date:20100813


I have a method that I'm exposing remotely. We'll be using AJAX calls to insert 
usability stats about a new application. I'm working through the code when I 
realize that since it's remote access, anyone from any site could post to it 
and skew our results.

I'm wondering what's the best way to prevent access to this URL from any other 
site, or code. My first thought was to compare the current URL, dev1 for 
example, to the URL the request was made from, or perhaps the IP address. But 
I'm not sure how to get that information.

Anyone have ideas?



andy matthews 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336259
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Preventing use of remote method by other sites


I have a method that I'm exposing remotely. We'll be using AJAX calls to insert 
usability stats about a new application. I'm working through the code when I 
realize that since it's remote access, anyone from any site could post to it 
and skew our results.

I'm wondering what's the best way to prevent access to this URL from any other 
site, or code. My first thought was to compare the current URL, dev1 for 
example, to the URL the request was made from, or perhaps the IP address. But 
I'm not sure how to get that information.

Anyone have ideas?



andy matthews 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336260
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Preventing use of remote method by other sites

2010-08-13 Thread Stephane Vantroyen


Hi,

I would instantiate a session variable on begin of calling page, add it to the 
parameters when calling the function, and then just check in the remote 
function if the one given via parameter matches the one from session scope.

Regards,

Stephan


 I have a method that I'm exposing remotely. We'll be using AJAX calls 
 to insert usability stats about a new application. I'm working through 
 the code when I realize that since it's remote access, anyone from any 
 site could post to it and skew our results.
 
 I'm wondering what's the best way to prevent access to this URL from 
 any other site, or code. My first thought was to compare the current 
 URL, dev1 for example, to the URL the request was made from, or 
 perhaps the IP address. But I'm not sure how to get that information.
 
 Anyone have ideas?
 
 
 
 andy matthews 


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336261
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Move CF website to non CF host


Hi, newbie here so I apologize in advance.  

I had a website 
developed that used an MS SQL database and it was done with CF.  I no 
longer require the database or MS SQL as that part (one page) of the 
site is no longer used.  

I would like to move that site to be 
hosted without CF (or MS SQL).  Can I just post it and have 
the html code run correctly without CF on the new host?  

Sorry 
for the lack of details and I'm sure there are particulars that may or 
may not influence the answer so a maybe, absolutely not or no 
problem answer are all acceptable.

Thanks for any input. 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336262
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

2010-08-13 Thread Stephane Vantroyen


Hi,

if your site (mean the viewed pages of the site) aren't cfm pages anymore and 
all are html pages (or something alike), yes you sure can. But if some called 
pages have cfml extension, you still need CF application server to be served to 
the web server.

Stephane



Hi, newbie here so I apologize in advance.  

I had a website 
developed that used an MS SQL database and it was done with CF.  I no 
longer require the database or MS SQL as that part (one page) of the 
site is no longer used.  

I would like to move that site to be 
hosted without CF (or MS SQL).  Can I just post it and have 
the html code run correctly without CF on the new host?  

Sorry 
for the lack of details and I'm sure there are particulars that may or 
may not influence the answer so a maybe, absolutely not or no 
problem answer are all acceptable.

Thanks for any input. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336263
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

CF8 DateFormat supporting Time mask? Since when?

2010-08-13 Thread Michael Grant


I've always thought it sucked that DateFormat didn't support both date and
time masks. Then today I'm making a date string
DateFormat(dObj,mm/dd/). I copy and paste and change the mask
to DateFormat(dObj,h:mm tt). I hit refresh and I end up with 11:30 tt as
my string. I look back at the code and realize that I've forgotten to change
it to TimeFormat from DateFormat when I pasted. Then I realized, holy crap,
DateFormat is showing me the right time. I was shocked. How long has this
been this way? I know it used to error out, but I have no idea how many
years ago it was that I last fiddled with it. Then I got to wondering, why
didn't they add support for tt in the mask as well? It seems natural that
if you are going to accept time masks you should also accept am/pm.

Has anyone else noticed this? How long has it been this way? Anyone know why
Adobe didn't add support for tt?


