Re: SSL certificate problem with 3rd party

2014-01-17 Thread Wil Genovese

I was helping Jason with this a bit before he posted here, but didn’t have time 
to do full tests. 

I have run into this situation before and that time it ‘automagically’ started 
working the next day with an unaltered keystore. Arg!

So this issue:

I have a Win 7 VM with CF8.0.1 fully patched and CF10 fully patched.  Both 
jvm.config files are edited to use the exact same JVM at c:\program 
files\jdk1.6.0_45\jre” and the exact same keystore cacerts file. This cacerts 
is the one that came with jdk 1.6.0_45.  BEFORE importing the Comodo cert 
CF8.0.1 CFHTTP fails with with error “I/O Exception: Name in certificate 
`internetsecure.com' does not match host name `test.internetsecure.com’”.  CF10 
is successful.  Next I imported the cert 
“COMODOHigh-AssuranceSecureServerCA.crt” from Comodo and restarted CF8.0.1. 
After the restart I still get the same error message on CF8.0.1 and after 
restarting CF10 it still works. 

I’ve pulled my hair out before on this without luck other than in one case an 
SSL cert automagically started working. 

I have in the past looked for any documentation that Adobe updated CFHTTP 
between CF8 and CF10 I have not found anything yet. However, something must 
have changed to allow certs with Subject Alternate Names. 


Regards,



Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Jan 16, 2014, at 4:38 PM, Byron Mann byronos...@gmail.com wrote:

 
 Apologies, Justin is correct. I tested this on one of our CF 8 servers and
 the host file/IP manipulation worked as stated.
 
 I'm so used to dealing with the * certificate issue, I wasn't aware this
 wasn't the case for the new certificates with the multiple names.
 
 FYI, I tried things out on CF 10, and it appears to accept these types of
 certificates without issue.
 
 Byron Mann
 Lead Engineer  Architect
 HostMySite.com
 
 
 On Thu, Jan 16, 2014 at 4:18 PM, Justin Scott leviat...@darktech.orgwrote:
 
 
 You will need to import the  star (*) certificate into the keystore for
 the
 java instance ColdFusion is running upon.
 
 Basically ColdFusion doesn't like to speak to *.domain.com certificates
 (I
 think CF10 doesn't mind so much), as it is not an exact match to the URL
 it
 is attempting to access.
 
 In this case it's not a wildcard certificate, it's a standard cert
 using the subject alternative names extension which isn't supported
 on Java 6.  Importing the certificate into the Java keystore won't
 help in this case because the primary name on the certificate doesn't
 match the hostname being called.  Java will only check against the
 primary hostname and not the alternative names listed in the
 certificate.  Calling the primary hostname on the certificate and
 using a hosts entry to override the DNS entry to direct it to the
 right IP is the only workaround in this instance.
 
 
 -Justin Scott
 
 
 
 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357470
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


danger in increasing PostParameterLimit ?

2014-01-17 Thread Chris

How dangerous is increasing PostParameterLimit in CFv9 ?  We have increased
from the default 100 to 1,100 to meet applications' needs. We are now
requested to consider increasing it to 2,000.  The developers are reviewing
updating the design to use fewer PostParameters.

I don't have a good feel for how dangerous this could be. Comments?

Tomcat, Microsoft, and Adobe seem to have quite different considerations of
the danger, based on their default number of post parameters:

ASP.net1,000

Tomcat 10,000

ColdFusion  100

ColdFusion:

ColdFusion Security Hotfix APSB12-06
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html

Understanding HashDos and postParameterLimit
http://www.petefreitag.com/item/808.cfm

HashDOS and
ColdFusion
http://www.petefreitag.com/item/801.cfm

thank you,
Chris


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357471
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


Re: danger in increasing PostParameterLimit ?

2014-01-17 Thread Carl Von Stetten

Chris,

I believe the danger involves the risk of the HashDOS issues that Pete 
elaborates on in his posts (which you cited).  Is your application 
public-facing or intranet-only (behind a corporate firewall)?  If public 
facing, then you have to weigh the potential for HashDOS vulnerability 
against the needs of the application.

Where are all those parameters coming from?  A single gigantic web form 
with more than 1,100 fields? A web service call?  If it's a web form, 
can the application be rewritten to use multiple form sections (like 
walking through a multi-page wizard) and send the form data in pieces to 
the server (maybe adding each section's fields to a session variable 
until the last page is completed)?

