Re: regex and options
what makes Dr and Prof special, compared to the hundreds of other similar ones? According to the typographic code, there are rules about abreviations. For common words as Doctor, Mister, etc, there are may ways to abreviate them, but only one complies with rules and is considered as correct. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314007 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: regex and options
Heh. If it's a drop down, I wouldn't bother with a regex: I wouldn't even bother with any verification at all. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:314008 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How does Security affect search engine spiders?
My only thought on that is to detect the fact that they are a spider (not sure how to do that though) and not implement security in that case. Oups, not a good idea. There are mainly two sorts of spiders: good bots (ie:google) and bad bots (ie: those looking for mail addresses to spam) In neither case they should be reading your pages. Good bots, because there is no need to index secured pages, and bad bots should be banned from any page anyway. So just let the login page do its work : good bots will never try to submit the login form, bad bots may try,but with no password they'll be kicked out anyway. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313822 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How does Security affect search engine spiders?
is there a good bot/bad bot list? Not as I know, anyway, one cannot rely on user agents which can be faked so easily. Personally, I let just a few known bots in, based on the IP address, the only parameter that cannot be faked. For every other request, I have some tools that analyze automatically every visitor according to some criteria as: - Does it read robots.txt? - fails in some robot trap? - reads robots.txt but reads forbidden pages any way; - requests pages at too high rate. - reads javascripts but does not execute it. - does not read CSS, - clearly idenfies itself in the user agent or not. etc... and of course, presence of DECLARE or http in urls is the first test ;-) I have an IP- and bot-identifying based system that works pretty well but I'm always up for newer and better Such a system can only identify good bots for sure, but not bad bots and fakes. And the problem is not with good bots, but with bad guys. I also have a white list and a black list, but their only purpose is to bypass the rest of the tests. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313828 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How does Security affect search engine spiders?
Not as I know, anyway, one cannot rely on user agents which can be faked so easily. Just to illustrate this, as I was writing my last message, I just received a notice from my server reporting a new bad bot detected. its user agent is Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; SpamBlockerUtility 10.2.217.0) and it was trapped because p=releases';[EMAIL PROTECTED](4000);[EMAIL PROTECTED](0x4445434C4152452040 Was found in the URL. Just wonder what this SpamBlockerUtility is supposed to block ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313829 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How does Security affect search engine spiders?
Looks to me as though it is blocking SQL injection attacks It doesn't block anything, it SENDS SQL injection attacks! MY application blocked it. ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313834 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How to handle quote symbols
Here's my question.do you store 12 in the database, or 12quot; Does it matter? Use '12' what's the problem? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313780 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Won't evaluate?
So why isn't this working then? cfset UserCount = #Users.Recordcount# cfset Question = #Replace(FAQ.Question, '$$UserCount$$', #usercount#, ALL)# You're not using # signs correctly : cfset UserCount = Users.Recordcount cfset Question = Replace(FAQ.Question, '$$UserCount$$', usercount, ALL) # sign should be used only inside CFOUTPUT tags, rarely inside other CF tags. But this may not be the only reason. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313740 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Won't evaluate?
Replace(FAQ.Question, '$$UserCount$$', usercount, ALL) It may also be an question of upper/lower case. Are you sure you always have UserCount ? If not, use replaceNoCase() instead. just doesn't show any usercount. Does it show any '$$UserCount$$' then ? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313748 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Won't evaluate?
Yes, I know scoping my variables is a good thing now and I will from now on when needed. But honestly, it so rarely comes up as an issue Right. A good practice to avoid trouble if you don't scope is at least to use different names for variables in different scopes, especially with queries. The problem with queries is that inside a CFOUTPUT on a query, the query scope become implicit and have precedence over the variables scope, but not outside. Using different names will prevent confusions. Like in your case cfset FAQQuestion = Replace(FAQ.Question instead of cfset Question = Replace(FAQ.Question ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313767 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Form Challenge?