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336264
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

2010-08-13 Thread Jerry Johnson


Do the other pages of your site that you want to keep end in .cfm, or do
they end in .htm or .html?

If they are .htm files then you should be good to go (there are cases where
you might not be, but you are most likely ok)

If they are .cfm files, can you run a file search/scan on your
codebase/html/cfm files, and look for cf without the quotes inside those
files?

If they are .cfm files, but do not contain any cf tags, then you have html
pages named .cfm. At that point you could either rename the pages to .htm
(and fix all the links), build some sort of htaccess/rewrite rule to forward
broken links, or teach your web server to handle .cfm files as if they were
just html, rather than coldfusion.

(There are many exceptions to the above, but the options above cover most
sites I've seen and dealt with)

Jerry Johnson

On Fri, Aug 13, 2010 at 2:33 PM, Jerry Cooper jcoo...@excite.com wrote:


 Hi, newbie here so I apologize in advance.

 I had a website
 developed that used an MS SQL database and it was done with CF.  I no
 longer require the database or MS SQL as that part (one page) of the
 site is no longer used.

 I would like to move that site to be
 hosted without CF (or MS SQL).  Can I just post it and have
 the html code run correctly without CF on the new host?

 Sorry
 for the lack of details and I'm sure there are particulars that may or
 may not influence the answer so a maybe, absolutely not or no
 problem answer are all acceptable.

 Thanks for any input.



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336265
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

2010-08-13 Thread Michael Grant


If there's nothing dynamic about your pages you could just copy the compiled
page and paste it into notepad. Then just save the page as whatevs.html.

So go to index.cfm. In your browser click view source.
Copy, and paste into notepad.
Save as index.html.

I think that's what your asking.

Note that you're going to want to do 301 redirects to preserve link and seo
goodness.


On Fri, Aug 13, 2010 at 2:33 PM, Jerry Cooper jcoo...@excite.com wrote:


 Hi, newbie here so I apologize in advance.

 I had a website
 developed that used an MS SQL database and it was done with CF.  I no
 longer require the database or MS SQL as that part (one page) of the
 site is no longer used.

 I would like to move that site to be
 hosted without CF (or MS SQL).  Can I just post it and have
 the html code run correctly without CF on the new host?

 Sorry
 for the lack of details and I'm sure there are particulars that may or
 may not influence the answer so a maybe, absolutely not or no
 problem answer are all acceptable.

 Thanks for any input.



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336266
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

ShadoCMS / ZoomFlex

2010-08-13 Thread Cameron Childress


Has anyone on the list used ShadoCMS or more importantly, ZoomFlex from Straker?

If so, I would like to communicate with you offlist.

Thanks!

-Cameron

-- 
Cameron Childress
Sumo Consulting Inc
http://www.sumoc.com
---
cell:  678.637.5072
aim:   cameroncf
email: camer...@gmail.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336267
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Preventing use of remote method by other sites

2010-08-13 Thread Tony Bentley


I use a cfc that checks to see if the method being called is from within the
domain, is indeed ajax and that the method is indeed is accessed remotely,
otherwise abort the request. If you are doing cross site requests, pass a
unique key in your form.

Is it ajax?

cffunction name=isAjax access=private returntype=boolean
output=false
!---
all of the user management requests are going to come via ajax
within the domain.
if a request is not from this site and not ajax, abort the request
run this check on any of the remote methods
---
cfscript
requestHeaders = getHTTPRequestData().headers;
if(not StructKeyExists(requestHeaders, X-Requested-With)){
 return false;
}
else if(StructFind(requestHeaders,X-Requested-With) neq
XMLHttpRequest){
return false;
}
else{
return true;
}
/cfscript
/cffunction


Called on init:

cfparam name=url.method default=
cfscript
accessRemote = false;
cfcname = getmetadata(this);
for(i=1;i lte arrayLen(cfcname.FUNCTIONS);i++){
fname = cfcname.FUNCTIONS[i];
if(fname.name eq url.method  fname.access eq remote){
accessRemote = true;
break;
}
}
if(not isAjax() and not accessRemote){
abort();//this is a simple cfabort function for MX
}
/cfscript



On Fri, Aug 13, 2010 at 11:17 AM, Andy Matthews li...@commadelimited.comwrote:


 I have a method that I'm exposing remotely. We'll be using AJAX calls to
 insert usability stats about a new application. I'm working through the code
 when I realize that since it's remote access, anyone from any site could
 post to it and skew our results.

