Re: Upgrading CF9 Hotfixes

2014-02-13 Thread Donnie Bachan (Gmail) 

Hi Richard,

Are you renaming any existing jar files or removing them completely? I have
run into issues when the old hotfix files are just renamed, you should
remove them from the folder completely (i.e. the ones in the UPDATES
folder). Ensure that you have them backed up in another location though
incase you need to restore them.

Best Regards,
Donnie

Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Thu, Feb 13, 2014 at 2:52 PM, Richard White  wrote:

>
> Hi,
>
> I am having a lot of problems trying to upgrade hot fixes.
>
> I currently have 9.01 installed. I have downloaded 9.01 hot fix as
> described here:
> http://helpx.adobe.com/coldfusion/kb/security-hotfix-coldfusion-8-8.html.
> However, after applying the changes the CF Admin stops working and just
> shows a blank page.
>
> I have followed the instructions diligently so wondered what else may be
> going wrong. I tried to apply the 9.02 update but again the CF admin
> stopped working and showed an error: 'Class not found:
> coldfusion.security.ESAPIUtils'
>
> I am lost as to what to try next and what the issue is. I think there were
> 4 hot fixes for 9.01? Do I need to load them one at a time in order, and
> then apply the 9.02 update?
>
> Thanks for any help or pointers,
> Richard
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357674
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: generating and merging pdfs

2014-01-13 Thread Donnie Bachan (Gmail) 

Hi Tim,

I tend not to use CF for anything like this. I've used ghostscript and
pdftk to perform pdf merging with great success. See
http://stackoverflow.com/questions/8158584/ghostscript-to-merge-pdfs-compresses-the-result
for
an example of usage commands for both ghostscript and pdftk (
http://www.pdflabs.com/tools/pdftk-server/). If you're on linux either will
work but on Windows you'll have to go with pdftk.

Best Regards,

Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Mon, Jan 6, 2014 at 7:28 PM, Tim Do  wrote:

>
> I'm using cfpdf to merge roughly 3000 pdfs (< 50kb each). These pdfs were
> generated using cfdocument which only takes a couple of minutes. The issue
> I'm having now is when merging these pdfs, its taking down the server. I'm
> getting: Unable to instantiate
> com.adobe.internal.pdftoolkit.pdf.page.PDFPageLabels object from CosObject.
> Looks like I get to around 1600 pdfs which is about 40mbs. Is there another
> method I should be using for this monthly and quarterly process? We're
> trying to mail of statements. Any input would be greatly appreciated. We're
> on cf9 here.
> Thanks,
> Tim
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357410
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Call of a soap webservice passing headers

2013-02-23 Thread Donnie Bachan (Gmail) 

Have you tried the addSOAPRequestHeader function? Use this in conjunction
with createObject to pass the username and password to the service. See
http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=functions_a-b_03.html

HTH.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Fri, Feb 22, 2013 at 9:13 PM, Stephane Vantroyen  wrote:

>
> Hello,
>
> usually I have no problem consuming webservices, but this time I don't
> understand what I do wrongly; before being able to call any method, I
> should login, passing username and password in the soap headers; and there
> comes the pain : I try to call it via createboject, cfinvoke or even with
> cfhttp like mentionned in this post (
> http://blog.brijeshradhika.com/2011/04/consuming-webservice-using-coldfusion.html
> ),
> I can't make it work.
>
> The documentation of the webservice provides a php example (see below).
> Anyone of you guys being able to translate into Coldfusion code?
>
> Thanks in advance
>
>
>
> /* Create the UsernameToken class */
> class UsernameToken {
>   public $Username;
>   public $Password;
> public function __construct($username, $password) { $this -> Username =
> $username;
> $this -> Password = $password;
> } }
> /* Initialise the SOAP client */
> $client = new SoapClient('http://www.thesite.nl/api/thesite.wsdl', array(
> trace => 1 ));
> /* Send user authentication headers */
> $ut = new UsernameToken('username', 'password');
> $soapHeaders[] = new SoapHeader('
> http://schemas.xmlsoap.org/ws/2002/07/utility/', 'UsernameToken', $ut);
> $client -> __setSoapHeaders($soapHeaders);
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354660
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: SOT: IP Geolocation APIs

2013-02-05 Thread Donnie Bachan (Gmail) 

Hi Justin,

If you have a budget available I would recommend
http://www.maxmind.com/en/geolocation_landing. We use the downloadable
database.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Tue, Feb 5, 2013 at 5:02 PM, Justin Scott  wrote:

>
> > What about using geolocation on the client itself? Roughly 82%
> > of your audience will support it.
>
> The situation I'm working with is dealing with historical data.
>
>
> -Justin
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354311
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Source control in CF

2013-01-30 Thread Donnie Bachan (Gmail) 

I agree with Cameron on this one. We recently moved from SVN to Git because
we found that within our team it facilitated our workflow. We started
implementing the practices outlined by Git Flow and that's been working
really well. That doesn't mean that Git is better than SVN, it's just
better in our case. One thing I do like is the fact that I can work on my
local machine and then sync with the server when I'm connected at the
office again.

Best Regards,
Donnie

On Wed, Jan 30, 2013 at 2:23 PM, Cameron Childress wrote:

>
> On Wed, Jan 30, 2013 at 4:42 AM, Adam Cameron wrote:
>
> > Before you go too far down the SVN route...
> >
>
> To me, Git vs SVN is sort of like a Mac vs PC argument. Git is good, SVN is
> good. They are both VERY VERY widely used and I expect both to be heavily
> used for the foreseeable future.
>
> Like most technology questions, there is not just one "right" answer.
>
> To the OP - read up on Git and SVN and pick whichever you like, but don't
> feel bad in the least about choosing either one as a solution. They are
> both perfectly fine choices. In fact, if you are struggling to understand
> getting SVN setup, I think that Git may be an even more painful option for
> you (but give it a whirl and form your own opinion).
>
> -Cameron
>
> --
> Cameron Childress
> --
> p:   678.637.5072
> im: cameroncf
> facebook  |
> twitter |
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354132
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: AW: Severe memory issue

2013-01-30 Thread Donnie Bachan (Gmail) 

Hi Till,

What version of CF are you on? I had some issues with memory in CF8 and
outlined a few tips
http://thinkinglemur.com/index.php/2010/02/memory-leaks-with-coldfusion-8/.
If you are doing heap dumps, look for objects that hold huge amounts of
memory, the blog posts has links to a couple of sites that talk about how
to make sense of the heap dumps. If there are objects that make reference
to session/application scoped variables/objects this can also be a cause of
memory leaks and server crashes.

