Re: SSL certificate problem with 3rd party
I was helping Jason with this a bit before he posted here, but didnt have time to do full tests. I have run into this situation before and that time it automagically started working the next day with an unaltered keystore. Arg! So this issue: I have a Win 7 VM with CF8.0.1 fully patched and CF10 fully patched. Both jvm.config files are edited to use the exact same JVM at c:\program files\jdk1.6.0_45\jre and the exact same keystore cacerts file. This cacerts is the one that came with jdk 1.6.0_45. BEFORE importing the Comodo cert CF8.0.1 CFHTTP fails with with error I/O Exception: Name in certificate `internetsecure.com' does not match host name `test.internetsecure.com. CF10 is successful. Next I imported the cert COMODOHigh-AssuranceSecureServerCA.crt from Comodo and restarted CF8.0.1. After the restart I still get the same error message on CF8.0.1 and after restarting CF10 it still works. Ive pulled my hair out before on this without luck other than in one case an SSL cert automagically started working. I have in the past looked for any documentation that Adobe updated CFHTTP between CF8 and CF10 I have not found anything yet. However, something must have changed to allow certs with Subject Alternate Names. Regards, Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Jan 16, 2014, at 4:38 PM, Byron Mann byronos...@gmail.com wrote: Apologies, Justin is correct. I tested this on one of our CF 8 servers and the host file/IP manipulation worked as stated. I'm so used to dealing with the * certificate issue, I wasn't aware this wasn't the case for the new certificates with the multiple names. FYI, I tried things out on CF 10, and it appears to accept these types of certificates without issue. Byron Mann Lead Engineer Architect HostMySite.com On Thu, Jan 16, 2014 at 4:18 PM, Justin Scott leviat...@darktech.orgwrote: You will need to import the star (*) certificate into the keystore for the java instance ColdFusion is running upon. Basically ColdFusion doesn't like to speak to *.domain.com certificates (I think CF10 doesn't mind so much), as it is not an exact match to the URL it is attempting to access. In this case it's not a wildcard certificate, it's a standard cert using the subject alternative names extension which isn't supported on Java 6. Importing the certificate into the Java keystore won't help in this case because the primary name on the certificate doesn't match the hostname being called. Java will only check against the primary hostname and not the alternative names listed in the certificate. Calling the primary hostname on the certificate and using a hosts entry to override the DNS entry to direct it to the right IP is the only workaround in this instance. -Justin Scott ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357470 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
danger in increasing PostParameterLimit ?
How dangerous is increasing PostParameterLimit in CFv9 ? We have increased from the default 100 to 1,100 to meet applications' needs. We are now requested to consider increasing it to 2,000. The developers are reviewing updating the design to use fewer PostParameters. I don't have a good feel for how dangerous this could be. Comments? Tomcat, Microsoft, and Adobe seem to have quite different considerations of the danger, based on their default number of post parameters: ASP.net1,000 Tomcat 10,000 ColdFusion 100 ColdFusion: ColdFusion Security Hotfix APSB12-06 http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html Understanding HashDos and postParameterLimit http://www.petefreitag.com/item/808.cfm HashDOS and ColdFusion http://www.petefreitag.com/item/801.cfm thank you, Chris ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357471 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: danger in increasing PostParameterLimit ?
Chris, I believe the danger involves the risk of the HashDOS issues that Pete elaborates on in his posts (which you cited). Is your application public-facing or intranet-only (behind a corporate firewall)? If public facing, then you have to weigh the potential for HashDOS vulnerability against the needs of the application. Where are all those parameters coming from? A single gigantic web form with more than 1,100 fields? A web service call? If it's a web form, can the application be rewritten to use multiple form sections (like walking through a multi-page wizard) and send the form data in pieces to the server (maybe adding each section's fields to a session variable until the last page is completed)? -Carl V. On 1/17/2014 7:52 AM, Chris wrote: How dangerous is increasing PostParameterLimit in CFv9 ? We have increased from the default 100 to 1,100 to meet applications' needs. We are now requested to consider increasing it to 2,000. The developers are reviewing updating the design to use fewer PostParameters. I don't have a good feel for how dangerous this could be. Comments? Tomcat, Microsoft, and Adobe seem to have quite different considerations of the danger, based on their default number of post parameters: ASP.net1,000 Tomcat 10,000 ColdFusion 100 ColdFusion: ColdFusion Security Hotfix APSB12-06 http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix.html Understanding HashDos and postParameterLimit http://www.petefreitag.com/item/808.cfm HashDOS and ColdFusion http://www.petefreitag.com/item/801.cfm thank you, Chris ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357472 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
UTF8 encoding issues on response from HTTP request
Hi Guys, I have been banging my head against a brick wall on something for a couple of days now. We have two load balanced Windows 2008 server running CF MX 7 on JRUN. I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get from the response immediately after on one server the output is ok, but on the other the unicode characters are getting mangled. i.e. médico becomes médico I have called the API from a brand new IIS application with just the HHTP request and the CFoutput of the CFHTTP filecontent and that's what happens. So something like: cfhttp url=#myURL# cfoutput#cfhttp.filecontent#/cfoutput I have tried all the things you do to deal with UTF-8 encoding, but the fact that it only happens on one server makes me think it's a setting in CFadmin or Jrun causing the issue. Any ideas guys? I'm desperate!! Thanks, Ian. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357473 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: UTF8 encoding issues on response from HTTP request