 I'm wondering what's the best way to prevent access to this URL from any
 other site, or code. My first thought was to compare the current URL, dev1
 for example, to the URL the request was made from, or perhaps the IP
 address. But I'm not sure how to get that information.

 Anyone have ideas?



 andy matthews

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336268
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Preventing use of remote method by other sites


Oooh. That's a good idea. Since we're using it for AJAX, then make it so
that it can ONLY be used as AJAX, which would prevent other sites from using
it because of the cross site scripting.

Great idea Tony, thanks! 

-Original Message-
From: Tony Bentley [mailto:cascadefreehee...@gmail.com] 
Sent: Friday, August 13, 2010 2:55 PM
To: cf-talk
Subject: Re: Preventing use of remote method by other sites


I use a cfc that checks to see if the method being called is from within the
domain, is indeed ajax and that the method is indeed is accessed remotely,
otherwise abort the request. If you are doing cross site requests, pass a
unique key in your form.

Is it ajax?

cffunction name=isAjax access=private returntype=boolean
output=false
!---
all of the user management requests are going to come via ajax
within the domain.
if a request is not from this site and not ajax, abort the request
run this check on any of the remote methods
---
cfscript
requestHeaders = getHTTPRequestData().headers;
if(not StructKeyExists(requestHeaders, X-Requested-With)){
 return false;
}
else if(StructFind(requestHeaders,X-Requested-With) neq
XMLHttpRequest){
return false;
}
else{
return true;
}
/cfscript
/cffunction


Called on init:

cfparam name=url.method default=
cfscript
accessRemote = false;
cfcname = getmetadata(this);
for(i=1;i lte arrayLen(cfcname.FUNCTIONS);i++){
fname = cfcname.FUNCTIONS[i];
if(fname.name eq url.method  fname.access eq remote){
accessRemote = true;
break;
}
}
if(not isAjax() and not accessRemote){
abort();//this is a simple cfabort function for MX
}
/cfscript



On Fri, Aug 13, 2010 at 11:17 AM, Andy Matthews
li...@commadelimited.comwrote:


 I have a method that I'm exposing remotely. We'll be using AJAX calls 
 to insert usability stats about a new application. I'm working through 
 the code when I realize that since it's remote access, anyone from any 
 site could post to it and skew our results.

 I'm wondering what's the best way to prevent access to this URL from 
 any other site, or code. My first thought was to compare the current 
 URL, dev1 for example, to the URL the request was made from, or 
 perhaps the IP address. But I'm not sure how to get that information.

 Anyone have ideas?



 andy matthews

 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336269
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

Jerry,

The problem that you'll run into is that there's going to be a lot of
work involved in saving out the generated source code for each page as
a .htm or .html file. A webserver that has not been set up to be aware
of ColdFusion files (.cfm) read: does not have a ColdFusion
installation to process .cfm files will send the raw .cfm page back to
the requester *for download* instead of rendering the page.

In short, anything that already has a .htm or .html extension will
run fine, anything with a .cfm extension will need to have it's
rendered output saved as a .html file before it's moved to the new
server.

On Fri, Aug 13, 2010 at 2:33 PM, Jerry Cooper jcoo...@excite.com wrote:

Hi, newbie here so I apologize in advance.

I had a website
developed that used an MS SQL database and it was done with CF. I no
longer require the database or MS SQL as that part (one page) of the
site is no longer used.

I would like to move that site to be
hosted without CF (or MS SQL). Can I just post it and have
the html code run correctly without CF on the new host?

Sorry
for the lack of details and I'm sure there are particulars that may or
may not influence the answer so a maybe, absolutely not or no
problem answer are all acceptable.

Thanks for any input.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336270
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Preventing use of remote method by other sites


here's another possibilty: If you're using CF9 and the built in AJAX
functionality you can use the verifyClient attribute of CFFUNCTION
to attach a security token to each request. CF will look for the
token, if it doesn't see it, the request will be denied

On Fri, Aug 13, 2010 at 2:17 PM, Andy Matthews li...@commadelimited.com wrote:

 I have a method that I'm exposing remotely. We'll be using AJAX calls to 
 insert usability stats about a new application. I'm working through the code 
 when I realize that since it's remote access, anyone from any site could post 
 to it and skew our results.

 I'm wondering what's the best way to prevent access to this URL from any 
 other site, or code. My first thought was to compare the current URL, dev1 
 for example, to the URL the request was made from, or perhaps the IP address. 
 But I'm not sure how to get that information.

 Anyone have ideas?



 andy matthews

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336271
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

2010-08-13 Thread Alan Rother


Hey Jerry,

I'm going to offer another alternative. I'm assuming they want to move to
another host, that doesnt support CF to save money on their monthly hosting
fees. If that is so, you could instead move them to a host that charges very
little for CF hosting.

GoDaddy's basic CF packages is $4.99 a month. $3.99 is you pre-pay for a
year...

http://www.godaddy.com/hosting/hosting.aspx?ci=17075

http://www.godaddy.com/hosting/hosting.aspx?ci=17075This could save you
all the labor of removing all of the CF code, re-naming the files to .html
and losing any SEO value your site has. (Renaming all your files will kill
the archives any of the Search Engines have on your site...)


Just an alternative

=]

-- 
Alan Rother
Manager, Phoenix Cold Fusion User Group, www.AZCFUG.org
Twitter: @AlanRother


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336272
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Preventing use of remote method by other sites


Works perfectly Tony. I simplified the conditional tho'

cfif StructKeyExists(headers,'X-Requested-With') AND
headers['X-Requested-With'] EQ 'XMLHttpRequest'

/cfif
 

-Original Message-
From: Tony Bentley [mailto:cascadefreehee...@gmail.com] 
Sent: Friday, August 13, 2010 2:55 PM
To: cf-talk
Subject: Re: Preventing use of remote method by other sites


I use a cfc that checks to see if the method being called is from within the
domain, is indeed ajax and that the method is indeed is accessed remotely,
otherwise abort the request. If you are doing cross site requests, pass a
unique key in your form.

Is it ajax?

cffunction name=isAjax access=private returntype=boolean
output=false
!---
all of the user management requests are going to come via ajax
within the domain.
if a request is not from this site and not ajax, abort the request
run this check on any of the remote methods
---
cfscript
requestHeaders = getHTTPRequestData().headers;
if(not StructKeyExists(requestHeaders, X-Requested-With)){
 return false;
}
else if(StructFind(requestHeaders,X-Requested-With) neq
XMLHttpRequest){
return false;
}
else{
return true;
}
/cfscript
/cffunction




~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336273
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Preventing use of remote method by other sites

2010-08-13 Thread Tony Bentley


Any time!

Keep in mind that anyone can call your method with Ajax so you still need to
verify the request (localhost or otherwise)

On Fri, Aug 13, 2010 at 1:17 PM, Andy Matthews li...@commadelimited.comwrote:


 Oooh. That's a good idea. Since we're using it for AJAX, then make it so
 that it can ONLY be used as AJAX, which would prevent other sites from
 using
 it because of the cross site scripting.

 Great idea Tony, thanks!

 -Original Message-
 From: Tony Bentley [mailto:cascadefreehee...@gmail.com]
 Sent: Friday, August 13, 2010 2:55 PM
 To: cf-talk
 Subject: Re: Preventing use of remote method by other sites


 I use a cfc that checks to see if the method being called is from within
 the
 domain, is indeed ajax and that the method is indeed is accessed remotely,
 otherwise abort the request. If you are doing cross site requests, pass a
 unique key in your form.