When processing this form I need to check for the existence of any of the check boxes. Yeah, this is really a design problem in HTML, the name of an unchecked checkbox is not passed by the browser in the HTTP protocol. IMHO some default value would pretty useful, ie: INPUT NAME=myCheckBox TYPE=checkbox VALUE=1 DEFAULT=0 Personnaly, I've developped my own workaround this way: 1. every form calls a function onSubmit that creates a list (defaultList) of all checkbox and select INPUTs in a hidden field. Note that it is done by Javascript, but the hidden field could be generated by CF as well. 2. each action template includes a template that verifies every item in that defaultList and set its value to 0 if the item is not found in the form scope. Pretty simple (if you always use 0 as default value) : CFIF isDefined (form.defaultList) CFLOOP INDEX=checkBox LIST=#form.defaultList# CFPARAM NAME=form.#checkBox# DEFAULT=0 /CFLOOP /CFIF ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:313350 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: New SQL Injection
I wish there was some way to counter attack!!! H Well, based on the fact that attacks come from infected PC which even ignore they were infected, it would be pretty useless to counter-attack the IP address from which the attack came. BUT, all theses attacks tend to inject spammy links to some sites. So may be some retaliation on these site would have some effect ? And this is the same thing for spam. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312853 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Want to Learn Fuse-Box
But It looks something strange to me Then you must be a sane and well-balanced person ;-) and I quit. Believe me, that was your best decision ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312788 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How to parse a text file...
I've tried several methods to get this code into an array with the filename as the first array element and the description as the second array element May be you don't need to go that far in creating an array. Just create a single array the way you did it, with both the file name and the description in each element, then as you loop on that array, in each iteration use list functions to separate the file name and the description. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312798 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CSS Question
I really really wish that someone would come up with a standard that will work in every browser. In my experience: 1. option tag cannot include any HTML child; 2. option style only support color, no background, no bold, italic or so. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312679 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CSS Question
Or a browser that adheres to the standard? C'mon, we are in a developer forum here, any developer should be concern by the way their application behaves on the client side, and like it or not, about 80% of client use Explorer. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312680 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: image map creator
Looked at a few examples online, none of which were very impresive. Need something direct and simple... any ideas? It would certainly help to understand what you are looking for if you could give us the addresses for these examples. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312542 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Alternative to using CONTAINS repeatedly?
lcase(form.First_Name) First of all, you could avoid calling the lcase function 6 times on the same expression: store lcase(form.First_Name) once for all in one variable, and use this variable in your tests. But this is just a general consideration. What you need here is some regExp, ie cfif REFindNoCase(http|script|img, form.First_Name form.Last_Name form.email) GT 0 (do not process) cfelse (process) /cfif ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312434 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CFFORM and JS Script Source
Here's the problem - One of the reasons I stopped using CFFORM more than10 years ago and developed my own tags and JS validation... ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312451 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Are nested loops allowed in fusebox 5?
Are nested loops allowed in fusebox 5? I'm not sure I understand your question: Fusebox is not a language, just a framework, and as such has no mean to allow loops or not. Fusebox relies on the ColdFusion language, and yes, CF allows nested loops. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312472 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: CF and Access
I thought maybe the Yes/No column was throwing it This is also my guess. Yes may be recognized by Access when the query is submitted directly, but it is not standard SQL and the JDBC driver will interpret it as a column name. Try INT_PARTRETURNED = 1 instead (don't include instead in the query ;-)) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312399 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: using dynamic variable in cfset statement
The variable application. ends with a . character. This looks to me like appconfig.code_name is an empty string. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312259 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: using dynamic variable in cfset statement
Also, the [] is an invalid constrict in coldfusion. well, if appconfig.code_name is an empty string, then [appconfig.code_name] will be equivalent to [], which is an invalid constrict in coldfusion. If I were you, I'll really make sure appconfig.code_name is not an empty string ;-) Just try this: CFOUTPUT[#appconfig.code_name#]/CFOUTPUT ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312271 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How can I unzip a password-protected zip file with cfzip?
Extracting files from .ZIP: This means PKZIP started correctly and found the zip file, but the extraction is not over, probably because the console program is waiting for the password to be entered. It looks like the password parameter is used to zip a file, but not for unzipping. You may have to create a bat file and have PKZIP to read the password from the bat file. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311986 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How can I unzip a password-protected zip file with cfzip?
OK, I looked in the documentation, and can confirm the syntax for the password option: -password=bsz3xuYD See the = sign in the command. If there is a space after password, the the program will read the password from the console. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311988 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How can I unzip a password-protected zip file with cfzip? (Success!)
Finally found an old online pkzip 2.5 manual. Good. Note that you can also: - open Windows Explorer, - find your PKZIP25.exe file, - double clic on it to execute, This open a console window, enter ? and you have a list of all commands and options. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311994 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How can I unzip a password-protected zip file with cfzip? (Success!)
Yes, I did that when you recommended it. It just didn't show the syntax for using the commands. Ok, like in most DOS programs, if you type ?command, you get details about a command, ie: ?extract or ?password ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:312002 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: How can I unzip a password-protected zip file with cfzip?
is there a way to use the password with cfzip action=unzip ? Personally, I create and CFEXECUTE a bat file which runs a 10 years old version of PKZIP. It supports compression/decompresssion and passwords and still works pretty well. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311900 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How can I unzip a password-protected zip file with cfzip?
Would you mind sharing an example of how you use CFExecute and the bat file to process a certain list of files? I just reopen the file were I use it, and I see that I don't use the bat file anymore, this was in version 1.0. Now I pass the parameter directly through CFEXECUTE: CFEXECUTE NAME=#path#\PKZIP25.EXE ARGUMENTS = -extract #path#\individus.zip #pathPhoto#\portrait TIMEOUT=10 OUTPUTFILE=#path#\extract_log.txt / This example does not use password, but it would just be a matter of adding the password parameter in the list or arguments, ie: ARGUMENTS = -extract #path#\individus.zip -password myPassWord #pathPhoto#\portrait Haven't used CFExecute before, nor have I needed to deploy bat file. I could tinker around and probably figure it out, but a working example would be a great guide! There is nothing special to install in order to use CFEXECUTE, just make sure the tag is allowed in your server administrator. Look for the file PKZIP25.EXE, I can send it to you in private if you don't find it. Just drop it in some directory it can been executed. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311904 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Opinions about on the fly image resizing
Any oppinion is appreciated. Well, IMO, the big idea of thumbnails is to show many images roughly and in the same page, so that the user can choose only the one in want in large format. Having to read and downsize 10 or 20 or more images is not really compatible with this purpose. The images are not sent over the Internet, but the server is kept busy unnecessarily. The only reason I would see an advantage would be a situation were you have millions of images so that the probability for any image to appear in a thumbnail page is very low. Otherwise, I would produce the thumbnail images once for ever,... until you change your mind, and unless you change your mind every day ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311906 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Opinions about on the fly image resizing
you only need wipe that directory clean and everything will start being regenerated. Very brilliant indeed. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311918 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Please Help..Confused
I should have clarified that I am not passing a date such as mm/dd/. The year dropdown contains the values 1-5 that the user can select, the month is 1-11, and the days are 1-30. What I am trying to do is for example, when if a user selects 2 years 2 months 2 days then I need to convert those values to days. Then use CreateDate(year, month, day) to create a date object For the year, I suppose 1-5 stands for 2008-2013? Then use CreateDate(year+2007, month, day) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311934 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Please Help..Confused
I need to convert those values to days and add them up. Ok, but to add them up to WHICH date ? Or do you consider every month to be 30 days and every year to be 365 days in general? If yes, then just use dateAdd (d, form.years*365 + form.months*30 + form.days, dateToBeAdded) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311942 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: How can I unzip a password-protected zip file with cfzip?
Ideas? First, I would check if the file e:\inetpub\webroot\real_estate_data\smlc\daily_downloads\zip_files\extract_log.txt has been created and, if yes, if it contains any message errors. Also make sure you have no line breaks inside the arguments parameter string For other parameters in PKZIP, just execute it and enter ? in the DOS window. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311948 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Wildcard characters in filepath?
Is there some way I can use cfhttp to access the files listed on the web page and download them? No, in order to use CFFTP, you need some FTP account on the aimed server. I click on the link and it takes me to a page in the browser that lists the files I need. Ok, then you do have the name of the files, and you can get them by HTTP, not FTP. Then you can extract the file names from the page, and get them using CFHTTP. Of course, extracting the file names from the page can be done for free if you a fluent in regExp, (this is to save Bobby some comments;-) You can also get them more easily if RegExp is not your cup of tea using CF_REextract, see http://www.contentbox.com/claude/customtags/REextract/testREextract.cfm ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311850 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Wildcard characters in filepath?
How can I use wildcard characters in a file path? In a file path for what ? If it is for an HTTP request, the answer is no. If it is for CFFILE, it is still no. Using wild cards could mean that several files could be returned, and both HTTP and CFFILE can deal with only one file at a time. However, you could use CFDIRECTORY action=list with a filter to get the name of the file. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311838 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Wildcard characters in filepath?
The question would really just apply to files. Well, it DOES depend on how you want and can finally get the file. Is the file on YOUR server, or somewhere else. Is the file accessible through HTTP, FTP ? If the file is not on your server, surely you cannot use CFdirectory. If you only have HTTP access, you can only get all files names, no filter, provided the server allows directory browsing. If you have an FTP access, then you can get the list of all files, no filter either. When you have all files names, you can loop on them and find the one that meets your criterion using so regExp. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311843 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Wildcard characters in filepath?
using so regExp. I mean *some* regExp. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311844 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Because that isn't what HTTP was ever designed to do. They made a whole protocol just to handle this: FTP. I think this kind of argument is completely obsolete now. Both HTTP and FTP were designed to allow exchanges between computers made by computer scientists. Now, at least for HTTP, their role has been extended to low end users. As such, there is no reason the protocols could not be extended too. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311789 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
If they're still clicking and selecting then it isn't more risk per se, but creates issues in usability for the user. If they're not careful they could theoretically upload their entire My Documents folder without realizing it when they intended to send one file. Right, but the browser could calculate the total length of data, the number of files, estimate the time required, and ask for a confirmation. The maximum size allowed by the server to transfer could also be part of the protocol. After all, one could also delete all his files in his system, this is nor a reason to force him to delete files one at a time. Taking all users for idiots is not any better than limiting facilities for all in case one makes an error.. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311790 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Pre-filling FileField Values
I'll bet if I asked all of my clients to zip up a folder of folders, only 10% would know how to do it without in-depth instruction. Then you have a problem. All depends on the kind of application you have and the kind of clients who are using it. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311791 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Because browsers weren't designed to allow you to do that. Again, this is not a reason they could not be upgraded to do it. Browsers were not designed to support tables and CSS either, now they do. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311792 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Is there some way to pre-fill a filefield value? Forget it. Imagine it was possible, then a page could get directly some very sensitive files like your system files, or address book... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311725 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
and all they would need to do was submit the form. Not even, this could be done in an onload event ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311726 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Pre-filling FileField Values
Sometimes clients want to load 20 photos or more of a property and they complain about having to select each photo individually. Exact, one should be able to upload every thing like *.jpg in a directory, or select several files in it. I've implemented another solution were clients can send all their images in one zip file, and I unzip it on the server. Of course, there is no gain in size, and users must be able to zip files, but at least for this application, it doesn't look like it is asking too much ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311757 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Centering text written on an image
how does the CFC measure the height and width of text without resorting to an image Any decent text/Image processing library will provide some function to calculate the physical length of a string given a specific font and size. And I'm pretty sure Ray's CFC is using a decent library. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311566 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Flummoxed bya simple query
Does FoxPro have case-sensitive column names? It could be an issue with table names, since tables are actually files, but not for columns. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311374 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Query Too Complex for Access?
Does anyone else know of any other ways? Plenty of them, but no one is better ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311342 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
they are back. Yeah, here too. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311103 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Going through 136+ posts seems a bit too much, many thanks. Arn't you affraid to get even more if you start another thread again? ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311061 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Not as far as technique, but it was much larger in scale than most of us have experience before. By the way, are you still getting hits from this attack? I don't see any anymore. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311062 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
ULs and LIs are better for search engine optimization. ??? Plus they're better semantic code. ??? -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310955 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
So it's a little lighter, codewise, plus ULs and LIs are MEANT to display lists of things while tables are not. Frankly, I don't see your point. ULs and LIs are meant to display lists, right, but what you want to do is not a list, it is a TABLE, so why not use a table ? -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310959 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
this isn't really tabular data. It's simply a list of links. This distinction is completely academic and irrelevant. The purpose of a table in HTML has never be to display data exclusively, but anything. HTML is a formating language, not a database facility. When you display things so they look like a table, it IS a table, even if each of its elements comes a list. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310976 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
So even if I'm only saving a few characters, it's better than using a TABLE. Provided you know how to do it. If you have to ask other people, then you are creating your own problem, just for saving a few characters... Besides...TABLEs are for tabular data. Sure you CAN put other stuff into them, but that wasn't their original intended purpose. IMO you are making a confusion between database tables and HTML tables. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310993 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
then HTML tables are best used for database type information. No doubt about that. But the question here is should I use a table to output a list if I want it to look like a table, my answer is definitely YES. The only purpose on HTML is to define the layout of a page. If your layout requires something, coming from a database or not, to be a table, the the TABLE tag is the choice. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311006 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
Tables were intended to display tabular data. Correct, then if you want a list to be displayed as a tabular data, use a TABLE. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311007 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
I hate to drag this out further Me too... -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311024 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Outputting columned UL tags
I'm looking to output a series of ULs and LIs in a 3 column fashion Why ULs? Isn't this more a table case? -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310927 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Redirection old ID values to new ID values
I have a client whos old site (in ASP) is converting over to our CF storefront. We have the old ID values for their products and have stored them alongside the new ID values for the new store. If you are not running other ASP applications on this server, you could also set IIS to send ASP requests to CF and make the conversion in the CF-ASP page. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310866 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cfexecute batch file not working
I have a very simple batch file Don't forget that the default directory used by the bat file is not the one the bat file resides, but the on from which it is run. In this occurrence, it is the CF directory. Then you may have to set the working directory from inside the bat file itself. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310867 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: ReFind - help with regex (ColdfusionMX 7)
I want to loop through a directory in my codebase and return a list of href tags This could be easily handled by CF_Reextract. You can get all your hrefs in a query using simple regExps. See http://www.contentbox.com/claude/customtags/REextract/testREextract.cfm -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310874 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HELP! SQL Injection Attack!
100 IPs is hardly any RAM. I'd use 10k entries, just as a starting number and scale down if it really becomes an issue. Another approach would be to store also the date the IP was entered in the list, and remove it after a certain number of days. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310503 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SQL injection attack on House of Fusion
very few bots accept cookies. I've never actually seen one that does, but I have read it is possible to write one that will. If you use CF to write the bot, for instance ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310544 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: SQL injection attack on House of Fusion
Then 20-30 minutes later he would show up again with a different IP. How do you know it was the same guy ? May be it was the same bot doing the same thing, but these bots are just like viruses, they spread anywhere. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310575 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HELP! SQL Injection Attack!
Various people have been warning in the last few weeks that this sort of scatter gun approach that started with ASP-based sites is now migrating to ColdFusion powered ones. And it is growing up. Yesterday, my bad bot closed the door to about 50 attacks, and this morning I have 60 reported. Usually I get around 5 only each night. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310351 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HELP! SQL Injection Attack!
blocking specific IP addresses won't get you very far here, because it's a random. blocking IP addresses won't prevent injection in your database if it is not protected, but if an attack is detected the very first attempt, it will save thousands of useless HTTP requests on your sites, because theses robots will scan everything they find. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310354 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HELP! SQL Injection Attack!
Tuesday night received about 20 thousands instances (not an exaggeration). Slowing down now for us, but, heh, it's early. This is were banning IPs at the first attempt will reduce this pollution. If the attack is detected at the first attempt, and the address banned, the statistics will show only one request per IP address. Otherwise, you will allow the bot to open all your pages, archives, etc. and your server may choke. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310357 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HELP! SQL Injection Attack!
Claude, could you possibly share your code that stores the bad IP addresses for a period of time to prevent these useless http requests? Thanks, CV. Well, I'd be happy to, but it is a rather complete and complicated system. It works for all sites/domains on the CF server, uses a database, and is mainly oriented toward bad and unwanted bots elimination. The spam and SQL injection detection is only a small part of it. I can give you this part of code which detects illegal url parameters. The idea is simply to 1. detect if an url parameter is invalid and, 2. if yes, check if there is anything evil in it. In the first case, the request is simply ignored, in the second case, the IP is banned. This code will check if the parameter id is a numeric value: CFIF val(id) EQ 0 AND (id CONTAINS http OR id CONTAINS user OR id CONTAINS declare OR id CONTAINS exec) ... ban this IP address CFABORT CFELSE CFSET id = val(id) /CFIF You may include this code in any page depending on some numeric parameter, ot better: make it a custom tag or CFC. For text parameters, like page names, etc. I simply use: CFIF pTexte CONTAINS http OR pTexte CONTAINS user OR pTexte CONTAINS declare OR pTexte CONTAINS exec For text fields in forms filled by users, a more precise analysis would be needed, but I have none of these on my sites. No one can enter anything if he is not registered. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310360 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HELP! SQL Injection Attack!
I'd like to know how I can stop the requests from ever hitting the web-server. If you detect the attack at the first request, and block the IP, the bot will not even get the first page, will not see all links in it, and will not search your entire server. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310361 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HELP! SQL Injection Attack!
I was hoping to find an elegant solution that stored the Ips in the application scope for the length of the session timeout and then gracefully removed the banned Ips once the session timed out. How about doing this: - Create a server scope array or list (if you have several sites), or just in the application scope. - add to the array any banned IP, - delete the first element in the array (the oldest), if its length is over a certain maximum based on the idea that the bot is probably operating from an innocent infected PC and will not be a threat for months, so it is not useful to memorize banned addresses for ever. - the length of the array you will keep depends on the amount of attacks you are receiving each day, about 100 or so sounds reasonable. - In your application.cfm, simply check if cgi.REMOTE_ADDR is in the list of banned addresses and CFABORT if yes. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310364 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HELP! SQL Injection Attack!
Your system appears to be infect with a bot and it is currently banned from access this site... The cherry on the sundae ;-) In this page, I even have a form so the user can give his address and claim his innocence ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310374 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HELP! SQL Injection Attack!
I'm a little bermused as to why you'd create such a response guys. Just to make sure I give a chance to a legitimate user, in case my robot detection was a bit too strong. For instance, I also have a test based on the number of HTTP request per second in order to discriminate robots from human. Sometimes, the limit is not easy to set precisely: there are fast humans, and slow robots ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310384 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: securing pdf's?
