- odd stuff
Of course ;) 2009/8/20 Emmit Larson > 't ever do that. > Shirley, you jest? > > Kind Regards, > Emmit ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:325559 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4