HTH
Donnie

On Wed, Jan 30, 2013 at 10:39 AM, Helwig, Till Helge
wrote:

>
> Hi,
>
> This doesn't look like any UUID I ever encountered before:
>
> 709565bc370.f5330048ffa80212
>
> I will ask the DBA if there is any way of generating those things with a
> stored procedure, but I don't expect a positive answer, to be quite honest.
>
> Greetings,
> Till Helge
>
>
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:354120
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: SQL Express and CF

2012-11-16 Thread Donnie Bachan (Gmail) 

You'll need to purchase the developer edition for SSIS. It's not free but
has full standard level features and is pretty affordable $50 US  at NewEgg
http://www.newegg.com/Product/Product.aspx?Item=N82E16832416455&Tpk=sql%20server%20developer

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Fri, Nov 16, 2012 at 4:22 PM, Carl Von Stetten
wrote:

>
> I spoke too soon.  The installer with tools provides limited replication
> support and SSMS, but not SSIS.
> -Carl V.
>
> On 11/15/2012 4:30 PM, Carl Von Stetten wrote:
> > Starting with SQL Server Express 2008 R2 (and maybe some prior
> > versions), you can download an installer that includes the SSMS tools,
> > which I think includes SSIS as well.
> > -Carl V.
> > On 11/15/2012 1:32 PM, Mike Kear wrote:
> >> the things cut out of the express version are the kinds of things we use
> >> coldfusion for anyway.  I havent found any issues at all in connecting
> >> SQLexpress versions and Coldfusion.  The only issues I've had are to do
> >> with things like the lack of SSIS which makes things like moving data to
> >> online more difficult that's all.
> >>
> >> Cheers
> >> Mike Kear
> >> Windsor, NSW, Australia
> >> Adobe Certified Advanced ColdFusion Developer
> >> AFP Webworks
> >> http://afpwebworks.com
> >> ColdFusion 9 Enterprise, PHP, ASP, ASP.NET hosting from AUD$15/month
> >>
> >>
> >> On Fri, Nov 16, 2012 at 6:32 AM, Pete Ruckelshaus
> >> wrote:
> >>
> >>> Works just like the full version, and it's what I use on my VPS.
> >>>
> >>>
> >>> On Thu, Nov 15, 2012 at 5:23 AM, Kevin Parker <
> tras...@internode.on.net
>  wrote:
>  Are there any issues using Express versions of SQL Server for
> >>> development?
> 
> 
>  Thank you
> 
> 
> 
> 
> 
>  ++
> 
>  Kevin Parker
> 
> 
> 
>  M: 0418 815 527
> 
> 
> 
>  ++
> 
> >>
> >>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353208
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Anybody seen this hack/exploit?

2012-11-13 Thread Donnie Bachan (Gmail) 

I've seen something like this on a shared server that was running
osCommerce. The uploads directory had the wrong permissions set, the
attacker uploaded a server admin script that could set permissions on other
directories. They were then able to inject code into every index.php,
index.html, index.cfm files it found.

If you are on a shared environment I would look for this type of attack on
the server.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Tue, Nov 13, 2012 at 9:56 PM, Yuliang Ruan wrote:

>
> >Recently a site of ours got hacked - basically, a Google search the site
> >was returning viagra info!
> >What we got was a small script added to the end of a functions.cfm file:
> >
> > >"google", REQUEST.UserAgent )) >
> > >url="http://168.16.228.250/fms/
> ">#cfhttp.filecontent#
> >
> >I'm not the server admin for this site, so they're sorta pointing the
> >finger at us developers, and we're pointing fingers back at them about
> >lax server security. We've got a boatload of stuff on this site to
> >prevernt SQL injection, including Justin D. Scott's application script,
> >carefully checking anything to goes into the database, client and server
> >side form validation, blah, blah, blah...
> >
> >Anybody seen the above, and if so, thoughts? Anybody manage to determine
> >how the exploit happened to start with?
>
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353149
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: CF8 Instance hogs cpu

2012-10-02 Thread Donnie Bachan (Gmail) 

Hi Richard,

I wrote a post a while back about memory leaks in CF8 Ent., although it is
not specifically related to high CPU usage, some of the settings here may
be of help.
http://thinkinglemur.com/index.php/2010/02/memory-leaks-with-coldfusion-8/

The two things that helped the most (aside from refactoring code) was
updating the JVM and using -XX:+AgressiveHeap.

Is this only happening on 1 specific instance? What about the other
instances on the server, are they fine? Do they interact with the instance
that is having issues?

HTH.
Donnie


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352834
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

Pete and Dave,

I owe both of you a beverage (or ten!) next time I'm in the US or you are
in the UK! It was the BSafe library. I used the code from the forum post to
disable the library and my requests worked. I will have to look into the
compliance issue with disabling the library when making the calls but at
least I know where the problem lies!

Thanks again!
Donnie



On Tue, Oct 2, 2012 at 11:48 PM, Dave Watts  wrote:

>
> > My Guess is that this has something to do with the RSA BSafe crypto-j
> > security provider that CF Enterprise ships with. This API was upgraded in
> > CF10, so you could try that as an option. When you run Java from the
> > command line, you are not using Crypto-J, when you run java within CF you
> > are.
> >
> > Another thing to try would be CF Standard since CF standard uses the
> > default Java security provider.
> >
> > You might also be able to have CF9 Ent run with the default security
> > provider via some JVM options.
>
> Also, you can temporarily disable BSafe, I think, as described by
> Jason Dean here:
>
> http://forums.adobe.com/message/3895416
>
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352830
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

Thanks Russ, I've not played with JSP in years, will give it a shot. I'm
willing to even try Pascal at this point!