I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get from the response immediately after on one server the output is ok, but on the other the unicode characters are getting mangled. i.e. médico becomes médico I have called the API from a brand new IIS application with just the HHTP request and the CFoutput of the CFHTTP filecontent and that's what happens. So something like: cfhttp url=#myURL# cfoutput#cfhttp.filecontent#/cfoutput I have tried all the things you do to deal with UTF-8 encoding, but the fact that it only happens on one server makes me think it's a setting in CFadmin or Jrun causing the issue. Well, this could be one of two things: - the problem server is fetching the file wrong, or - it's displaying the output wrong. I'd first change the CFHTTP to save the results to a file, then open the file and see what's in it. Also, I'd make sure that CF is actually sending UTF-8 output. What do you see in your HTTP response headers? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357474 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: UTF8 encoding issues on response from HTTP request
Are they both running off of the same database server? If not are all the database table encodings set to UTF8? I had a similar Problem with a pair of clustered PostgreSQL servers once where the second server defaulted to LATIN1 and was returning data like what you have below. HTH, Jon On Jan 17, 2014, at 2:08 PM, Ian Chapman ian.chap...@melodimedia.co.uk wrote: Hi Guys, I have been banging my head against a brick wall on something for a couple of days now. We have two load balanced Windows 2008 server running CF MX 7 on JRUN. I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get from the response immediately after on one server the output is ok, but on the other the unicode characters are getting mangled. i.e. médico becomes médico I have called the API from a brand new IIS application with just the HHTP request and the CFoutput of the CFHTTP filecontent and that's what happens. So something like: cfhttp url=#myURL# cfoutput#cfhttp.filecontent#/cfoutput I have tried all the things you do to deal with UTF-8 encoding, but the fact that it only happens on one server makes me think it's a setting in CFadmin or Jrun causing the issue. Any ideas guys? I'm desperate!! Thanks, Ian. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357475 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: UTF8 encoding issues on response from HTTP request
Hi Dave, I've done both of those things. My CFHTTP request has the charset=utf-8 parameter on it btw. On the rogue box when saving the cfhttp output to a file it is still mangled. There is also a json response option from the API and that too does the same to the data. This the cfhttp header output: Charset [empty string] ErrorDetail [empty string] Filecontent A CFHttp.Filecontent variable is not created if a file path is specified. Header HTTP/1.1 200 Content-Type: application/xml Date: Fri, 17 Jan 2014 20:15:50 GMT Server: Microsoft-IIS/7.0 Content-Length: 2271 X-Powered-By: PHP/5.3.27 X-Powered-By: ASP.NET Mimetype application/xml Responseheader struct Content-Length 2271 Content-Type application/xml Date Fri, 17 Jan 2014 20:15:50 GMT Explanation [empty string] Http_Version HTTP/1.1 Server Microsoft-IIS/7.0 Status_Code 200 X-Powered-Bystruct 1PHP/5.3.27 2ASP.NET Statuscode 200 Text NO I'm starting to wonder if this may be a slight difference in CF/Java/JVM versions on the two boxes? They are all slightly different versions. -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: 17 January 2014 19:48 To: cf-talk Subject: Re: UTF8 encoding issues on response from HTTP request I am calling a simple HTTP API using CFHTTP. If I dump the XML which I get from the response immediately after on one server the output is ok, but on the other the unicode characters are getting mangled. i.e. médico becomes médico I have called the API from a brand new IIS application with just the HHTP request and the CFoutput of the CFHTTP filecontent and that's what happens. So something like: cfhttp url=#myURL# cfoutput#cfhttp.filecontent#/cfoutput I have tried all the things you do to deal with UTF-8 encoding, but the fact that it only happens on one server makes me think it's a setting in CFadmin or Jrun causing the issue. Well, this could be one of two things: - the problem server is fetching the file wrong, or - it's displaying the output wrong. I'd first change the CFHTTP to save the results to a file, then open the file and see what's in it. Also, I'd make sure that CF is actually sending UTF-8 output. What do you see in your HTTP response headers? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357476 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Problem with Solr and CF 9
Hi, I have CF 9.0.1 installed, and I'm not able to define a Solr collection. I get this error in the Administrator: An error occurred while creating the collection: org.apache.solr.common.SolrException. Check the Solr logs for more detail. And in the Solr log, I get this: JNDI not configured for solr Yes, the Solr service is running. Any hint? Thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357477 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Solr and CF 9
might be a problem with the port being used, do you have anything else running, other CF versions, other instances or anything like that ? On Fri, Jan 17, 2014 at 9:18 PM, wrote: Hi, I have CF 9.0.1 installed, and I'm not able to define a Solr collection. I get this error in the Administrator: An error occurred while creating the collection: org.apache.solr.common.SolrException. Check the Solr logs for more detail. And in the Solr log, I get this: JNDI not configured for solr Yes, the Solr service is running. Any hint? Thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357478 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Problem with Solr and CF 9
might be a problem with the port being used, do you have anything else
running, other CF versions, other instances or anything like that ?
Nope. Nothing like that.
I noticed in solrConfig.xml something like
maxMergeDocs2147483647/maxMergeDocs
I thought It could be a too big number to read for a 32 bit installation.
I changed it for 32000 but it makes no difference.
I also found this:
abortOnConfigurationError${solr.abortOnConfigurationError:true}/abortOnConfigurationError
put it to false and now it boes until:
GRAVE: java.lang.RuntimeException: Can not find a valid core for the cores
admin handler
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357479
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