-Carl V.

On 1/17/2014 7:52 AM, Chris wrote:
 How dangerous is increasing PostParameterLimit in CFv9 ?  We have increased
 from the default 100 to 1,100 to meet applications' needs. We are now
 requested to consider increasing it to 2,000.  The developers are reviewing
 updating the design to use fewer PostParameters.

 I don't have a good feel for how dangerous this could be. Comments?

 Tomcat, Microsoft, and Adobe seem to have quite different considerations of
 the danger, based on their default number of post parameters:

 ASP.net1,000

 Tomcat 10,000

 ColdFusion  100

 ColdFusion:

 ColdFusion Security Hotfix APSB12-06
 http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html

 Understanding HashDos and postParameterLimit
 http://www.petefreitag.com/item/808.cfm

 HashDOS and
 ColdFusion
 http://www.petefreitag.com/item/801.cfm

 thank you,
 Chris


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357472
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


UTF8 encoding issues on response from HTTP request

2014-01-17 Thread Ian Chapman

Hi Guys,

I have been banging my head against a brick wall on something for a couple of 
days now.

We have two load balanced Windows 2008 server running CF MX 7 on JRUN.

I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get from 
the response immediately after on one server the output is ok, but on the other 
the unicode characters are getting mangled.

i.e. médico becomes médico

I have called the API from a brand new IIS application with just the HHTP 
request and the CFoutput of the CFHTTP filecontent and that's what happens.

So something like:

cfhttp url=#myURL#
cfoutput#cfhttp.filecontent#/cfoutput

I have tried all the things you do to deal with UTF-8 encoding, but the fact 
that it only happens on one server makes me think it's a setting in CFadmin or 
Jrun causing the issue.

Any ideas guys?  I'm desperate!!

Thanks,

Ian.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357473
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


Re: UTF8 encoding issues on response from HTTP request

2014-01-17 Thread Dave Watts

 I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get 
 from the response immediately
 after on one server the output is ok, but on the other the unicode characters 
 are getting mangled.

 i.e. médico becomes médico

 I have called the API from a brand new IIS application with just the HHTP 
 request and the CFoutput of the CFHTTP
 filecontent and that's what happens.

 So something like:

 cfhttp url=#myURL#
 cfoutput#cfhttp.filecontent#/cfoutput

 I have tried all the things you do to deal with UTF-8 encoding, but the fact 
 that it only happens on one server makes
 me think it's a setting in CFadmin or Jrun causing the issue.

Well, this could be one of two things:
- the problem server is fetching the file wrong, or
- it's displaying the output wrong.

I'd first change the CFHTTP to save the results to a file, then open
the file and see what's in it.

Also, I'd make sure that CF is actually sending UTF-8 output. What do
you see in your HTTP response headers?

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and provides the highest caliber vendor-authorized
instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357474
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


Re: UTF8 encoding issues on response from HTTP request

2014-01-17 Thread Jon Clausen

Are they both running off of the same database server?  If not are all the 
database table encodings set to UTF8?  I had a similar Problem with a pair of 
clustered PostgreSQL servers once where the second server defaulted to LATIN1 
and was returning data like what you have below.
HTH,
Jon


On Jan 17, 2014, at 2:08 PM, Ian Chapman ian.chap...@melodimedia.co.uk wrote:

 
 Hi Guys,
 
 I have been banging my head against a brick wall on something for a couple of 
 days now.
 
 We have two load balanced Windows 2008 server running CF MX 7 on JRUN.
 
 I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get 
 from the response immediately after on one server the output is ok, but on 
 the other the unicode characters are getting mangled.
 
 i.e. médico becomes médico
 
 I have called the API from a brand new IIS application with just the HHTP 
 request and the CFoutput of the CFHTTP filecontent and that's what happens.
 
 So something like:
 
 cfhttp url=#myURL#
 cfoutput#cfhttp.filecontent#/cfoutput
 
 I have tried all the things you do to deal with UTF-8 encoding, but the fact 
 that it only happens on one server makes me think it's a setting in CFadmin 
 or Jrun causing the issue.
 
 Any ideas guys?  I'm desperate!!
 
 Thanks,
 
 Ian.
 