On Tue, Oct 2, 2012 at 8:37 PM, Russ Michaels  wrote:

>
> Dont forget that you are using jrun which also allows you to use jsp as
> well, perhaps you could try doing this from jsp and see if that works,
> which may save you some head banging as cfm and jsp can happily work
> together.
>
> Regards
> Russ Michaels
> On Oct 2, 2012 6:32 PM, "Pete Freitag"  wrote:
>
> >
> > My Guess is that this has something to do with the RSA BSafe crypto-j
> > security provider that CF Enterprise ships with. This API was upgraded in
> > CF10, so you could try that as an option. When you run Java from the
> > command line, you are not using Crypto-J, when you run java within CF you
> > are.
> >
> > Another thing to try would be CF Standard since CF standard uses the
> > default Java security provider.
> >
> > You might also be able to have CF9 Ent run with the default security
> > provider via some JVM options.
> >
> > Also can you post the full stack trace for the error you are getting in
> CF?
> >
> > --
> > Pete Freitag - Adobe Community Professional
> > http://foundeo.com/ - ColdFusion Consulting & Products
> > http://petefreitag.com/ - My Blog
> > http://hackmycf.com - Is your ColdFusion Server Secure?
> >
> >
> >
> >
> > On Tue, Oct 2, 2012 at 11:01 AM, Donnie Bachan (Gmail) <
> > donnie.bac...@gmail.com> wrote:
> >
> > >
> > > Thanks Dave,
> > >
> > > You just pass the location of the key file as a string so I'm just
> > passing
> > > in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried
> > using
> > > Wireshark as well to look at the packets being sent. From Java the
> > request
> > > is fine, from CF the remote URL never gets called at all so it's not
> even
> > > getting to the bit where it makes the request. What I don't understand
> is
> > > why it's throwing the same error when I use a wrapper java class that
> > then
> > > invokes the SDK. Even if I hard code the paths to the files in the java
> > > wrapper class and all CF does is call the wrapper class I get the same
> > > error. I'm thinking it may be some sort of permission issue why it
> can't
> > > read the key file but I can't figure out what to change. CF and Java
> and
> > > Apache all have full permissions on the directories.
> > >
> > > Donnie Bachan
> > >
> > > >
> > > > > This returns an error: Cannot get key bytes, not PKCS#8 encoded.
> If,
> > > > > however, I wrap this in a java class and execute from command line
> it
> > > > works
> > > > > just fine. It just refuses to work when called from ColdFusion.
> > > >
> > > > How are you providing the key file to the Java class from within CF?
> > > > Are you just reading it via CFFILE? I suspect that's the problem,
> > > > although I don't know what the solution would be exactly. When you
> > > > execute the Java class from the command line, how are you providing
> > > > the file in that case?
> > > >
> > > >
> > >
> > >
> > >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352815
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.

Pete,

Thanks very much. I think your note about RSA BSafe may be the issue since
the symptoms seem to be pointing to something that CF can't handle. I can
test this tomorrow. I'll post the stack trace when I'm back at work.

Best Regards,
Donnie
On Tue, Oct 2, 2012 at 6:32 PM, Pete Freitag  wrote:

>
> My Guess is that this has something to do with the RSA BSafe crypto-j
> security provider that CF Enterprise ships with. This API was upgraded in
> CF10, so you could try that as an option. When you run Java from the
> command line, you are not using Crypto-J, when you run java within CF you
> are.
>
> Another thing to try would be CF Standard since CF standard uses the
> default Java security provider.
>
> You might also be able to have CF9 Ent run with the default security
> provider via some JVM options.
>
> Also can you post the full stack trace for the error you are getting in CF?
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352814
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

Thanks Dave,

You just pass the location of the key file as a string so I'm just passing
in C:\wamp\.\ClientKey.pem both in CF and Java class. I've tried using
Wireshark as well to look at the packets being sent. From Java the request
is fine, from CF the remote URL never gets called at all so it's not even
getting to the bit where it makes the request. What I don't understand is
why it's throwing the same error when I use a wrapper java class that then
invokes the SDK. Even if I hard code the paths to the files in the java
wrapper class and all CF does is call the wrapper class I get the same
error. I'm thinking it may be some sort of permission issue why it can't
read the key file but I can't figure out what to change. CF and Java and
Apache all have full permissions on the directories.

Donnie Bachan

>
> > This returns an error: Cannot get key bytes, not PKCS#8 encoded. If,
> > however, I wrap this in a java class and execute from command line it
> works
> > just fine. It just refuses to work when called from ColdFusion.
>
> How are you providing the key file to the Java class from within CF?
> Are you just reading it via CFFILE? I suspect that's the problem,
> although I don't know what the solution would be exactly. When you
> execute the Java class from the command line, how are you providing
> the file in that case?
>
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352810
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

>
> Hi Paul,
>
> Thanks for this, it's odd we use Cardinal when we call Paypal Pro (we use
> them as a back up processor if Barclays ever goes down) and that works fine
> on 64 bit. What's even more odd is the fact that they all use Arcot at the
> core because Arcot developed the system.
>
> Best Regards
>
>
>
>
> On Tue, Oct 2, 2012 at 11:29 AM, Paul Kukiel  wrote:
>
>>
>> Unsure if its an option be we use 3d secure with cardinal commerce who
>> support ColdFusion and 64 bit.
>>
>> Paul
>>
>>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352805
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

Hi Paul,

Thanks for this, it's odd we use Cardinal when we call Paypal Pro (we use
them as a back up processor if Barclays ever goes down) and that works fine
on 64 bit. What's even more odd is the fact that they all use Arcot at the
core because Arcot developed the system.