 Is it ajax?

cffunction name=isAjax access=private returntype=boolean
 output=false
!---
all of the user management requests are going to come via ajax
 within the domain.
if a request is not from this site and not ajax, abort the request
run this check on any of the remote methods
---
cfscript
requestHeaders = getHTTPRequestData().headers;
if(not StructKeyExists(requestHeaders, X-Requested-With)){
 return false;
}
else if(StructFind(requestHeaders,X-Requested-With) neq
 XMLHttpRequest){
return false;
}
else{
return true;
}
/cfscript
/cffunction


 Called on init:

cfparam name=url.method default=
cfscript
accessRemote = false;
cfcname = getmetadata(this);
for(i=1;i lte arrayLen(cfcname.FUNCTIONS);i++){
fname = cfcname.FUNCTIONS[i];
if(fname.name eq url.method  fname.access eq remote){
accessRemote = true;
break;
}
}
if(not isAjax() and not accessRemote){
abort();//this is a simple cfabort function for MX
}
/cfscript



 On Fri, Aug 13, 2010 at 11:17 AM, Andy Matthews
 li...@commadelimited.comwrote:

 
  I have a method that I'm exposing remotely. We'll be using AJAX calls
  to insert usability stats about a new application. I'm working through
  the code when I realize that since it's remote access, anyone from any
  site could post to it and skew our results.
 
  I'm wondering what's the best way to prevent access to this URL from
  any other site, or code. My first thought was to compare the current
  URL, dev1 for example, to the URL the request was made from, or
  perhaps the IP address. But I'm not sure how to get that information.
 
  Anyone have ideas?
 
 
 
  andy matthews
 
 



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336274
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

if we're going to pitch hosting options: I host my blog,
http://www.sstwebworks.com with Alurium. They're running Railo which
will run about 99% of the CFML code that's out there.
They don't have GoDaddy's draconian sandboxing ( no use of the
createObject() function stands out) and they're running the latest
version of Railo where GoDaddy is running CF 7 or CF 8.
Plans start at $3.75 a month

http://alurium.com/clients/aff.php?aff=011

On Fri, Aug 13, 2010 at 4:30 PM, Alan Rother alan.rot...@gmail.com wrote:

Hey Jerry,

I'm going to offer another alternative. I'm assuming they want to move to
another host, that doesnt support CF to save money on their monthly hosting
fees. If that is so, you could instead move them to a host that charges very
little for CF hosting.

GoDaddy's basic CF packages is $4.99 a month. $3.99 is you pre-pay for a
year...

http://www.godaddy.com/hosting/hosting.aspx?ci=17075

http://www.godaddy.com/hosting/hosting.aspx?ci=17075This could save you
all the labor of removing all of the CF code, re-naming the files to .html
and losing any SEO value your site has. (Renaming all your files will kill
the archives any of the Search Engines have on your site...)

Just an alternative

--
Alan Rother
Manager, Phoenix Cold Fusion User Group, www.AZCFUG.org
Twitter: @AlanRother

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336275
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Move CF website to non CF host

2010-08-13 Thread Che Vilnonis

Nice affiliate link! Hope you make a few shekels from developers clicking.
https://alurium.com/clients/affiliates.php

-Original Message-
From: Scott Stewart [mailto:webmas...@sstwebworks.com] 
Sent: Friday, August 13, 2010 4:40 PM
To: cf-talk
Subject: Re: Move CF website to non CF host

if we're going to pitch hosting options: I host my blog,
http://www.sstwebworks.com with Alurium. They're running Railo which will
run about 99% of the CFML code that's out there.
They don't have GoDaddy's draconian sandboxing ( no use of the
createObject() function stands out) and they're running the latest version
of Railo where GoDaddy is running CF 7 or CF 8.
Plans start at $3.75 a month

http://alurium.com/clients/aff.php?aff=011

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336276
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Preventing use of remote method by other sites


But crossdomain policies would prevent it from being accessed via AJAX
right?



andy 

-Original Message-
From: Tony Bentley [mailto:cascadefreehee...@gmail.com] 
Sent: Friday, August 13, 2010 3:33 PM
To: cf-talk
Subject: Re: Preventing use of remote method by other sites


Any time!

Keep in mind that anyone can call your method with Ajax so you still need to
verify the request (localhost or otherwise)

On Fri, Aug 13, 2010 at 1:17 PM, Andy Matthews
li...@commadelimited.comwrote:


 Oooh. That's a good idea. Since we're using it for AJAX, then make it 
 so that it can ONLY be used as AJAX, which would prevent other sites 
 from using it because of the cross site scripting.

 Great idea Tony, thanks!

 -Original Message-
 From: Tony Bentley [mailto:cascadefreehee...@gmail.com]
 Sent: Friday, August 13, 2010 2:55 PM
 To: cf-talk
 Subject: Re: Preventing use of remote method by other sites


 I use a cfc that checks to see if the method being called is from 
 within the domain, is indeed ajax and that the method is indeed is 
 accessed remotely, otherwise abort the request. If you are doing cross 
 site requests, pass a unique key in your form.

 Is it ajax?

cffunction name=isAjax access=private returntype=boolean
 output=false
!---
all of the user management requests are going to come via ajax 
 within the domain.
if a request is not from this site and not ajax, abort the request
run this check on any of the remote methods
---
cfscript
requestHeaders = getHTTPRequestData().headers;
if(not StructKeyExists(requestHeaders, X-Requested-With)){
 return false;
}
else if(StructFind(requestHeaders,X-Requested-With) neq 
 XMLHttpRequest){
return false;
}
else{
return true;
}
/cfscript
/cffunction


 Called on init:

cfparam name=url.method default=
cfscript
accessRemote = false;
cfcname = getmetadata(this);
for(i=1;i lte arrayLen(cfcname.FUNCTIONS);i++){
fname = cfcname.FUNCTIONS[i];
if(fname.name eq url.method  fname.access eq remote){
accessRemote = true;
break;
}
}
if(not isAjax() and not accessRemote){
abort();//this is a simple cfabort function for MX
}
/cfscript



 On Fri, Aug 13, 2010 at 11:17 AM, Andy Matthews
 li...@commadelimited.comwrote:

 
  I have a method that I'm exposing remotely. We'll be using AJAX 
  calls to insert usability stats about a new application. I'm working 
  through the code when I realize that since it's remote access, 
  anyone from any site could post to it and skew our results.
 
  I'm wondering what's the best way to prevent access to this URL from 
  any other site, or code. My first thought was to compare the current 
  URL, dev1 for example, to the URL the request was made from, or 
  perhaps the IP address. But I'm not sure how to get that information.
 
  Anyone have ideas?
 
 
 
  andy matthews
 
 



 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336277
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host


Wow, thanks for all the great info!

To answer a couple questions.

Pages ending in .cfm?  Only index.cfm It's only 7 pages and all others are .html

cf tags?  There no cf tags on any of the pages.

I just did a view source on all the pages and searched.

Thanks again for all the effort to help somebody clueless! 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336278
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Preventing use of remote method by other sites

2010-08-13 Thread Tony Bentley


Yes you are right. I just wasn't sure if you were building an API or
something that would require public access.

On Fri, Aug 13, 2010 at 1:48 PM, Andy Matthews li...@commadelimited.comwrote:


 But crossdomain policies would prevent it from being accessed via AJAX
 right?



 andy

 -Original Message-
 From: Tony Bentley [mailto:cascadefreehee...@gmail.com]
 Sent: Friday, August 13, 2010 3:33 PM
 To: cf-talk
 Subject: Re: Preventing use of remote method by other sites


 Any time!

 Keep in mind that anyone can call your method with Ajax so you still need
 to
 verify the request (localhost or otherwise)

 On Fri, Aug 13, 2010 at 1:17 PM, Andy Matthews
 li...@commadelimited.comwrote:

 
  Oooh. That's a good idea. Since we're using it for AJAX, then make it
  so that it can ONLY be used as AJAX, which would prevent other sites
  from using it because of the cross site scripting.
 
  Great idea Tony, thanks!
 
  -Original Message-
  From: Tony Bentley [mailto:cascadefreehee...@gmail.com]
  Sent: Friday, August 13, 2010 2:55 PM
  To: cf-talk
  Subject: Re: Preventing use of remote method by other sites
 
 
  I use a cfc that checks to see if the method being called is from
  within the domain, is indeed ajax and that the method is indeed is
  accessed remotely, otherwise abort the request. If you are doing cross
  site requests, pass a unique key in your form.
 
  Is it ajax?
 
 cffunction name=isAjax access=private returntype=boolean
  output=false
 !---
 all of the user management requests are going to come via ajax
  within the domain.
 if a request is not from this site and not ajax, abort the request
 run this check on any of the remote methods
 ---
 cfscript
 requestHeaders = getHTTPRequestData().headers;
 if(not StructKeyExists(requestHeaders, X-Requested-With)){
  return false;
 }
 else if(StructFind(requestHeaders,X-Requested-With) neq
  XMLHttpRequest){
 return false;
 }
 else{
 return true;
 }
 /cfscript
 /cffunction
 
 
  Called on init:
 
 cfparam name=url.method default=
 cfscript
 accessRemote = false;
 cfcname = getmetadata(this);
 for(i=1;i lte arrayLen(cfcname.FUNCTIONS);i++){
 fname = cfcname.FUNCTIONS[i];
 if(fname.name eq url.method  fname.access eq remote){
 accessRemote = true;
 break;
 }
 }
 if(not isAjax() and not accessRemote){
 abort();//this is a simple cfabort function for MX
 }
 /cfscript
 
 
 
  On Fri, Aug 13, 2010 at 11:17 AM, Andy Matthews
  li...@commadelimited.comwrote:
 
  
   I have a method that I'm exposing remotely. We'll be using AJAX
   calls to insert usability stats about a new application. I'm working
   through the code when I realize that since it's remote access,
   anyone from any site could post to it and skew our results.
  
   I'm wondering what's the best way to prevent access to this URL from
   any other site, or code. My first thought was to compare the current
   URL, dev1 for example, to the URL the request was made from, or
   perhaps the IP address. But I'm not sure how to get that information.
  
   Anyone have ideas?
  
  
  
   andy matthews
  
  
 
 
 
 



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336279
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Preventing use of remote method by other sites


Okay. Phew. This is a single CFC available on our site.



andy 

-Original Message-
From: Tony Bentley [mailto:cascadefreehee...@gmail.com] 
Sent: Friday, August 13, 2010 4:17 PM
To: cf-talk
Subject: Re: Preventing use of remote method by other sites


Yes you are right. I just wasn't sure if you were building an API or
something that would require public access.

On Fri, Aug 13, 2010 at 1:48 PM, Andy Matthews
li...@commadelimited.comwrote:


 But crossdomain policies would prevent it from being accessed via AJAX 
 right?



 andy

 -Original Message-
 From: Tony Bentley [mailto:cascadefreehee...@gmail.com]
 Sent: Friday, August 13, 2010 3:33 PM
 To: cf-talk
 Subject: Re: Preventing use of remote method by other sites


 Any time!

 Keep in mind that anyone can call your method with Ajax so you still 
 need to verify the request (localhost or otherwise)

 On Fri, Aug 13, 2010 at 1:17 PM, Andy Matthews
 li...@commadelimited.comwrote:

 
  Oooh. That's a good idea. Since we're using it for AJAX, then make 
  it so that it can ONLY be used as AJAX, which would prevent other 
  sites from using it because of the cross site scripting.
 
  Great idea Tony, thanks!
 
  -Original Message-
  From: Tony Bentley [mailto:cascadefreehee...@gmail.com]
  Sent: Friday, August 13, 2010 2:55 PM
  To: cf-talk
  Subject: Re: Preventing use of remote method by other sites
 
 
  I use a cfc that checks to see if the method being called is from 
  within the domain, is indeed ajax and that the method is indeed is 
  accessed remotely, otherwise abort the request. If you are doing 
  cross site requests, pass a unique key in your form.
 
  Is it ajax?
 
 cffunction name=isAjax access=private returntype=boolean
  output=false
 !---
 all of the user management requests are going to come via 
  ajax within the domain.
 if a request is not from this site and not ajax, abort the
request
 run this check on any of the remote methods
 ---
 cfscript
 requestHeaders = getHTTPRequestData().headers;
 if(not StructKeyExists(requestHeaders, X-Requested-With)){
  return false;
 }
 else if(StructFind(requestHeaders,X-Requested-With) neq 
  XMLHttpRequest){
 return false;
 }
 else{
 return true;
 }
 /cfscript
 /cffunction
 
 
  Called on init:
 
 cfparam name=url.method default=
 cfscript
 accessRemote = false;
 cfcname = getmetadata(this);
 for(i=1;i lte arrayLen(cfcname.FUNCTIONS);i++){
 fname = cfcname.FUNCTIONS[i];
 if(fname.name eq url.method  fname.access eq remote){
 accessRemote = true;
 break;
 }
 }
 if(not isAjax() and not accessRemote){
 abort();//this is a simple cfabort function for MX
 }
 /cfscript
 
 
 
  On Fri, Aug 13, 2010 at 11:17 AM, Andy Matthews
  li...@commadelimited.comwrote:
 
  
   I have a method that I'm exposing remotely. We'll be using AJAX 
   calls to insert usability stats about a new application. I'm 
   working through the code when I realize that since it's remote 
   access, anyone from any site could post to it and skew our results.
  
   I'm wondering what's the best way to prevent access to this URL 
   from any other site, or code. My first thought was to compare the 
   current URL, dev1 for example, to the URL the request was made 
   from, or perhaps the IP address. But I'm not sure how to get that
information.
  
   Anyone have ideas?
  
  
  
   andy matthews
  
  
 
 
 
 



 



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336280
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host


Jerry,

Just make sure that you convert index.cfm from the generated source
code... and you should be good to go

On Fri, Aug 13, 2010 at 4:45 PM, Jerry Cooper jcoo...@excite.com wrote:

 Wow, thanks for all the great info!

 To answer a couple questions.

 Pages ending in .cfm?  Only index.cfm It's only 7 pages and all others are 
 .html

 cf tags?  There no cf tags on any of the pages.

 I just did a view source on all the pages and searched.

 Thanks again for all the effort to help somebody clueless!

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336281
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host


In short,  anything that already has a .htm or .html extension will
run fine, anything with a .cfm extension will need to have it's
rendered output saved as a .html file before it's moved to the new
server.

Scott,
Now I feel like I am taking advantage but here goes.

When you say rendered output saved as an .html file do you mean just bringing 
up the home page in a browser and saving as index.html then replacing the 
index.cfm file with that?

Sorry for dragging this out. 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336282
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host

2010-08-13 Thread Jerry Johnson


Exactly that.


On Fri, Aug 13, 2010 at 5:31 PM, Jerry Cooper jcoo...@excite.com wrote:


 In short,  anything that already has a .htm or .html extension will
 run fine, anything with a .cfm extension will need to have it's
 rendered output saved as a .html file before it's moved to the new
 server.

 Scott,
 Now I feel like I am taking advantage but here goes.

 When you say rendered output saved as an .html file do you mean just
 bringing up the home page in a browser and saving as index.html then
 replacing the index.cfm file with that?



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336283
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host


Yes, just do a view source, copy the source into what ever editor
you're using and save it as a .html file

On Fri, Aug 13, 2010 at 5:41 PM, Jerry Johnson jmi...@gmail.com wrote:

 Exactly that.


 On Fri, Aug 13, 2010 at 5:31 PM, Jerry Cooper jcoo...@excite.com wrote:


 In short,  anything that already has a .htm or .html extension will
 run fine, anything with a .cfm extension will need to have it's
 rendered output saved as a .html file before it's moved to the new
 server.

 Scott,
 Now I feel like I am taking advantage but here goes.

 When you say rendered output saved as an .html file do you mean just
 bringing up the home page in a browser and saving as index.html then
 replacing the index.cfm file with that?



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology-Michael-Dinowitz/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336284
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Move CF website to non CF host