Serve the docs using cfcontent and secure the folder from direct access using your webserver. and if you can't create a secure folder, rename your files to .cfm, store them in a special folder, add some Application.cfm that will prevent direct access, and restore the original file name when CFCONTENTing it. This method can be used for any type of file, including MSWord, etc. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310206 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Query of Queries
I am afraid your right we might have to do a re-install. If restarting CF fails, and BEFORE reinstalling CF, one could try to restart the server. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310215 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cfswitch
I feel it is ridiculous.. What is the reasoning behind this if it si true? The reasoning is that is allows for a more efficient alternative to the general case if(expression1 == value1 ) ... elseif(expression2 == value2) ... elseif(expression3 == value3) ...construct, in the particular case all expressions are the same. With a switch, the expression is only evaluated once and its result compared to constant values. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310159 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cfswitch
switch () in java allows constants to be used in case. I wish cf did too. CF does allow constants in case. Do you actually mean java allows VARIABLES in case? If yes, then no, like CF, Java allows only constantExpressions in case. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310160 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Unknown JS error when doing AJAX.
I changed document.getElementById(character).innerHTML=xmlHttp.responseText; to.. document.getElementById(character).value=xmlHttp.responseText; This will not show anything, since the element character is a div, it has no value. Only input element have values. So all what the statement does is to create a value property to the div, but this property is not shown. I know by experience that xmlHttp.responseText is undefined in IE if there is some error in the Ajax call. I use innerHTML= with no problem in my code, but not with Ajax which has the flaw to screw up the history and back button and bookmarks as well. I use another method, much simpler by the way, which consists of calling the Ajax page from an invisible iFrame, and copy the result to the destination div on an onload event in this frame. The advantages are that the back-forwards button work, and the pages can be bookmarked. IMO, Ajax shouldn't be used for HTML, only for transmitting XML data. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309959 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Printer Question
Just put this style in the first P or BR for your new page: STYLE=page-break-before: always; -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309868 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: paypal cart
Simple hack might be to have a 'hidden field' on your form that concats the 4 fields into 1 field with a specified delimeter. This way you are passing one var with all 4 lines. When it returns from the paypal side, you can 'parse' the data into four lines again using the specified delimeter. This is also what I'm doing. However, the paypal IPN will nor return any field you provide in the form (I wonder why) But there is one called CUSTOM that can be used for that purpose. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309880 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: I need help with a PHP question - off line i guess
that's a little bit of irony there I do not see anything but truth ;-) And there is no irony here ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309890 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: I need help with a PHP question - off line i guess
I hear constantly how Microsoft is evil the best answer I got in this category is about Thunderbird's buggy message pane not able to add a scroll bar: message pane is total mess of a code nobody want to touch. Apparently Open source nerds have redesigned the way panels are handled, cause Windows could do it, but windows is evil. ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309892 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Form Spam Attack
almost anyone who can use the computer can add 3+5 Some people can even do it without using a computer ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309913 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: [ot] - Payment Gateways?
Anyone have any experience with Google Checkout or any other companies that I should look into? Yes, good question. I have the feeling that if a significant number of developers here are complaining about Paypal, it may be just because Paypal having been around for such a long time, there are more people using it, thus more people to report problems. I just developed my own payment module for a customer, and so far my experience with the Paypal technical support has been a bad experience. Obviously, the person at the desk didn't even know what HTTP and HTTP request are all about. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309781 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Is this a CF bug or just a Java behavior?
Did you just say you should NEVER do something? With a wink, yes I did ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309752 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben Forta
how about changing cfquery so that by default, only ONE sql statment can be sent. Let us override that with a parameter in cfquery or a cfprocessing driective type of thing in our application.cfm.. Pretty good idea. I doubt many people use multiple sql statements in one cfquery, Also note that certain databses, like Access won't allow multiple statements anyway. I know, I know, some ayatollah will say NEVER use *Access*... -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309707 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben Forta
That is more a function of the db. Exact, and I don't see how CF could prevent from multiple execution. It should compile the SQL code for that, and it does not. Unless ODBC/JDBC drivers have a function to disable it. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309710 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben Forta
I have to hand it to Claude - he definitely has confidence Well, unless ODBC and JDBC have some function to enable/disable multi statements, It would certainly be much trouble to implement this in CF. I've checked rapidly in the ODBC docs, and I don't see any reference to multi statement. Anyway, if the option was available, it shouldn't be the default, for sure. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309711 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Is this a CF bug or just a Java behavior?
If you run this piece of code the first value will be 6.2, second will be a NO and then toString will result in 6.199. This is neither a CF bug, neither a Java behavior. This is a normal behavior in digital computers and the way real numbers are stored. If #c# seems to be output correctly, it is probably because of rounding by CF. But the test fails, because c is not exactly 6.2 As a basic principle in programing, one should never (and I really mean *never* ;-) compare floating values, especially when they are results of an operation. Instead of c EQ 6.2, one should use Abs (c - 6.2) LTE 0.01 or anything equivalent. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309732 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
This is a classic reason why that sort of blocking method is in my opinoin only useful for a temproary stop gap. It is actually only safe and useful for numeric parameters or dates, but for text fields obviously, something more accurate must be used. And CFQUERYPARAM won't help either. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309573 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Keywords and banning IPs by themselves are not the answer Exactly. But t helps to reduce the impact. There is no panacea, only a set of measures. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309578 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
and Billy New-Developer comes along and decides that someOtherQuery.someOtherValue could really do with coming directly from the user? Will he add the cfqp if it's not already there? This is irrelevant, because: 1. if both fields are numeric, there is no possibility OtherQuery.someOtherValue can contain anything harmful; 2. if both fields are text, CFQUERYPARAM won't detect anything harmful and won't help anyway. 3. if both fields have different types, then you should have fire your db administrator, or your developer, or both, a long time ago ;-) in this case, the least you should do is to check the compatibility of values BEFORE running the query, and eventually make the appropriate conversion. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309586 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
var listSQLInject = cast,exec,execute,sp_executeSQL,revoke,grant,select,insert,update,delete,dr op,--,'; Don't forget to include user in your list. The first thing hackers try generally is to get to your table of users and passwords. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309575 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
Do you fully understand what cfqueryparam does when binding text parameters into the query? Yes, fully. I've designed CFX_ODBCinfo, and some other tools, and I'm pretty aware of the way ODBC or JDBC drivers work. This is precisely why I can say when it is useful and when it is not. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309603 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
But Billy has been told to turn: SET myValue = #someOtherQuery.someOtherValue# into: SET myValue = #FORM.someOtherValue# Then obviously, he should add CFQP to the line of code in the same time, what's the problem? My point is just that in some situations, CFQP is useless, of course, is you change your code, then it is a new code, with a new situation. I don't see your argument. Would you also use CFLOCK around CFSET of any variable, just in case some variable is moved to the session scope some day? (in CF5 for this example)? C'mon... ;-) -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309592 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
In our case, what happened was that we dropped a column that hadn't been in use for awhile, and everything broke because of the SELECT * and cfqueryparam. It may be a silly question, but why a SELECT * will brake because an unused column was dropped? -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309600 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
It shouldn't make a difference if the SELECT * is in a cfquery I see. A very particular situation though. It will not prevent me from using SELECT * when I need all fields. This is more efficient than list all of them. On the opposite, using SELECT * just to get a record count is the worse case. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309608 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Form Spam Attack
I'm not saying Captcha is bad, but I hate running into it on a site myself, Same with me. I've always wonder if some bot really ever used some character recognition system so that it is necessary to distort text so badly. Another thing that bugs me about captcha is that in case you entered anyting wrong in the form, the captcha is changed, so you have to decode it again. -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309612 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
So you know that it *always* prevents SQL injection in a standard query (select, update or delete). Really? Can you give an example of injection that will be prevented? -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309616 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: (ot) URL Hack Attempt Leaves Me Scractching My Head...
ANY string passed into cfqueryparam cannot be executed as SQL: Is it really possible to get an SQL statement executed from a string for a text field without closing the string first with an apostrophe? -- ___ REUSE CODE! Use custom tags; See http://www.contentbox.com/claude/customtags/tagstore.cfm (Please send any spam to this address: [EMAIL PROTECTED]) Thanks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309621 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