Best Regards
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Tue, Oct 2, 2012 at 11:29 AM, Paul Kukiel  wrote:

>
> Unsure if its an option be we use 3d secure with cardinal commerce who
> support ColdFusion and 64 bit.
>
> Paul
>
> On 02/10/2012, at 8:26 PM, "Donnie Bachan (Gmail)" <
> donnie.bac...@gmail.com> wrote:
>
> >
> > Hi All,
> >
> > I've run into an issue on CF9 Enterprise 64 bit on Windows (7/2003/2008)
> > with using client authentication when invoking a java component.
> >
> > Background:
> > We are attempting to implement 3D Secure (Verified By Visa) on the
> > Barclay's EPDQ system using the Arcot SDK. We have this working using the
> > COM api on windows 32 bit but our shiny new servers running Windows 2008
> > doesn't support COM. I've attempted to use .NET thinking that it should
> be
> > a fairly straight swap between the COM and .NET systems but was I wrong.
> > The Java SDK requires you to pass in 3 SSL files. A CA certificate, a
> > client certificate and a client key file.  The following code illustrates
> > the call from ColdFusion to the SDK:
> > var serverInfo = createObject("java",
> > "com.arcot.xfms.XFMS_Java_API$ServerInfo").init(
> > VARIABLES.clientOptions.host,
> > VARIABLES.clientOptions.port,
> > VARIABLES.clientOptions.transport,
> > 30,  5, 8,  4,
> >
> > VARIABLES.clientOptions.TrustedCACertFile,
> >
> > VARIABLES.clientOptions.ClientCertFile,
> >
> > VARIABLES.clientOptions.ClientKeyFile);
> >
> > This returns an error: Cannot get key bytes, not PKCS#8 encoded. If,
> > however, I wrap this in a java class and execute from command line it
> works
> > just fine. It just refuses to work when called from ColdFusion.
> >
> > Attempted Fixes:
> > 1. I've imported the certificates into every keystore on the server!
> > 2. Created a jks keystore that includes the CA, Client Certificate and
> > Client Key file and passed that in
> > 3. Created a wrapper class in java that then instantiates and calls the
> SDK
> > - this again works from command line but not from CF
> > 4. Updated the JRE to Java6 R35 and tested both the command line and CF
> > versions, pure java works, CF doesn't
> > 5. Enabled SSL between JRUN and Apache (in dev environment) and still
> > nothing
> > 6. Contacted Barclays and Arcot and the official position is they neither
> > officially support 64 bit Windows (which is INSANE!) or ColdFusion and
> > can't really offer much advice. They suggested that it could be a problem
> > with access the SDK from Coldfusion but I've moved the SDK to the same
> > directory as the web root and still nothing.
> >
> >
> > Has anyone had any experience with this? Any thoughts, suggestions,
> > criticisms? I can provide more code if necessary.
> >
> > Thanks very much.
> >
> >
> > Best Regards,
> > Donnie Bachan
> > "Nitendo Vinces - By Striving You Shall Conquer"
> > ==
> > The information transmitted is intended only for the person or entity to
> > which it is addressed and may contain confidential and/or privileged
> > material. Any review, retransmission, dissemination or other use of, or
> > taking of any action in reliance upon, this information by persons or
> > entities other than the intended recipient is prohibited. If you received
> > this in error, please contact the sender and delete the material from any
> > computer.
> >
> >
> >
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352803
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Invoking Java component that sends SSL Client Key in CF9 Ent

2012-10-02 Thread Donnie Bachan (Gmail) 

Hi All,

I've run into an issue on CF9 Enterprise 64 bit on Windows (7/2003/2008)
with using client authentication when invoking a java component.

Background:
We are attempting to implement 3D Secure (Verified By Visa) on the
Barclay's EPDQ system using the Arcot SDK. We have this working using the
COM api on windows 32 bit but our shiny new servers running Windows 2008
doesn't support COM. I've attempted to use .NET thinking that it should be
a fairly straight swap between the COM and .NET systems but was I wrong.
The Java SDK requires you to pass in 3 SSL files. A CA certificate, a
client certificate and a client key file.  The following code illustrates
the call from ColdFusion to the SDK:
var serverInfo = createObject("java",
"com.arcot.xfms.XFMS_Java_API$ServerInfo").init(
VARIABLES.clientOptions.host,
VARIABLES.clientOptions.port,
VARIABLES.clientOptions.transport,
 30,  5, 8,  4,

VARIABLES.clientOptions.TrustedCACertFile,

VARIABLES.clientOptions.ClientCertFile,

VARIABLES.clientOptions.ClientKeyFile);

This returns an error: Cannot get key bytes, not PKCS#8 encoded. If,
however, I wrap this in a java class and execute from command line it works
just fine. It just refuses to work when called from ColdFusion.

Attempted Fixes:
1. I've imported the certificates into every keystore on the server!
2. Created a jks keystore that includes the CA, Client Certificate and
Client Key file and passed that in
3. Created a wrapper class in java that then instantiates and calls the SDK
- this again works from command line but not from CF
4. Updated the JRE to Java6 R35 and tested both the command line and CF
versions, pure java works, CF doesn't
5. Enabled SSL between JRUN and Apache (in dev environment) and still
nothing
6. Contacted Barclays and Arcot and the official position is they neither
officially support 64 bit Windows (which is INSANE!) or ColdFusion and
can't really offer much advice. They suggested that it could be a problem
with access the SDK from Coldfusion but I've moved the SDK to the same
directory as the web root and still nothing.


Has anyone had any experience with this? Any thoughts, suggestions,
criticisms? I can provide more code if necessary.

Thanks very much.


Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352799
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: credit card fraud

2012-08-23 Thread Donnie Bachan (Gmail) 

We handle credit card (and UK direct debit) fraud by assigning a fraud
score to every single credit card submission. We generate the score at the
time of purchase but using MaxMind and checking if the billing address of
the credit cad matches the IP country, checking if the billing is one of
the high fraud countries and a few other historical items (delivery
addresses etc). If the total fraud score crosses a threshold the orders are
put into a holding table and are reviewed by someone to determine if the
orders do look dodgy. If they are false positives then we allow them to be
processed, if not we reject the order. We do pre-authorisations on the card
so we never store the CC information during the review process. Someone
mentioned using 3D Secure and that has help us out a lot in reducing spam.
We've seen it all from Vietnam to Ghana and even a few originating in the
US with US credit cards but with shipping addresses in the far east or
africa. We also block certain known IPs/cards/countries and display a
message that there was a problem with the order, please call us to complete
the purchase. Legit customers call, fraudsters don't! Our system works
pretty well and doesn't rely on systems that may prevent legit people from
submitting forms, which to be honest prevents bot spamming but doesn't help
much with credit card/payment fraud.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Thu, Aug 23, 2012 at 10:00 PM, Casey Dougall - Uber Website Solutions <
ca...@uberwebsitesolutions.com> wrote:

>
> On Thu, Aug 23, 2012 at 4:54 PM, Byron Mann  wrote:
>
> > http://www.maxmind.com/app/ccfd_features
> >
> > this is a pretty good service and very affordable. You might be able to
> hit
> > them up for a free account if you are a non profit.
>
>
>
> This is also built into Authorize.net as well. It’s an option something
> like an extra 10 or 15 a month.
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352304
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Modern (and free) html/cf editor that is similar to Homesite?

2012-08-19 Thread Donnie Bachan (Gmail) 

I know this option isn't free but you may want to contact them and see if
you can work something out with them since it's for educational use.
http://www.sublimetext.com/
This is probably the best editor I've ever used. It is very similar to
Homesite in may respects but it just takes it to a thousand levels up!

HTH.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Sun, Aug 19, 2012 at 5:46 PM, Larry Lyons  wrote:

>
> >I teach web design and web programming at a public high school.  I have
> >been using homesite for my classes, but it doesn't play well in our
> >environment (locked down C drive, network drives...trust me, it has
> >issues).  Are there any current text editors that play well with HTML,
> CSS,
> >JavaScript, and CF, that are also free?  It doesn't need to be a super
> >heavy duty app like Eclipse, in fact, I tried that with my web design
> class
> >and it was a nightmare because of its complexity.
> >
> >Platform is WinXP.
> >
> >Thanks for any suggestions,
> >
> >Pete
>
> NotePad ++ has a CFML plugin.
>
> Also if you install Eclipse with the Webtools plugin that will cover
> HTML/JS/CSS, and use CFEclipse to handle the CFML portion.
>
> hth,
> larry
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:352198
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Failed PCI Compliance test on CF9.01

2012-03-06 Thread Donnie Bachan (Gmail) 

Hi Robert,

I'm not sure if I'm missing something but shouldn't you have
setClientCookies to Yes? Otherwise you'd have to pass the JSESSIONID in the
url on each request.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Tue, Mar 6, 2012 at 3:33 PM, Robert Rhodes  wrote:

>
> For both Phillip and Donnie -- I just set the site up for database storage
> for the client session in the cf admin (server settings -> client
> variables), and I see data going in those two tables, but I am still losing
> the session state when moving from https to http.  I have this set in my
> application.cfm:
>
> clientmanagement="Yes"
> sessionmanagement="Yes"
> setclientcookies="No"
> clientstorage="MyDSN"
>
> What am I doing wrong?
>
>


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350268
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Failed PCI Compliance test on CF9.01

2012-03-06 Thread Donnie Bachan (Gmail) 

Justin, I don't think that would work though, depending on the level of
compliance and the SAQ being completed I don't think any vendor will allow
that exemption regardless of if credit card information is visible or not.
If an attacker is allowed any access to a user session and can harvest any
personally identifiable information it could affect security of any credit
card entered into the site.

Best Regards,


Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Tue, Mar 6, 2012 at 2:41 PM, Justin Scott  wrote:

>
> > Justin, thanks for the reply, and I get your point, but I can't break out
> > the registration process into a standalone site quickly.  There must be a
> > fairly quick solution to this problem.  Surely, I can't be the first to
> > deal with this.
>
> Another option might be to ask your scanning vendor for an exception
> to that scanning rule.  If you can demonstrate to them that no credit
> card information is accessible through the user's account (e.g. the
> card number isn't visible anywhere, etc., and it really doesn't matter
> if the session is hijacked from the standpoint of credit card
> security) and explain the situation, they are generally willing to
> work with you on this kind of thing.  Remember, their scanning rules
> are designed to cover the widest possible threat model.  If you have
> specific needs that don't fit into that model but have compensating
> controls in place, it shouldn't be a problem (e.g. this used to be an
> issue with the incremental session IDs which the scanners check for,
> but paired with the random session token as a compensating control
> they would always make an exception for this rule when asked).
>
>
> -Justin Sco
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350260
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Failed PCI Compliance test on CF9.01

2012-03-06 Thread Donnie Bachan (Gmail) 

Robert,

This is odd that you are losing the session, are you using CF in
multiserver mode or standalone? The article you referenced was for CF8,
however, we're currently running CF9 Ent in multiserver mode and we've not
had this issue crop up. We are however using a DB with client cookies for
managing state across CF instances.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.


On Tue, Mar 6, 2012 at 2:17 PM, Che Vilnonis  wrote:

>
> Robert, a product like Fuseguard from Pete Freitag or a Web Application
> Firewall (or a plugin type of "filter" to your existing firewall) may help.
> I'm currently going through a similar process and thought these options
> might help.
>
> Ché
>
> -Original Message-
> From: Robert Rhodes [mailto:rrhode...@gmail.com]
> Sent: Tuesday, March 06, 2012 9:08 AM
> To: cf-talk
> Subject: Re: Failed PCI Compliance test on CF9.01
>
>
> Justin, thanks for the reply, and I get your point, but I can't break out
> the registration process into a standalone site quickly.  There must be a
> fairly quick solution to this problem.  Surely, I can't be the first to
> deal
> with this.
>
>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:350255
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: GeoIP for Coldfusion?

2011-12-25 Thread Donnie Bachan (Gmail) 

FYI, http://www.maxmind.com/app/geolitecity, best to check with them
about your particular use case to ensure you are good to use the free
version.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.



On Sun, Dec 25, 2011 at 4:18 PM, Phillip Vector
 wrote:
>
> *nods* I was looking for city and state actually.
>
> and it would need to be free. I can't drop $370 on this.
>
> On Sun, Dec 25, 2011 at 3:48 AM, Donnie Bachan (Gmail)
>  wrote:
>>
>> Although this isn't a completely free solution we've used it with very
>> good success without any updates for a while now.
>> http://www.maxmind.com/app/geoip_features. If you are using it for
>> just country level access for $50 it's not a bad investment.
>>
>> I've included some code for accessing checking the IP, once you have
>> the database loaded. Please note that the java database is much, much
>> faster than using the data in  a database table.
>>
>> > output="false">
>>                > type="string" />
>>
>>                
>>                
>>                
>>                
>>                
>>                
>>
>>                
>>                
>>                        > (CGI.REMOTE_ADDR)>
>>                                
>>                        
>>                
>>                
>>
>>                
>>                
>>                
>>                        
>>                        > isNumeric(aIPParts[1]) and
>> isNumeric(aIPParts[2]) and isNumeric(aIPParts[3]) and
>> isNumeric(aIPParts[4])>
>>                                > (aIPParts[2] * (256^2))
>> + (aIPParts[3] * (256^1)) + (aIPParts[4]) />
>>                                > datasource="#getDatasource()#">
>>                                        SELECT TOP 1 country FROM GeoIP
>>                                        WHERE
>>                                        CAST(#iIPNum# AS bigint) between 
>> CAST(begin_num AS bigint) and
>> CAST(end_num AS bigint)
>>                                
>>                                
>>                                
>>                                        > datasource="#getDatasource()#">
>>                                                SELECT * FROM countryBlacklist
>>                                                WHERE country = > cfsqltype="cf_sql_varchar"
>> value="#getIP.country#" />
>>                                        
>>                                        
>>                                                
>>                                        
>>                                
>>                        
>>
>>                
>>
>>
>>                
>>        
>>
>> Hope this helps.
>>
>> Best Regards,
>> Donnie Bachan
>> "Nitendo Vinces - By Striving You Shall Conquer"
>> ==
>> The information transmitted is intended only for the person or entity to
>> which it is addressed and may contain confidential and/or privileged
>> material. Any review, retransmission, dissemination or other use of, or
>> taking of any action in reliance upon, this information by persons or
>> entities other than the intended recipient is prohibited. If you received
>> this in error, please contact the sender and delete the material from any
>> computer.
>>
>>
>>
>> On Sun, Dec 25, 2011 at 5:56 AM, Phillip Vector
>>  wrote:
>>>
>>> Is there a server side solution for GeoIP that I can use? I'd like to
>>> make up some CF code that can detect when sites are connecting in
>>> area

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349242
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: GeoIP for Coldfusion?

2011-12-25 Thread Donnie Bachan (Gmail) 

Although this isn't a completely free solution we've used it with very
good success without any updates for a while now.
http://www.maxmind.com/app/geoip_features. If you are using it for
just country level access for $50 it's not a bad investment.

I've included some code for accessing checking the IP, once you have
the database loaded. Please note that the java database is much, much
faster than using the data in  a database table.


























SELECT TOP 1 country FROM GeoIP
WHERE
CAST(#iIPNum# AS bigint) between 
CAST(begin_num AS bigint) and
CAST(end_num AS bigint)




SELECT * FROM countryBlacklist
WHERE country = 













Hope this helps.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.



On Sun, Dec 25, 2011 at 5:56 AM, Phillip Vector
 wrote:
>
> Is there a server side solution for GeoIP that I can use? I'd like to
> make up some CF code that can detect when sites are connecting in
> areas we don't serve and direct them to a different page. Is there any
> (free) solutions for ColdFusion to detect where an IP is located?
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349237
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: URGENT: problem with latest hotfix

2011-12-14 Thread Donnie Bachan (Gmail) 

Out of curiosity, did you follow steps in Section 1 or Section 2?

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349149
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: URGENT: problem with latest hotfix

2011-12-14 Thread Donnie Bachan (Gmail) 

Out of curiousity, did you perform the steps in Section 1 or Section 2?


Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.



On Wed, Dec 14, 2011 at 9:26 PM, John M Bliss  wrote:
>
> Yes. I (of course) did it quickly because I was attempting to keep downtime
> to a minimum:
>
> - click "yes" on the "are you sure you want to delete" dialog
> - see that files are gone
> - click "start service"
>
> On Wed, Dec 14, 2011 at 3:19 PM, Donnie Bachan (Gmail) <
> donnie.bac...@gmail.com> wrote:
>
>>
>> Did you ensure that all the old jar files referenced in point 5 were
>> removed? You need to stop all the instances and remove the jar files,
>> then attempt to restart.
>>
>> Best Regards,
>> Donnie Bachan
>> "Nitendo Vinces - By Striving You Shall Conquer"
>> ==
>> The information transmitted is intended only for the person or entity to
>> which it is addressed and may contain confidential and/or privileged
>> material. Any review, retransmission, dissemination or other use of, or
>> taking of any action in reliance upon, this information by persons or
>> entities other than the intended recipient is prohibited. If you received
>> this in error, please contact the sender and delete the material from any
>> computer.
>>
>>
>>
>> On Wed, Dec 14, 2011 at 9:14 PM, John M Bliss 
>> wrote:
>> >
>> > Event Type: Error
>> > Event Source: ColdFusion 8 Application Server
>> > Event Category: None
>> > Event ID: 263
>> > Date: 12/14/2011
>> > Time: 2:59:12 PM
>> > User: N/A
>> > Description:
>> > The ColdFusion 8 Application Server service killed process with pid 6916
>> > (no such PID running on server any longer).
>> >
>> > Event Type: Error
>> > Event Source: ColdFusion 8 Application Server
>> > Event Category: None
>> > Event ID: 261
>> > Date: 12/14/2011
>> > Time: 2:59:12 PM
>> > User: N/A
>> > Description:
>> > The ColdFusion 8 Application Server service could not be started within
>> 240
>> > seconds.  Increase the server startup timeout value using
>> > C:\ColdFusion8\runtime\bin\jrunsvc.exe -starttimeout 
>> "ColdFusion
>> > 8 Application Server".
>> >
>> >
>> >
>> > On Wed, Dec 14, 2011 at 3:02 PM, Wil Genovese 
>> wrote:
>> >
>> >>
>> >> what error?
>> >>
>> >> and read this on the subject of a patch failing
>> >> http://www.trunkful.com/index.cfm/2011/3/7/When-the-Patch-Fails
>> >>
>> >> Also, if the Feb Security patch also broke CF 8.0.1 if HotFix 4 was not
>> >> already applied.
>> >>
>> >>
>> >>
>> http://www.trunkful.com/index.cfm/2011/3/31/ColdFusion-Security-Update-Breaks-ColdFusion
>> >>
>> >>
>> >> Wil Genovese
>> >> Sr. Web Application Developer/
>> >> Systems Administrator
>> >> CF Webtools
>> >> www.cfwebtools.com
>> >>
>> >> wilg...@trunkful.com
>> >> www.trunkful.com
>> >>
>> >> On Dec 14, 2011, at 2:59 PM, John M Bliss wrote:
>> >>
>> >> >
>> >> > Following instructions for 8.01 here:
>> >> > http://kb2.adobe.com/cps/925/cpsid_92512.html
>> >> >
>> >> > ...and CF Server service is not starting back up. Anyone have any
>> advice
>> >> > for me?
>> >> >
>> >> > --
>> >> > John Bliss - http://about.me/jbliss
>> >> >
>> >> >
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349148
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: URGENT: problem with latest hotfix

2011-12-14 Thread Donnie Bachan (Gmail) 

Did you ensure that all the old jar files referenced in point 5 were
removed? You need to stop all the instances and remove the jar files,
then attempt to restart.

Best Regards,
Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.



On Wed, Dec 14, 2011 at 9:14 PM, John M Bliss  wrote:
>
> Event Type: Error
> Event Source: ColdFusion 8 Application Server
> Event Category: None
> Event ID: 263
> Date: 12/14/2011
> Time: 2:59:12 PM
> User: N/A
> Description:
> The ColdFusion 8 Application Server service killed process with pid 6916
> (no such PID running on server any longer).
>
> Event Type: Error
> Event Source: ColdFusion 8 Application Server
> Event Category: None
> Event ID: 261
> Date: 12/14/2011
> Time: 2:59:12 PM
> User: N/A
> Description:
> The ColdFusion 8 Application Server service could not be started within 240
> seconds.  Increase the server startup timeout value using
> C:\ColdFusion8\runtime\bin\jrunsvc.exe -starttimeout  "ColdFusion
> 8 Application Server".
>
>
>
> On Wed, Dec 14, 2011 at 3:02 PM, Wil Genovese  wrote:
>
>>
>> what error?
>>
>> and read this on the subject of a patch failing
>> http://www.trunkful.com/index.cfm/2011/3/7/When-the-Patch-Fails
>>
>> Also, if the Feb Security patch also broke CF 8.0.1 if HotFix 4 was not
>> already applied.
>>
>>
>> http://www.trunkful.com/index.cfm/2011/3/31/ColdFusion-Security-Update-Breaks-ColdFusion
>>
>>
>> Wil Genovese
>> Sr. Web Application Developer/
>> Systems Administrator
>> CF Webtools
>> www.cfwebtools.com
>>
>> wilg...@trunkful.com
>> www.trunkful.com
>>
>> On Dec 14, 2011, at 2:59 PM, John M Bliss wrote:
>>
>> >
>> > Following instructions for 8.01 here:
>> > http://kb2.adobe.com/cps/925/cpsid_92512.html
>> >
>> > ...and CF Server service is not starting back up. Anyone have any advice
>> > for me?
>> >
>> > --
>> > John Bliss - http://about.me/jbliss
>> >
>> >
>> >
>>
>>
>
> 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349146
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Server Monitoring

2009-04-14 Thread Donnie Bachan (Gmail) 

I second Nagios. You can monitor the port required and get alerts by
email or sms (if available)

On 4/14/09, Mike Chabot  wrote:
>
> Oops. You did mention that you run CF8. Have you explored the
> monitoring feature built into CF8 yet?
>
> -Mike Chabot
>
> On Tue, Apr 14, 2009 at 10:04 AM, Mike Chabot  wrote:
>> If your goal is to diagnose a mystery database issue that is a
>> definite problem, I would use a database monitoring tool, such as MS
>> SQL Profiler. Are you aware of the professional database monitoring
>> tools, such as the ones Quest and Idera make? Where Web site
>> monitoring of the database helps is to ensure that the Web server can
>> connect to the database server, but that doesn't sound like the
>> problem you are describing. What database are you running and what
>> version of CF are you running? I ask about the CF version because CF8
>> has the query profiling feature built into it, although I would still
>> favor a database query analysis tool if you know the problem is the
>> database.
>>
>> -Mike Chabot
>>
>> On Tue, Apr 14, 2009 at 10:27 AM, Rob Parkhill
>>  wrote:
>>>
>>> Good Day,
>>>
>>> Can't come up with a better title, so here is what I want to do.
>>>
>>> I have two servers, one DB and one web.  My DB server is having MASSIVE
>>> issues at the moment. CPUs blowing up, and the server shutting down
>>> randomly, at night.  I would like to use the webserver (with CF8) to
>>> monitor the status of the DB server, and was wondering what everyone
>>> thought was the best method? I was thinking of checking to see if the
>>> domain server (which is controlled by the DB server) was in existence,
>>> although I am not sure if that is possible with CF.  The other thing I
>>> could test would be the connection to the database, but I can't seem to
>>> find the references to accessing the admin tools in CF8, where I thought
>>> that would be possible, so any resource direction would be much
>>> appreciated.
>>>
>>> Thanks,
>>>
>>> Rob
>>>
>>>
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321573
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Question about hack

2009-04-14 Thread Donnie Bachan (Gmail) 

Hi Mark,

I only mentioned cfexecute because of the permissions set on our
specific case. Your info seems most likely. I did notice that there
was a cfm file created with a call to cfexecute on the webroot so this
should be a check as well.

 best regards
Donnie

On 4/13/09, Nick Gleason  wrote:
>
> Donnie, Mark,
>
> Our research so far seems to support marks's analysis of this problem.
> There are still some unknowns here so that may change.  But, changing your
> FTP accounts and setting your FTP server to ban IPs after a certain number
> of failed login attempts will prevent most brute force attempts on FTP.  Our
> server admin didn't do that which appears to have been a mistake.
>
> Nick
>
> 
> .
>
>
>> -Original Message-
>> From: Mark Kruger [mailto:mkru...@cfwebtools.com]
>> Sent: Monday, April 13, 2009 1:14 PM
>> To: cf-talk
>> Subject: RE: Question about hack
>>
>>
>> Donnie,
>>
>> I believe this is the same attack I have been helping another
>> customer with and it does not appear to be related to CF.
>> Instead, it appears to start with a malware install of some
>> kind on the server (and possibly a root kit) and then
>> progress to the creation of accounts and the changing of file
>> permissions. Another theory gaining weight (and illustrating
>> that we don't know much yet) is that this attack is an agent
>> on a client computer that piggybacks onto FTP - which
>> explains a few things but not everything. I'm guessing some
>> combination at this point.
>>
>> Anyway, I agree that cfexecute is a dangerous tag that needs
>> to be controlled, but it does not appear to be the cuprit.
>> All of this advice is good, but the only place that CF comes
>> into play on this particular hack happens to be the
>> propensity to use "index.cfm" as the home page script. The
>> attack targets "index.*" files and affects (on the server I
>> am working with) Index.cfm, index.html and index.php etc.
>>
>> -Mark
>>
>
>
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321565
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Question about hack

2009-04-13 Thread Donnie Bachan (Gmail) 

Hi Nick,

I know this post is a bit late but to your original question, that
attack is as a result of incorrect file/iis permissions and is not an
XSS attack. I would even bet that you are on a shared server (at HMS)
since one of my client sites had this exact same problem. The attacker
would have gained access to the file system (possibly via FTP) and
executed code that injected the code into all index.* files on the
server (not just your hosting account). We have had a lot of problems
trying to get this sorted out. It appears that the issue was with
security related to the windows script host and/or CFEXECUTE. The only
thing you can do to prevent this is work with your hosting provider to
secure the system or move to a VPS or dedicated account and make sure
your FTP accounts are secure.

HTH

Donnie Bachan
"Nitendo Vinces - By Striving You Shall Conquer"
==
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any
computer.



On Mon, Apr 13, 2009 at 1:30 PM, Richard White  wrote:
>
> hi dave, i have scripts that write to the file system as well. what would i 
> need to do to secure them, do you have a link that i could read in relation 
> to this as i am a little lost as to what to do
>
> thanks
>
>> > We are having to scrub our files to remove the injected code (which
>> is being written directly
>> > to the files as the result of the hack allowing "FULL CONTROL" for
>> the Everyone user on the
>> > machine.
>> >
>> > Have you determined a solution for removing/preventing this?
>>
>> First, audit your code to find any scripts that can write to the
>> filesystem.
>> Second, audit your code to find any scripts that pass unfiltered user
>> input to the database.
>> Third, fix that code.
>> Fourth, configure filesystem permissions properly to prevent CF or
>> your database from writing to the web server's webroot.
>>
>> Dave Watts, CTO, Fig Leaf Software
>> http://www.figleaf.com/
>>
>> Fig Leaf Software provides the highest caliber vendor-authorized
>> instruction at our training centers in Washington DC, Atlanta,
>> Chicago, Baltimore, Northern Virginia, or on-site at your location.
>> Visit http://training.figleaf.com/ for more
> information!
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:321551
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: Upload progress bar

2008-02-02 Thread Donnie Bachan (Gmail) 
George, I agree with the idea of just displaying some sort of
animation, if something is taking too long you can always say "still
working...hang on!" but the entire idea is to give the user an
indicator letting them know that something is happening and the upload
hasn't died. You will need to include proper error handling and
timeouts. It really isn't something you want to spend hours on because
in the end it really isn't that important to show that 10 MBs out of
100MBs have been uploaded (and if you are uploading something that big
via the browser I would discourage that! IMHO).

Will, Why limit yourself: http://www.ajaxload.info/ we


Best Regards,
Donnie

On Feb 2, 2008 11:35 AM, Will Tomlinson <[EMAIL PROTECTED]> wrote:
> I went ahead and put up a gif I use.
>
> http://wtomlinson.com/wait30.gif
>
> HTH,
> Will
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298008
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Re: CFEclipse with Aptana

2008-02-02 Thread Donnie Bachan (Gmail) 
Pete,

I think for it to work correctly you need to enable line numbers in
both places (General > Editors > Text Editors and within the CFEclipse
> Editor panels). I am using Eclipse with both Aptana and CFEclipse
installed and was having a similar problem when one or the other was
checked. I know that you are using the Aptana install with CFEclipse
as a plugin but I don't think there is really a difference because the
Aptana docs say that you have to enable line numbers by General >
Editors > Text Editors (see
http://www.aptana.com/docs/index.php/Displaying_or_hiding_line_numbers).
If all else fails, you could always try it on a clean install with the
latest updates.

BTW, are you on Windows or Mac?

HTH.

Best Regards,
Donnie

On Feb 2, 2008 1:45 PM, Pete Ruckelshaus <[EMAIL PROTECTED]> wrote:
> I have tried a variety of combinations of checking, unchecking, and
> rechecking the line number options in both places, to no avail.  Also, if I
> wasn't clear, I'm using the Aptana install and not Eclipse with the Aptana
> plugin.
>
> Pete
>
>
> On Feb 2, 2008 10:14 AM, James Davis <[EMAIL PROTECTED]> wrote:
>
> > Pete,
> >
> > Make sure you check the "Show Line Numbers" under the CFEclipse options.
> > That threw me off when i first started using it. In the Preferences, it's
> > under CFEclipse>Editor. If you're just checking under General>Editors>Text
> > Editors, that "Show Line Numbers" option will not show line numbers in CFM
> > pages.
> >
> > James Davis
> > Kaleida Systems
> >
> > 
> >
> > From: Pete Ruckelshaus [mailto:[EMAIL PROTECTED]
> > Sent: Sat 2/2/2008 9:38 AM
> > To: CF-Talk
> > Subject: CFEclipse with Aptana
> >
> >
> >
> > I've been using Aptana (http://www.aptana.org/) with my students in my web
> > design class (I teach in a public school district and didn't inherit any
> > budget for software, Aptana is both free and very very good).  I've
> > actually
> > grown to prefer it over HomeSite+ for HTML, JS, and CSS; it's based on
> > Eclipse, so you can install Eclipse plug-ins -- including cfeclipse --
> > with
> > no problem.  The only thing that's keeping me from using it for all of my
> > ColdFusion development is that for some reason, I can't get line numbers
> > to
> > show when editing CFM files, and the "show line numbers" setting in the
> > settings applet won't save the setting.  Has anyone else encountered this
> > issue, and if so, is there a fix?
> >
> > Thanks,
> >
> > Pete
> >
> >
> >
> >
> >
>
> 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298004
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4