 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357475
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


RE: UTF8 encoding issues on response from HTTP request

2014-01-17 Thread Ian Chapman

Hi Dave,

I've done both of those things. My CFHTTP request has the charset=utf-8
parameter on it btw. On the rogue box when saving the cfhttp output to a
file it is still mangled. There is also a json response option from the API
and that too does the same to the data. 

This the cfhttp header output:

Charset  [empty string] 
ErrorDetail  [empty string] 
Filecontent  A CFHttp.Filecontent variable is not created if a file path
is specified. 
Header   HTTP/1.1 200 Content-Type: application/xml Date: Fri, 17 Jan 2014
20:15:50 GMT Server: Microsoft-IIS/7.0 Content-Length: 2271 X-Powered-By:
PHP/5.3.27 X-Powered-By: ASP.NET 
Mimetype application/xml 
Responseheader  struct
Content-Length   2271 
Content-Type application/xml 
Date Fri, 17 Jan 2014 20:15:50 GMT 
Explanation  [empty string] 
Http_Version HTTP/1.1 
Server   Microsoft-IIS/7.0 
Status_Code  200 
X-Powered-Bystruct
1PHP/5.3.27 
2ASP.NET 


Statuscode   200 
Text NO


I'm starting to wonder if this may be a slight difference in CF/Java/JVM
versions on the two boxes? They are all slightly different versions.




-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com] 
Sent: 17 January 2014 19:48
To: cf-talk
Subject: Re: UTF8 encoding issues on response from HTTP request


 I am calling a simple HTTP API using CFHTTP. If I dump the XML which I 
 get from the response immediately after on one server the output is ok,
but on the other the unicode characters are getting mangled.

 i.e. médico becomes médico

 I have called the API from a brand new IIS application with just the 
 HHTP request and the CFoutput of the CFHTTP filecontent and that's what
happens.

 So something like:

 cfhttp url=#myURL#
 cfoutput#cfhttp.filecontent#/cfoutput

 I have tried all the things you do to deal with UTF-8 encoding, but 
 the fact that it only happens on one server makes me think it's a setting
in CFadmin or Jrun causing the issue.

Well, this could be one of two things:
- the problem server is fetching the file wrong, or
- it's displaying the output wrong.

I'd first change the CFHTTP to save the results to a file, then open the
file and see what's in it.

Also, I'd make sure that CF is actually sending UTF-8 output. What do you
see in your HTTP response headers?

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule,
and provides the highest caliber vendor-authorized instruction at our
training centers, online, or onsite.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357476
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


Problem with Solr and CF 9

2014-01-17 Thread Claude Schnéegans

Hi,

I have CF 9.0.1 installed, and I'm not able to define a Solr collection.
I get this error in the Administrator:
An error occurred while creating the collection: 
org.apache.solr.common.SolrException. Check the Solr logs for more detail.
And in the Solr log, I get this:
JNDI not configured for solr

Yes, the Solr service is running.

Any hint?

Thanks.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357477
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


Re: Problem with Solr and CF 9

2014-01-17 Thread Russ Michaels

might be a problem with the port being used, do you have anything else
running, other CF versions, other instances or anything like that ?


On Fri, Jan 17, 2014 at 9:18 PM,  wrote:


 Hi,

 I have CF 9.0.1 installed, and I'm not able to define a Solr collection.
 I get this error in the Administrator:
 An error occurred while creating the collection:
 org.apache.solr.common.SolrException. Check the Solr logs for more detail.
 And in the Solr log, I get this:
 JNDI not configured for solr

 Yes, the Solr service is running.

 Any hint?

 Thanks.



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357478
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm


Re: Problem with Solr and CF 9

2014-01-17 Thread Claude Schnéegans

 might be a problem with the port being used, do you have anything else
running, other CF versions, other instances or anything like that ?

Nope. Nothing like that.
I noticed in solrConfig.xml something like
maxMergeDocs2147483647/maxMergeDocs
I thought It could be a too big number to read for a 32 bit installation.
I changed it for 32000 but it makes no difference.

I also found this:
abortOnConfigurationError${solr.abortOnConfigurationError:true}/abortOnConfigurationError
put it to false and now it boes until:
GRAVE: java.lang.RuntimeException: Can not find a valid core for the cores 
admin handler



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357479
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm