RE: Billing System Query Help
Do you have link (foreign key) columns? With what you have here I am not sure how you would write a join. Also what db? It matters :) -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Jim McAtee [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 5:48 PM To: CF-Talk Subject: Billing System Query Help The following is a simplification of an invoice/payment tracking database: Invoices - InvoiceID INT CustomerName VARCHAR InvoiceItems - InvoiceItemID INT ItemAmount CURRENCY InvoicePayments - InvoicePaymentID INT PaymentAmountCURRENCY I need a query to do the following: Find all invoices where the total payments are not equal to the invoice total (line item total), and find the difference, which is the amount due on the invoice (occasionally overpayment). Invoice # Customer Total Paid Due -- - - - - 1245 Bob Jones 450.25 300.00 150.25 1278 Norm Stanley 2295.00 100.00 1295.00 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Dumping Local Vars Scope
Thought they were in 5 but hadn't been in 4.5 and previous. My bad. Hmm how would you do it then? -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 21, 2004 2:23 PM To: CF-Talk Subject: RE: Dumping Local Vars Scope > Go download cf_dump from the macromedia exchange. I don't think that'll let you dump all local variables within CF 5, since I don't think they're not contained within a structure in CF 5. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Dumping Local Vars Scope
Go download cf_dump from the macromedia exchange. -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Ray Champagne [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 21, 2004 2:03 PM To: CF-Talk Subject: Re: Dumping Local Vars Scope I don't know how to answer your question, but it sounds like that they might have written it in FuseBox? That would explain all the files being included Ray http://www.crystalvision.org At 01:55 PM 4/21/2004, you wrote: >Okay I'm brain cramping today so forgive the simple request - > >I'm working within a CF5 environment on an inherited application that has >approximate 30 different files being cfincluded (depending on what the end >user is doing) to create a single page (I don't know why the person wrote >it this way) and would like to output the variables. scope to figure >out what the H#LL this person was doing. There's somewhere near 100 local >variables that are used throughout the creation of the page. Obviously >[cfdump var=#variables#] doesn't work. Anyone have tag or section of code >that does this? I've checked out 'MegaDump' but it doesn't output the >variables. scope for CF5. > > >Thanks in advance, > > >Steven Semrau > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Writing formatted data to Excel
There is a Jakarta project called POI that is making java objects that can create all different types of office documents. Se it here: http://jakarta.apache.org/poi/index.html -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Hagan, Ryan Mr (Contractor ACI) [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 1:52 PM To: CF-Talk Subject: Writing formatted data to Excel Greetings, I know that MS has kept .xsl files proprietary, but I was wondering if anyone knew any tricks for spitting out some formatted data into Excel. Basically, I really just want to set the format to a column as "currency". I can dump a TAB delimited file from CFMX just fine into Excel, but that extra little bit of formatting would be REALLY nice. Anyone? Thanks! Ryan Hagan ph: 540-731-3588 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Exchange/Outlook Tie-Ins
Will try this now. -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Jeff Garza [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 12:31 PM To: CF-Talk Subject: Re: Exchange/Outlook Tie-Ins Here is something you might want to try... Create a blank Access database, choose file -> get external data -> link tables. Then pick Exchange from the list of Datasource types. Link to the GAL from access and set it up as a datasource or use CF to pump the data from there into a different DB... You could also setup a scheduled DTS package (if you are using SQL Server) to pump it in nightly. This might not be the most elegant solution, but without using LDAP (which Exchange and Active Directory both use) you are kinda hosed... HTH, Jeff Garza - Original Message - From: Heald, Tim To: CF-Talk Sent: Friday, April 16, 2004 8:53 AM Subject: Exchange/Outlook Tie-Ins Does anyone have experience getting access to the GAL in exchange from cf? We are not permitted to use LDAP here. I think I have seen active x controls that would give this access, but I can't seem to find anything that does what I need. Basically my CF app is putting together task information. Then the user needs to pick someone to email information from that task. The user that gets emailed the task may not be an application user, but will be in our gal for sure. I would like to either have some way of querying Exchange to get the different email addresses, or a way I can generate an email in the users local outlook, then they can look up the email in the gal themselves. Any ideas? -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Exchange/Outlook Tie-Ins
Isn't COM mainly broken in MX? -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 12:32 PM To: CF-Talk Subject: RE: Exchange/Outlook Tie-Ins > Does anyone have experience getting access to the GAL in > exchange from cf? We are not permitted to use LDAP here. I > think I have seen active x controls that would give this > access, but I can't seem to find anything that does what I need. > > Basically my CF app is putting together task information. > Then the user needs to pick someone to email information from > that task. The user that gets emailed the task may not be an > application user, but will be in our gal for sure. I would > like to either have some way of querying Exchange to get the > different email addresses, or a way I can generate an email > in the users local outlook, then they can look up the email > in the gal themselves. I think you're looking for the CDO API (and maybe some parts of ADSI also): http://support.microsoft.com/default.aspx?scid=kb;EN-US;225500 http://support.microsoft.com/?kbid=241474 Both CDO and ADSI are COM APIs. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Exchange/Outlook Tie-Ins
Has anyone used CDO from CFMX? -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Heald, Tim Sent: Friday, April 16, 2004 12:01 PM To: CF-Talk Subject: Exchange/Outlook Tie-Ins Does anyone have experience getting access to the GAL in exchange from cf? We are not permitted to use LDAP here. I think I have seen active x controls that would give this access, but I can't seem to find anything that does what I need. Basically my CF app is putting together task information. Then the user needs to pick someone to email information from that task. The user that gets emailed the task may not be an application user, but will be in our gal for sure. I would like to either have some way of querying Exchange to get the different email addresses, or a way I can generate an email in the users local outlook, then they can look up the email in the gal themselves. Any ideas? -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Exchange/Outlook Tie-Ins
Does anyone have experience getting access to the GAL in exchange from cf? We are not permitted to use LDAP here. I think I have seen active x controls that would give this access, but I can't seem to find anything that does what I need. Basically my CF app is putting together task information. Then the user needs to pick someone to email information from that task. The user that gets emailed the task may not be an application user, but will be in our gal for sure. I would like to either have some way of querying Exchange to get the different email addresses, or a way I can generate an email in the users local outlook, then they can look up the email in the gal themselves. Any ideas? -- Timothy Heald Web Portfolio Manager Diplomatic Security U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: why are procedures better? (was: RE: Securing CF Apps.)
Ok, Access to the db security model through the use of oracle users and roles. You cannot do this with a cfquery. Try working with a pl/sql array in a query block. or a clob. Or any kind of advanced PL/SQL. What kind of work can you do with the OID? None. These are oracle specific examples. But that's the environment in which I work. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 9:58 AM To: CF-Talk Subject: Re: why are procedures better? (was: RE: Securing CF Apps.) > Yes, we are having a generic technical debate, and what I am saying is > that > when the team setup or hierarchical setup is not ideal, separating > work out > makes the project move along faster. Stored procs come into play here > in > that someone can tackle this aspect while other things are being > taken care > of That's pretty generic... Just another situation in which > stored procs > are better. > Maybe I wasn't clear in my reply to that statement. There is nothing inherent about stored procedures which makes them better for separating out work. It is in fact the same amount of work to separate queries as it is stored procedures. So far in this thread, the only benefit mentioned so far for stored procedures is transaction handling. -Matt _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: why are procedures better? (was: RE: Securing CF Apps.)
Additionally, if your on a team with a good PL/SQL developer they are going to write packages and procedures for you to call. They can then do cross tabs, array loops and all sorts of other things that you can't do in a regular query block, such as work with the oracle session, db user accounts, security according to db roles - which doesn't work with a query block. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 9:37 AM To: CF-Talk Subject: RE: why are procedures better? (was: RE: Securing CF Apps.) > I certainly understand your position. But what does that have > to do with comparing stored procedures to queries? It may > matter in your particular situation, but we are supposed to > be having a generic technical debate. Yes, we are having a generic technical debate, and what I am saying is that when the team setup or hierarchical setup is not ideal, separating work out makes the project move along faster. Stored procs come into play here in that someone can tackle this aspect while other things are being taken care of That's pretty generic... Just another situation in which stored procs are better. Mike _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
This is one more thing. There is of course a firewall (three or four actually before you get to the db) and there is and IDS, and there is virus protection software, and the OS is locked down and so on and so on. We were not advocating doing away with basic security practices, just saying take them to the next level. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 9:36 AM To: CF-Talk Subject: Re: Securing CF Apps. > yes matt. it is true that there is a dba login to every database. of > course no one using the application has the role of dba. so what is > your point? > The point is the login is there and can be exploited. No matter how much you lock down the schema, there is always one user account which has full access. Therefore, I believe you are wasting your time trying to lock down the schema in the case of a web application. It would be much better to implement a stateful firewall in front of your database, so it could be fully protected. -Matt _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
>Again, that provides insight into your encryption algorithm Again, I am using an open algorithm. You can break it. It's a speed bump. >Your techniques do not give people less to go on. You just give them a different set of things to go on. It also makes it more difficult to get something to go on, and makes it take more time. Hopefully enough that they will go after a softer target. >No, they have your whole application and anything else that may be useful. Just being able to change the code in your application without anyone knowing would allow me to many bad things. I do grant that I was a bit extreme in saying you have nothing. What I meant was simply accessing my source code isn't in and of it self that big of a deal. Obviously if you get execute permissions on one of my servers it's a huge deal. >How is that different than any other setup? Because the user name and password are not stored in anyway on the web server. Ok, I grant you IP addresses can be spoofed, as can mac addresses, so how do you rectify this issue? >Again, another user could access the schema. Yes and if you can guess my sysdba account I am screwed. However I will be alerted by my server long before any brute force hack would work. Is it perfect? No, but remember security is about risk mitigation. Nothing can be 100% secure. >I just hope you aren't protecting something I depend on. Don't worry Matt, they wouldn't even let you inside some of the buildings I work in. Again, I say, I am not saying that this is the only control you should be using. Obviously you should have many different approaches to security in place. From network specific controls, access controls, physical controls, ids systems. I mean around here the list goes on and on. Auditing, user interviews, it's a lot to take in in one email thread. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:06 PM To: CF-Talk Subject: Re: Securing CF Apps. > If my user.login is encrypted one time as kjdfljsldfl and the user > comes > back and types in kjdfljsldfl they don't get taken to that circuit, > because > it's different this time. > Again, that provides insight into your encryption algorithm. > I think that with all the benefits of procedures, if you have them > available, you're a fool not to use them, and not just because of the > enhanced security. Obviously proper error handling is important AS > WELL. > This is not an either/or argument, rather a complimentary one. > Since I don't use stored procedures I most be a fool. Although, I haven't seen how you have proven that statement to be true. > So by understanding the structure of an application, you can then > begin to > analyze it's weaknesses. In the environment in which I work we want > to give > them as little as possible to go on. > Your techniques do not give people less to go on. You just give them a different set of things to go on. > Is that so?? I disagree. If someone gains access to my web server > they > have nothing. No, they have your whole application and anything else that may be useful. Just being able to change the code in your application without anyone knowing would allow me to many bad things. > Now my db which is on the other side of a firewall, and only > accepts connections from specific ips, if they got in that it could > become > problematic. Whoops, IPs can be spoofed. > Why? Because there are no user names or passwords stored on > my web server. There is no way to open a direct connection into my db > without having a user account on the db. How is that different than any other setup? > Your rights and roles are also > stored in that db, not in the application, and so you would not > really get > anything other than images and source code. There are always other user accounts that can access anything. > You don't even get the code of > the procedure calls, and so you are still blind to the schema of my > db. > Again, another user could access the schema. > But moving towards my CISSP and GSEC, having been a cyber threat > analyst for > the last two years, and soon to be managing a federal CERT, I can > tell you > this, there is always going to be some new exploit. It's going to be > something you didn't think of. But that zero day exploit isn't going > to be > the one that does all the crazy damage. It's going to be some known > vulnerability that you could have prevented from putting your system > at > risk. (slammer, blaster etc.) By duplication o
RE: Securing CF Apps.
Why do I need someone to agree with me? I have my own mind. I can asses the objective reality of whether I feel something is useful to me. You should check out some Ayn Rand some time. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:28 PM To: CF-Talk Subject: Re: Securing CF Apps. This is precisely why my security co-worker was so adament against obfuscation: absolutely no one can agree on its usage and usefulness. - Original Message - From: Jochem van Dieten <[EMAIL PROTECTED]> Date: Tuesday, March 23, 2004 2:53 pm Subject: Re: Securing CF Apps. > Dave Watts wrote: > >> I used to work with a security/cryptology expert. His #1 rule: > >> > >> "Never, ever use obfuscation". > > > > > > While I wouldn't categorize myself as a security expert, much > less a > > cryptologist, I would disagree with this. At the very least, I'd > amend it to > > "Never, ever use obfuscation as your sole method of security." > > I would amend it differently: > "Never, ever use obfuscation if it adds complexity for yourself." > > > > There is nothing wrong with "security through obscurity", as > long as you > > don't rely on it as your only protection. I would draw an > analogy between > > computer security and getting shot at. When you're being shot > at, there are > > two sorts of protection you might resort to. You might take > cover by getting > > behind a solid object that can block fire. You might conceal > yourself behind > > something that would obscure you as a target. When you're > getting shot at, > > cover and concealment are both useful; concealment won't stop a > bullet, but > > it'll lessen the likelihood of people shooting in your > direction. Ideally, > > you want both cover and concealment, of course, if for no other > reason than > > to avoid the stress of being shot at. > > Unless you have cover by an object that will stop the small arms > fire from the other side, but at the same time so well concealed > your side doesn't see you and you die from 'friendly' fire when > your side bombs the opponent. > > Obfuscation can hurt the obfuscator, just like a firewall can > introduce a risk to an otherwise well protected computer. > > Jochem > > -- > I don't get it > immigrants don't work > and steal our jobs > - Loesje > > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
why are procedures better? (was: RE: Securing CF Apps.)
1. They execute faster. The db (I only know from Oracle and SQL Server, if others are different it doesn't really concern me) can optimize the execution plan. 2. You can often times do more. There are things I can do in a pl/sql package/procedure that I cannot do in a query call 3. You can limit access with them. Now granted you can set it up so you are only selecting from a view in your query block as well, but it makes more sense to me to do it in a procedure. 4. An additional layer of security. You can ensure that you user not only cannot execute the procedure, but they can't even tell it exists. I am sure there are more reasons, but I think those are sufficient to use procedures. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:06 PM To: CF-Talk Subject: Re: Securing CF Apps. > If my user.login is encrypted one time as kjdfljsldfl and the user > comes > back and types in kjdfljsldfl they don't get taken to that circuit, > because > it's different this time. > Again, that provides insight into your encryption algorithm. > I think that with all the benefits of procedures, if you have them > available, you're a fool not to use them, and not just because of the > enhanced security. Obviously proper error handling is important AS > WELL. > This is not an either/or argument, rather a complimentary one. > Since I don't use stored procedures I most be a fool. Although, I haven't seen how you have proven that statement to be true. > So by understanding the structure of an application, you can then > begin to > analyze it's weaknesses. In the environment in which I work we want > to give > them as little as possible to go on. > Your techniques do not give people less to go on. You just give them a different set of things to go on. > Is that so?? I disagree. If someone gains access to my web server > they > have nothing. No, they have your whole application and anything else that may be useful. Just being able to change the code in your application without anyone knowing would allow me to many bad things. > Now my db which is on the other side of a firewall, and only > accepts connections from specific ips, if they got in that it could > become > problematic. Whoops, IPs can be spoofed. > Why? Because there are no user names or passwords stored on > my web server. There is no way to open a direct connection into my db > without having a user account on the db. How is that different than any other setup? > Your rights and roles are also > stored in that db, not in the application, and so you would not > really get > anything other than images and source code. There are always other user accounts that can access anything. > You don't even get the code of > the procedure calls, and so you are still blind to the schema of my > db. > Again, another user could access the schema. > But moving towards my CISSP and GSEC, having been a cyber threat > analyst for > the last two years, and soon to be managing a federal CERT, I can > tell you > this, there is always going to be some new exploit. It's going to be > something you didn't think of. But that zero day exploit isn't going > to be > the one that does all the crazy damage. It's going to be some known > vulnerability that you could have prevented from putting your system > at > risk. (slammer, blaster etc.) By duplication of your efforts, by > overlapping your protection you're trying to create a shell around > your > application and it's data. Obscurity is just one more tool you can > use to > do that. > I just hope you aren't protecting something I depend on. -Matt _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
I have said time and again that I follow a layered approach to security. Would security through obscurity work in and of itself? No, it wouldn't. However combined with many of the other best practices we have discussed here today it can make for a reasonably well protected application. So Matt you tell me how would you have me do it different? You have sat here and argued all day with out offering a single tangible alternative. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:16 PM To: CF-Talk Subject: Re: Securing CF Apps. > The open source community likes to make the point that security > through > obscurity doesn't work. Just because someone says it doesn't make it > true. > the methods I use to secure my site are open. hell you can go > download the > udf I use to do url encryption right now to see how I do it. You can > even > crack it if you take the time. It's a seed bump. Just like you have > to > decide how much time and money your going to put into securing your > application or site, so does the intruder have to decide to go after > you or > another weaker site. > What a terrible statement to make. If you are going to suggest security through obscurity works; prove it. > Also not all encryption standards are widely available. As a matter > of fact > in some instances it is illegal to let people know the detail of high > level > encryption algorithms. > Yeah, laws really stopped the exportation of encryption algorithms. :) -Matt _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
It was already proven by someone else in another post. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:18 PM To: CF-Talk Subject: Re: Securing CF Apps. > What is funny to me is that the number of Linux vulnerabilities far > surpasses the number of M$ ones. Look into it. It's just that M$ > products > are more commonly used, and therefore more commonly attacked. > Your statement is false, but since you made it, I'll let you prove it. -Matt _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
Listen, channeling a user so that they have to follow a certain process doesn't add hassles. If anything it stops them from leaving your app in the middle of a necessary step in a process, or makes it easier for them to navigate from point a to point b. I have seen so many complaints on here that revolved around book marks and back buttons fouling up business logic that it's not even funny. And yet again I say it, if you don't like it don't do it. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 5:58 PM To: CF-Talk Subject: Re: Securing CF Apps. Where do people get the idea that adding hassles to the user makes anything more secure. It's like our nations airport security. Making me jump through hoops and delaying me doesn't make things more secure; it pisses me off. It is possibly to have strong security and provide an application that meets the users' needs. Taking away bookmarks, back buttons, etc. doesn't do that. -Matt On Mar 23, 2004, at 2:23 PM, Heald, Tim wrote: > Here's my take on it. You layer security on like an onion. In many > cases > you protect against the same kinds of attacks many times. I don't > want a > user to get to a specific area of my site unless they are logged > in. Ok so > I check a session or client variable that I set upon login. Well I > have a > user that has logged in and gotten to my page. Now they book marked > the > page. Well written correctly since their session doesn't exist I > send them > to the login page. However I personally would like to take it a step > further. I don't want people to be able to bookmark pages in my app > at all. > Also I don't want them to be able to figure out the structure of my > application because I used plain text, easy to understand names for > the > different sections of the app (in this case circuits). So I encrypt > my url > variables. Why? They don't get any information about the structure > of my > app, or about the information I am passing between pages. When they > book > mark the site the fuseaction is gobly gook. Means nothing and kicks > them to > my home page or login or whatever. Ok, what else is involved here? > Validation. Both client and server side. You use client side > knowing that > it is easily defeated by turning off _javascript_s, but you use it to > keep > from hitting the server. Then you do it again on the client side to > make > sure that nothing got by. In 90% of the cases they user will have > _javascript_ enabled and it will have saved some of your server > resources. > Now you have communications between the db and cf. What can you > do? Well > for one you use an actual db user account to validate > people. Why? Because > then you can limit what actions the user can take, not only through > the > application, but through the db as well. Also your not storing a > username > and password anywhere. Someone said earlier that means they can open > up SQL > + or enterprise manager and login to the db, well this is true, but > they are > only able to see and do the same exact things that they would be able > to do > through your application, if the DB is locked down correctly. In > oracle at > least you have to be granted rights to even know if a table > exists. I can > have a user table, but if you don't have select or whatever other > privileges, you get a table not found error. > > > In the past we have made many mistakes in security. I am sure that > we still > make many as a community. New exploits are announced daily. Most of > the > things that we are trying to protect against aren't even used anymore > because in general developers learned form their mistakes. Does this > mean > we should stop doing them? > > -- > Timothy Heald > Web Portfolio Manager > Overseas Security Advisory Council > U.S. Department of State > 571.345.2319 > > The opinions expressed here do not necessarily reflect those of the > U.S. > Department of State or any affiliated organization(s). Nor have these > opinions been approved or sanctioned by these organizations. This > e-mail is > unclassified based on the definitions in E.O. 12958. > > -Origin
RE: Securing CF Apps.
I think something used to either sell products on the web, or provide information on the web is a site. Now the site might be controlled by a back end content management system, or some sort of inventory application, but the rest of it is a web site. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 5:30 PM To: CF-Talk Subject: Re: Securing CF Apps. Sure, why don't you tell me what makes Amazon a site, and not an application. *yawn* - Original Message - From: Adrocknaphobia <[EMAIL PROTECTED]> Date: Tuesday, March 23, 2004 2:37 pm Subject: Re: Securing CF Apps. > Like you said Tim, some people have a hard time distinguishing > between an application and a site. > > -adam > > > -Original Message- > > From: Kwang Suh [EMAIL PROTECTED] > > Sent: Tuesday, March 23, 2004 09:16 PM > > To: 'CF-Talk' > > Subject: RE: Securing CF Apps. > > > > > There are different controls that you would use for different > > > purposes.Obviously an ecommerce SITE (which is what Amazon is) > > > needs users to be able > > > to return to a specific product. > > > > Pure semantics. I'm sure those guys at Amazon would beg to > differ with you. > > > > > Web services security is very different from either public > site or > > > application security. You're comparing apples and oranges. > > > > Hardly. Web services are an internet-based resource that may or > may not be protected. > > > > > > > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
M$ operating systems. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:38 PM To: CF-Talk Subject: Re: Securing CF Apps. Heald, Tim wrote: > What is funny to me is that the number of Linux vulnerabilities far > surpasses the number of M$ ones. Look into it. It's just that M$ products > are more commonly used, and therefore more commonly attacked. Linux = kernel, MS = corporation I find it hard to compare them. What exactly do you mean? Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: RE: Securing CF Apps.
Precisely my point. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:36 PM To: CF-Talk Subject: RE: RE: RE: Securing CF Apps. > I used to work with a security/cryptology expert. His #1 rule: > > "Never, ever use obfuscation". While I wouldn't categorize myself as a security expert, much less a cryptologist, I would disagree with this. At the very least, I'd amend it to "Never, ever use obfuscation as your sole method of security." There is nothing wrong with "security through obscurity", as long as you don't rely on it as your only protection. I would draw an analogy between computer security and getting shot at. When you're being shot at, there are two sorts of protection you might resort to. You might take cover by getting behind a solid object that can block fire. You might conceal yourself behind something that would obscure you as a target. When you're getting shot at, cover and concealment are both useful; concealment won't stop a bullet, but it'll lessen the likelihood of people shooting in your direction. Ideally, you want both cover and concealment, of course, if for no other reason than to avoid the stress of being shot at. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ phone: 202-797-5496 fax: 202-797-5444 _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
I am just glad then that for internal apps we are standardized on IE 5.5 -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Jochem van Dieten [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:34 PM To: CF-Talk Subject: Re: Securing CF Apps. Heald, Tim wrote: > I don't like giving the user browser controls even. Which is why I tend to > pop my apps in a new window with no controls (back forward and so on). You must not like the following enhancement to Mozilla 1.7: "A new option to prevent sites using _javascript_ to block the browser's context menu." > Someone earlier said it was useless to limit sql execution in the > administrator. Well what if your dba or dbd forgot to only give specific > grants? Then it is still useless because it is broken. Jochem -- I don't get it immigrants don't work and steal our jobs - Loesje _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
It's just one more control. Alone I would agree with you, it's not enough. You should be checking access. In the user admin case I think it makes sense to check and see if you are supposed to have access to that specific user id information or not. Listen this is getting silly. Don't like it, don't do it. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Barney Boisvert [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:04 PM To: CF-Talk Subject: RE: Securing CF Apps. What!?!?!? I sure hope the application security would say "hey, you don't have permission to look at that userID's info, so here's a nice fat error message", long before it every got to querying the database. That's the whole point of a security system: to control access to resources. If you merely make it hard to request the resource, but don't actually control access, you don't have a security system, you've just got a mess. Cheers, barneyb > -Original Message- > From: Bryan Stevenson [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 23, 2004 12:54 PM > To: CF-Talk > Subject: Re: Securing CF Apps. > > and it's not that littletake this example > > a page displays user specific medical record data and take > URL param containing user_ID > > don't encrypt user_ID in URL > -any shmuck can alter the value of user_ID to see anyone's data > > do encrypt user_ID in URL > -same shmuck would not be able to make such a chnage as the > user_ID would not decrypt properly and the query would fail > > I'd say encrypting vars in the URL is pretty dang important ;-) > > That said it's also a good idea to make sure the record being > displayed belongs to the logged in user ;-) > > Cheers > > Bryan Stevenson B.Comm. > VP & Director of E-Commerce Development > Electric Edge Systems Group Inc. > t. 250.920.8830 > e. [EMAIL PROTECTED] > > - > Macromedia Associate Partner > www.macromedia.com > - > Vancouver Island ColdFusion Users Group > Founder & Director > www.cfug-vancouverisland.com > - Original Message - > From: Adrocknaphobia > To: CF-Talk > Sent: Tuesday, March 23, 2004 12:47 PM > Subject: Re: Securing CF Apps. > > > Little is better than none. > > -adam > > > -Original Message- > > From: Kwang Suh [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 23, 2004 08:42 PM > > To: 'CF-Talk' > > Subject: RE: Securing CF Apps. > > > > Munging URLs provides a little, if any, benefit for web apps. > > > > - Original Message - > > From: "Heald, Tim" <[EMAIL PROTECTED]> > > Date: Tuesday, March 23, 2004 1:34 pm > > Subject: RE: Securing CF Apps. > > > > > Good post man, and your right, for the most part the > applications > > > I am > > > talking about are not available over the internet, or > only through > > > VPN or > > > other methods. > > > > > > Like I said earlier, for public sites you are going to use very > > > differentresources than you will use on a closed/classified > > > application. > > > However the topic was securing CF apps. Not sites :) > it can be > > > difficultfor some to differentiate between an > application and a site. > > > > > > -- > > > Timothy Heald > > > Web Portfolio Manager > > > Overseas Security Advisory Council > > > U.S. Department of State > > > 571.345.2319 > > > > > > The opinions expressed here do not necessarily reflect those of > > > the U.S. > > > Department of State or any affiliated organization(s). > Nor have these > > > opinions been approved or sanctioned by these > organizations. This > > > e-mail is > > > unclassified based on the definitions in E.O. 12958. > > > > > > -Original Message- > > > From: Ian Skinner [EMAIL PROTECTED] > > > Sent: Tuesday, March 23, 2004 3:19 PM > > > To: CF-Talk > >
RE: RE: RE: Securing CF Apps.
What is funny to me is that the number of Linux vulnerabilities far surpasses the number of M$ ones. Look into it. It's just that M$ products are more commonly used, and therefore more commonly attacked. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:59 PM To: CF-Talk Subject: RE: RE: RE: Securing CF Apps. MS code leak illustrates my point very well. MS OS is not more secure than say Linux because it source code is not available to the public. Hmm, I think Linux vis MS security was already mentioned on this list in the past few months. TK -Original Message- From: Adrocknaphobia [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:47 PM To: CF-Talk Subject: Re: RE: RE: Securing CF Apps. If thats the case, then whats the big deal with the MS code leak? -adam > -Original Message- > From: Tom Kitta [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 23, 2004 08:08 PM > To: 'CF-Talk' > Subject: RE: RE: RE: Securing CF Apps. > > I agree with Kwang Suh, security through obscurity is no security at all. > This is quite well known throughout security community and all encryption > standards available to the wide public adhere to it. > > TK > -Original Message- > From: Kwang Suh [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 23, 2004 2:56 PM > To: CF-Talk > Subject: Re: RE: RE: Securing CF Apps. > > > > If my user.login is encrypted one time as kjdfljsldfl and the > > user comes > > back and types in kjdfljsldfl they don't get taken to that > > circuit, because > > it's different this time. > > This would not be acceptable in many situations, because it prevents > bookmarking and renders search engines useless. > > > > >> 3. The objection to using cfquery is multifaceted. There is > > the > > >> risk of SQL > > >> injection if your not doing the correct validation. If your > > >> errors are not > > >> being handled correctly you can give away table and column > > names > > >> in the > > >> error message. > > > > >So don't you think it's more important to handle errors properly > > than say > > "don't ever use "? > > > > I think that with all the benefits of procedures, if you have them > > available, you're a fool not to use them, and not just because of the > > enhanced security. Obviously proper error handling is important > > AS WELL. > > This is not an either/or argument, rather a complimentary one. > > What's wrong with: > > > exec my_stored_proc > > > ? > > > >> 2. By using plain text variable names your going to give the > > potential>> intruder a decent insight into your application > > design, and this > > >> will give > > >> them the ability to make educated guesses as to your other > > circuit > > >> names. > > > > >So? > > > > So by understanding the structure of an application, you can then > > begin to > > analyze it's weaknesses. In the environment in which I work we > > want to give > > them as little as possible to go on. > > > > >You've got bigger problems should someone gain access to your > > file system. > > > > Is that so?? I disagree. If someone gains access to my web > > server they > > have nothing. Now my db which is on the other side of a firewall, > > and only > > accepts connections from specific ips, if they got in that it > > could become > > problematic. Why? Because there are no user names or passwords > > stored on > > my web server. There is no way to open a direct connection into > > my db > > without having a user account on the db. Your rights and roles > > are also > > stored in that db, not in the application, and so you would not > > really get > > anything other than images and source code. You don't even get > > the code of > > the procedure calls, and so you are still blind to the schema of > > my db. > > If I have complete access to your file system, this means that I can, say, > create a file that monitors tcp/ip traffic between your web server and db > server and sends the packets over to me where I can then scan for your > password. Or I could simply delete everything on the web server. > > > > > Kwang, again, this is a layered approach to security. No one > > thing is going > > to protect you from everything.
RE: RE: RE: Securing CF Apps.
I don't like giving the user browser controls even. Which is why I tend to pop my apps in a new window with no controls (back forward and so on). Why? I have business rules that I want them to have to follow. I want them to follow a specific process for accessing and entering information. Also as the proponent of team based development you should know that not everyone meets the same standards. I know that if I require my developers to encrypt urls that even if they forget something else, like checking a role, it will get caught, because the user cannot randomly access different parts of the application. Someone earlier said it was useless to limit sql execution in the administrator. Well what if your dba or dbd forgot to only give specific grants? I know were talking about duplication of efforts to a certain extent, however I think that you end up making your application more secure. Like I said I only want to give the user the choices I provide them with, no more, no less. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Steve Nelson [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:58 PM To: CF-Talk Subject: RE: RE: RE: Securing CF Apps. In what way does a bookmark make an application less secure? Wouldn't you consider it a good idea to bookmark an application if it means the user uses the application more? If a bookmark allows a person to access a secure section, it should ask them for their credentials, if valid, it should let them access it. If the bookmark allows them to bypass the security, then the application isn't secure. Steve Nelson -Original Message- From: Adrocknaphobia [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:43 PM To: CF-Talk Subject: Re: RE: RE: Securing CF Apps. You do realize we are talking about applications and not websites. There is a big difference, and I've never once found it a good idea for a user to bookmark a part of application. -adam _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: RE: Securing CF Apps.
There are different controls that you would use for different purposes. Obviously an ecommerce SITE (which is what Amazon is) needs users to be able to return to a specific product. Web services security is very different from either public site or application security. You're comparing apples and oranges. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:54 PM To: CF-Talk Subject: Re: RE: RE: Securing CF Apps. I'd say something like Amazon.com is an application, and boy, would I ever hate it if I couldn't bookmark a link to a book. Or their wish lists. That's not a site. Some parts of an "application" can be public facing, you know. How about Web Services? Are those an application? Well, I can sure tell you they're not a site. Should I be obfuscating those links too? That sure would suck. - Original Message - From: Adrocknaphobia <[EMAIL PROTECTED]> Date: Tuesday, March 23, 2004 1:43 pm Subject: Re: RE: RE: Securing CF Apps. > You do realize we are talking about applications and not websites. > There is a big difference, and I've never once found it a good > idea for a user to bookmark a part of application. > > -adam > > > > -Original Message- > > From: Kwang Suh [EMAIL PROTECTED] > > Sent: Tuesday, March 23, 2004 07:55 PM > > To: 'CF-Talk' > > Subject: Re: RE: RE: Securing CF Apps. > > > > > If my user.login is encrypted one time as kjdfljsldfl and the > > > user comes > > > back and types in kjdfljsldfl they don't get taken to that > > > circuit, because > > > it's different this time. > > > > This would not be acceptable in many situations, because it > prevents bookmarking and renders search engines useless. > > > > > >> 3. The objection to using cfquery is multifaceted. There > is > > > the > > > >> risk of SQL > > > >> injection if your not doing the correct validation. If > your > > > >> errors are not > > > >> being handled correctly you can give away table and column > > > names > > > >> in the > > > >> error message. > > > > > > >So don't you think it's more important to handle errors > properly > > > than say > > > "don't ever use "? > > > > > > I think that with all the benefits of procedures, if you have them > > > available, you're a fool not to use them, and not just because > of the > > > enhanced security. Obviously proper error handling is > important > > > AS WELL. > > > This is not an either/or argument, rather a complimentary one. > > > > What's wrong with: > > > > > > exec my_stored_proc > > > > > > ? > > > > > > > >> 2. By using plain text variable names your going to give > the > > > potential>> intruder a decent insight into your application > > > design, and this > > > >> will give > > > >> them the ability to make educated guesses as to your other > > > circuit > > > >> names. > > > > > > >So? > > > > > > So by understanding the structure of an application, you can > then > > > begin to > > > analyze it's weaknesses. In the environment in which I work > we > > > want to give > > > them as little as possible to go on. > > > > > > >You've got bigger problems should someone gain access to your > > > file system. > > > > > > Is that so?? I disagree. If someone gains access to my web > > > server they > > > have nothing. Now my db which is on the other side of a > firewall, > > > and only > > > accepts connections from specific ips, if they got in that it > > > could become > > > problematic. Why? Because there are no user names or > passwords > > > stored on > > > my web server. There is no way to open a direct connection > into > > > my db > > > without having a user account on the db. Your rights and > roles > > > are also > > > stored in that db, not in the application, and so you would > not > > > really get > > > anything other than images and source code. You don't even > get > > > the code of > > > the procedure calls, and so you are still blind to the schema > of > > > my db. > > > > If I have complete access to your file system, this means that I > can, say, create a file that monitors tcp/ip traffic between your > web server and db server and sends the packets over to me where I > can then scan for your password. Or I could simply delete > everything on the web server. > > > > > > > > Kwang, again, this is a layered approach to security. No one > > > thing is going > > > to protect you from everything. You just continue to lock > down > > > things in > > > order to mitigate risk. You can never be without risk, and
RE: Securing CF Apps.
Good post man, and your right, for the most part the applications I am talking about are not available over the internet, or only through VPN or other methods. Like I said earlier, for public sites you are going to use very different resources than you will use on a closed/classified application. However the topic was securing CF apps. Not sites :) it can be difficult for some to differentiate between an application and a site. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:19 PM To: CF-Talk Subject: RE: Securing CF Apps. I see this as a sliding scale, security vs user experience. There's the general public website where the the owners want as much exposure as possible. For this type of application you may not want security to the nth degree. As was just posted, allowing the user to bookmark pages and/or directly type url's is desirable for the purpose of that application. On the other hand, there are applications where this is undesirable. I suspect that applications Tim is writing are even available to the general public at all, and if you are even seeing the page in a browser if you are not supposed to be, you have hacked through several layers of security already. We write applications somewhat in the middle. There are parts of our data that we DO NOT WANT to exposed to any more risk then we can, very sensitive HIPPA data. We are taking at least a year to thoroughly test our first application that will allow a very limited access to users to their personal data directly through the internet. So it all comes down to the analysis that has been mentioned. You need to decided on the purpose of the application, what are it's security needs and build to that level. My .02, keep the change. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA "C code. C code run. Run code run. Please!" - Cynthia Dunning _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: RE: Securing CF Apps.
Obscuring an encryption method is different form hiding the architecture or structure of your application. The open source community likes to make the point that security through obscurity doesn't work. Just because someone says it doesn't make it true. the methods I use to secure my site are open. hell you can go download the udf I use to do url encryption right now to see how I do it. You can even crack it if you take the time. It's a seed bump. Just like you have to decide how much time and money your going to put into securing your application or site, so does the intruder have to decide to go after you or another weaker site. Also not all encryption standards are widely available. As a matter of fact in some instances it is illegal to let people know the detail of high level encryption algorithms. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:18 PM To: CF-Talk Subject: RE: RE: RE: Securing CF Apps. I agree with Kwang Suh, security through obscurity is no security at all. This is quite well known throughout security community and all encryption standards available to the wide public adhere to it. TK -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:56 PM To: CF-Talk Subject: Re: RE: RE: Securing CF Apps. > If my user.login is encrypted one time as kjdfljsldfl and the > user comes > back and types in kjdfljsldfl they don't get taken to that > circuit, because > it's different this time. This would not be acceptable in many situations, because it prevents bookmarking and renders search engines useless. > >> 3. The objection to using cfquery is multifaceted. There is > the > >> risk of SQL > >> injection if your not doing the correct validation. If your > >> errors are not > >> being handled correctly you can give away table and column > names > >> in the > >> error message. > > >So don't you think it's more important to handle errors properly > than say > "don't ever use "? > > I think that with all the benefits of procedures, if you have them > available, you're a fool not to use them, and not just because of the > enhanced security. Obviously proper error handling is important > AS WELL. > This is not an either/or argument, rather a complimentary one. What's wrong with: exec my_stored_proc ? > >> 2. By using plain text variable names your going to give the > potential>> intruder a decent insight into your application > design, and this > >> will give > >> them the ability to make educated guesses as to your other > circuit > >> names. > > >So? > > So by understanding the structure of an application, you can then > begin to > analyze it's weaknesses. In the environment in which I work we > want to give > them as little as possible to go on. > > >You've got bigger problems should someone gain access to your > file system. > > Is that so?? I disagree. If someone gains access to my web > server they > have nothing. Now my db which is on the other side of a firewall, > and only > accepts connections from specific ips, if they got in that it > could become > problematic. Why? Because there are no user names or passwords > stored on > my web server. There is no way to open a direct connection into > my db > without having a user account on the db. Your rights and roles > are also > stored in that db, not in the application, and so you would not > really get > anything other than images and source code. You don't even get > the code of > the procedure calls, and so you are still blind to the schema of > my db. If I have complete access to your file system, this means that I can, say, create a file that monitors tcp/ip traffic between your web server and db server and sends the packets over to me where I can then scan for your password. Or I could simply delete everything on the web server. > > Kwang, again, this is a layered approach to security. No one > thing is going > to protect you from everything. You just continue to lock down > things in > order to mitigate risk. You can never be without risk, and anyone who > thinks they have completely secured their site deserves to be > attacked.Listen man. You do whatever you feel comfortable doing. > No more, no less. > But moving towards my CISSP and GSEC, having been a cyber threat > analyst for > the last two years, and soon to be managing a federal CERT, I can
RE: Securing CF Apps.
The majority of my points are in regards to web applications. When talking about a web site I can understand your point, however much of what we do are actually applications ion the true sense, and not just sites. The security of our public sites is very different. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Conan Saunders [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:03 PM To: CF-Talk Subject: RE: Securing CF Apps. At 01:30 PM 3/23/2004, you wrote: > >> 2. By using plain text variable names your going to give the potential > >> intruder a decent insight into your application design, and this > >> will give > >> them the ability to make educated guesses as to your other circuit > >> names. > > >So? > >So by understanding the structure of an application, you can then begin to >analyze it's weaknesses. In the environment in which I work we want to give >them as little as possible to go on. Maybe that's true in your specific application, but I don't think that practice has any security value for web applications in general. Trying to conceal your application's structure (as revealed through the PUBLIC interface of page paths, fuseactions, and URL/FORM variables) sounds like an exercise in futility and security through obscurity. I want my application's public interface to be as clear and easy to use as possible. If a user is able to guess a concise, logically named URL and find a page he wants, or hand-edit the value of a clearly named URL parameter to obtain better search results, that's a victory for the user and for me. Does every single request to your site look like this: "/index.cfm?aewuotijasdoijfj"? I don't see how that gains you much security at all, and it's at the expense of a fair amount of user friendliness: ability to bookmark; ability to type short, logical URLs; ability to properly link to your application's functionality; etc. As somebody said earlier, one case where you DO have a legitimate use for encrypting URL/FORM variables is when you're outputing internal values (database row IDs, etc) to a form or query string that will then be posted back to your application, and you don't want the end user to see the internal DB value. There, you are encrypting the VALUE, but not the variable name itself. Conan _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: Securing CF Apps.
There are very specific equations that can help you decide how much you need to spend on risk mitigation and security. Unfortunately most web developers don't know where to look for information like this. Also doing a large scale risk analysis can be expensive and time consuming, enough that it will be skipped by people that do know how to conduct one correctly. The things that we have talked about thus far are all easy to implement, and free. You are using the security that is part of your database, and using the security that you yourself build into your application. The encryption stuff I wrote is freely available on cflib.org (all though I do need to update it). Documentation on best practices is all over the net. Open up google and look for web application security, or something similar. You can get quite an education for free these days, I know I have. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Tom Kitta [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:39 PM To: CF-Talk Subject: RE: RE: Securing CF Apps. It is a positive sign when so many people on this list recognize the need for security in their web applications. The next step after acknowledging that security is needed is to determine how much security is needed. We don't want to protect 10c of assets using security worth $1000. Once we know how much we can spend on securing our assets we proceed to security planning. In cf talk discussion thus we should look at easy and cheap to implement security vis more expensive security implementations. After all, if we have unlimited budget we could do something silly like hiring someone to watch every request our website is about to process. TK -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:12 PM To: CF-Talk Subject: Re: RE: Securing CF Apps. > 1. If your properly encrypting the url your going to change your > seed (key) > every request. That way it is different every time What possible value does this bring? > > 2. By using plain text variable names your going to give the potential > intruder a decent insight into your application design, and this > will give > them the ability to make educated guesses as to your other circuit > names. So? > 3. The objection to using cfquery is multifaceted. There is the > risk of SQL > injection if your not doing the correct validation. If your > errors are not > being handled correctly you can give away table and column names > in the > error message. So don't you think it's more important to handle errors properly than say "don't ever use "? Also should someone gain access to your file > system they can > build a pretty complete picture of your database from the queries. > You > can't do this when all you are using is Stored Procedures, > especially if > your variable names don't match your column names. Throw in views > and you > can obscure it even more. You've got bigger problems should someone gain access to your file system. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: RE: Securing CF Apps.
>> 1. If your properly encrypting the url your going to change your >> seed (key) >> every request. That way it is different every time >What possible value does this bring? If my user.login is encrypted one time as kjdfljsldfl and the user comes back and types in kjdfljsldfl they don't get taken to that circuit, because it's different this time. >> 3. The objection to using cfquery is multifaceted. There is the >> risk of SQL >> injection if your not doing the correct validation. If your >> errors are not >> being handled correctly you can give away table and column names >> in the >> error message. >So don't you think it's more important to handle errors properly than say "don't ever use "? I think that with all the benefits of procedures, if you have them available, you're a fool not to use them, and not just because of the enhanced security. Obviously proper error handling is important AS WELL. This is not an either/or argument, rather a complimentary one. >> 2. By using plain text variable names your going to give the potential >> intruder a decent insight into your application design, and this >> will give >> them the ability to make educated guesses as to your other circuit >> names. >So? So by understanding the structure of an application, you can then begin to analyze it's weaknesses. In the environment in which I work we want to give them as little as possible to go on. >You've got bigger problems should someone gain access to your file system. Is that so?? I disagree. If someone gains access to my web server they have nothing. Now my db which is on the other side of a firewall, and only accepts connections from specific ips, if they got in that it could become problematic. Why? Because there are no user names or passwords stored on my web server. There is no way to open a direct connection into my db without having a user account on the db. Your rights and roles are also stored in that db, not in the application, and so you would not really get anything other than images and source code. You don't even get the code of the procedure calls, and so you are still blind to the schema of my db. Kwang, again, this is a layered approach to security. No one thing is going to protect you from everything. You just continue to lock down things in order to mitigate risk. You can never be without risk, and anyone who thinks they have completely secured their site deserves to be attacked. Listen man. You do whatever you feel comfortable doing. No more, no less. But moving towards my CISSP and GSEC, having been a cyber threat analyst for the last two years, and soon to be managing a federal CERT, I can tell you this, there is always going to be some new exploit. It's going to be something you didn't think of. But that zero day exploit isn't going to be the one that does all the crazy damage. It's going to be some known vulnerability that you could have prevented from putting your system at risk. (slammer, blaster etc.) By duplication of your efforts, by overlapping your protection you're trying to create a shell around your application and it's data. Obscurity is just one more tool you can use to do that. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:16 PM To: CF-Talk Subject: Re: RE: Securing CF Apps. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Securing CF Apps.
Here's my take on it. You layer security on like an onion. In many cases you protect against the same kinds of attacks many times. I don't want a user to get to a specific area of my site unless they are logged in. Ok so I check a session or client variable that I set upon login. Well I have a user that has logged in and gotten to my page. Now they book marked the page. Well written correctly since their session doesn't exist I send them to the login page. However I personally would like to take it a step further. I don't want people to be able to bookmark pages in my app at all. Also I don't want them to be able to figure out the structure of my application because I used plain text, easy to understand names for the different sections of the app (in this case circuits). So I encrypt my url variables. Why? They don't get any information about the structure of my app, or about the information I am passing between pages. When they book mark the site the fuseaction is gobly gook. Means nothing and kicks them to my home page or login or whatever. Ok, what else is involved here? Validation. Both client and server side. You use client side knowing that it is easily defeated by turning off _javascript_s, but you use it to keep from hitting the server. Then you do it again on the client side to make sure that nothing got by. In 90% of the cases they user will have _javascript_ enabled and it will have saved some of your server resources. Now you have communications between the db and cf. What can you do? Well for one you use an actual db user account to validate people. Why? Because then you can limit what actions the user can take, not only through the application, but through the db as well. Also your not storing a username and password anywhere. Someone said earlier that means they can open up SQL + or enterprise manager and login to the db, well this is true, but they are only able to see and do the same exact things that they would be able to do through your application, if the DB is locked down correctly. In oracle at least you have to be granted rights to even know if a table exists. I can have a user table, but if you don't have select or whatever other privileges, you get a table not found error. In the past we have made many mistakes in security. I am sure that we still make many as a community. New exploits are announced daily. Most of the things that we are trying to protect against aren't even used anymore because in general developers learned form their mistakes. Does this mean we should stop doing them? -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -----Original Message- From: Heald, Tim Sent: Tuesday, March 23, 2004 2:05 PM To: CF-Talk Subject: RE: Securing CF Apps. 1. If your properly encrypting the url your going to change your seed (key) every request. That way it is different every time 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. 3. The objection to using cfquery is multifaceted. There is the risk of SQL injection if your not doing the correct validation. If your errors are not being handled correctly you can give away table and column names in the error message. Also should someone gain access to your file system they can build a pretty complete picture of your database from the queries. You can't do this when all you are using is Stored Procedures, especially if your variable names don't match your column names. Throw in views and you can obscure it even more. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 12:55 PM To: CF-Talk Subject: Re: Securing CF Apps. > My issue with is that you are exposing your db design. > It's alot harder to hack a db is you dont know the table and > column names. huh? > As for encrypting the fuseaction, the question is why not? Because it's useless. Let's think this through: I have a fuseaction called "products.list" It encrypts to "wafiawjfw" I type in &q
RE: Securing CF Apps.
1. If your properly encrypting the url your going to change your seed (key) every request. That way it is different every time 2. By using plain text variable names your going to give the potential intruder a decent insight into your application design, and this will give them the ability to make educated guesses as to your other circuit names. 3. The objection to using cfquery is multifaceted. There is the risk of SQL injection if your not doing the correct validation. If your errors are not being handled correctly you can give away table and column names in the error message. Also should someone gain access to your file system they can build a pretty complete picture of your database from the queries. You can't do this when all you are using is Stored Procedures, especially if your variable names don't match your column names. Throw in views and you can obscure it even more. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kwang Suh [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 12:55 PM To: CF-Talk Subject: Re: Securing CF Apps. > My issue with is that you are exposing your db design. > It's alot harder to hack a db is you dont know the table and > column names. huh? > As for encrypting the fuseaction, the question is why not? Because it's useless. Let's think this through: I have a fuseaction called "products.list" It encrypts to "wafiawjfw" I type in "wafiawjfw" in the url. It lists the products. Where's the security? Users > can start throwing errors by trying different fuseaction calls. > Which in turn could expose too much info if you dont have a site > wide error handler. Let me get this straight. I should waste time encrypting urls, and yet be stupid enough not to have an error handler. Let's think this one through: I type in "wiejfiawefijwf", which doesn't decrypt properly. The site then throws an error, and since I don't have a site wide error handler, it exposes a whole bunch of information. Where's the security? The topic of this thread is securing cf apps. > Although it may not be 100% necessary, it sure doesn't hurt. It doesn't help either. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Oracle System password recovery
I am in the middle of deploying an application. I need to grant some privileges to select from some system tables and our dbas have been gone for hours. Is there a way to easily recover the system user password? -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Site Compiler that will handle CF
You can run cf off of iis just fine on a decent lap top. I do. If your using IIS then you can do ASP. The database is where you will usually run into problems, but I have SQL 2000 running fine on mine, or you can just demo off of access. Hell we have Oracle 8 and 9i running on laptops with CF around here. Shouldn't be a problem. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Parker, Kevin [mailto:[EMAIL PROTECTED] Sent: Thursday, February 12, 2004 6:08 PM To: CF-Talk Subject: Site Compiler that will handle CF Does any one know of a web site compiler that will handle ASP and CFM files as well as the usual HTML. We need to load our site to someone laptop that doe a lot of country demos and presentations where the connectivity is not so good i.e. he'd have to dial in on his mobile (if he can get range). +++ Kevin Parker Web Services Manager WorkCover Corporation p: 08 8233 2548 e: [EMAIL PROTECTED] w: www.workcover.com +++ This e-mail is intended for the use of the addressee only. It may contain information that is protected by legislated confidentiality and/or is legally privileged. If you are not the intended recipient you are prohibited from disseminating, distributing or copying this e-mail. Any opinion expressed in this e-mail may not necessarily be that of the WorkCover Corporation of South Australia. Although precautions have been taken, the sender cannot warrant that this e-mail or any files transmitted with it are free of viruses or any other defect. If you have received this e-mail in error, please notify the sender immediately by return e-mail and destroy the original e-mail and any copies. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Oracle 8i, CFMX 6.1 LOB issues
Not a stupid question at all, but yes we do. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Dave Carabetta [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 4:35 PM To: CF-Talk Subject: RE: Oracle 8i, CFMX 6.1 LOB issues >I'm experiencing quite an oddity with our Oracle 8.1.7 servers when dealing >with any LOB data via CF 6.1 Enterprise. > >Via my CFML front-end, I'm able (as the oracle schema owner) to pull back >(any) LOB data correctly with no issues. However, if I should log in as a >user whom has execute privileges on the packages created by the schema >owner, it will either return an empty string or the generic ORA-00942 >message via CF. If I run the procedure as either user via SQL*Plus/TOAD, I >get no error. > >I've attempted to use both the 3.1 and 3.2 versions of the >macromedia_drivers JAR, neither have helped. If I grant SELECT to the >Oracle >roles on the tables containing the LOBs, the data will return correctly, >just as if I was logged in as the schema owner. > >I'm under the impression this is an Oracle problem, however our DBA staff >keeps pointing at CF/Data Direct drivers. I can't imagine it's a CF issue, >as the data returns fine under the aforementioned conditions. Has anyone >had >this problem and fixed it, or could maybe point me in a better direction? > This is probably a stupid question, but I didn't see it noted above, so I'll ask anyway: Do you have the "Enable long text retrieval (CLOB)." selection checked off for this datasource in the MX Admin as well as a high enough Long Text Buffer value? We use CLOBs on our site using MX 6.1 and Oracle 8.1.7, so I know they work in general. Regards, Dave. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Oracle 8i, CFMX 6.1 LOB issues
I'm experiencing quite an oddity with our Oracle 8.1.7 servers when dealing with any LOB data via CF 6.1 Enterprise. Via my CFML front-end, I'm able (as the oracle schema owner) to pull back (any) LOB data correctly with no issues. However, if I should log in as a user whom has execute privileges on the packages created by the schema owner, it will either return an empty string or the generic ORA-00942 message via CF. If I run the procedure as either user via SQL*Plus/TOAD, I get no error. I've attempted to use both the 3.1 and 3.2 versions of the macromedia_drivers JAR, neither have helped. If I grant SELECT to the Oracle roles on the tables containing the LOBs, the data will return correctly, just as if I was logged in as the schema owner. I'm under the impression this is an Oracle problem, however our DBA staff keeps pointing at CF/Data Direct drivers. I can't imagine it's a CF issue, as the data returns fine under the aforementioned conditions. Has anyone had this problem and fixed it, or could maybe point me in a better direction? Many, many thanks in advance! -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CFDJ isn't exactly kicking bootay
If it ever actually gets to you. We haven't seen one in months. This isn't the first time either, I have finally just just given up and won't be resubscribing. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kola Oyedeji [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 8:39 AM To: CF-Talk Subject: RE: CFDJ isn't exactly kicking bootay Not to mention that your subscription gives you access to the archives which means for the price of a years subscription you actually are getting more than a years worth of content ;-) Kola -Original Message- From: Howard Fore [mailto:[EMAIL PROTECTED] Sent: 08 January 2004 13:22 To: CF-Talk Subject: Re: CFDJ isn't exactly kicking bootay So the Design Pattern series was invaluable. How much time did that series save you to be able to work on extra projects? How much is your time worth per hour? I'd bet that over the course of the subscription year, the product of number of hours saved multiplied by your hourly rate is more than the cost of the subscription. And if properly applied, those techniques won't save you time and money just this year, but in the future as well. That's how I justify it at least. -- Howard Fore, [EMAIL PROTECTED] "Much of life is Dutch one-digit operations in which legions of big robust people crouch behind badly cracked dike systems attached by the thumbs their wide balloon-pantsed rumps up-ended to the northern sun while, back in town, little black-suspendered tulip magnates stride around." - "Dutch", Kay Ryan On Jan 8, 2004, at 1:26 AM, Dave Carabetta wrote: > Your monthly column > contribution is useful (along with your papers on www.how2cf.com/), and > Brendan O'Hara's Design Patterns series was invaluable (at least, to > me). _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
OT: RE: iMail Web Messaging through IIS
I am running a web server and this mail server on the same box. I run maybe 10 personal sites off the box, nothing major, all on port 80 using virtual servers. I want to be able to check my web mail at work. I can only get the the web server on port 80. I would like to run the CGI app that comes with iMail through IIS so I can simply set it up as a virtual server like mail.terminal-fusion.com, but it keeps throwing a 404 error saying that login.cgi isn't found. However if I run it through the iMail web server it works just fine, even though there is no iMail.cgi. Someone told me that ipswitch may have set the app up so it can only run through their server. I installed active perl on the system and still nothing. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Dan Phillips [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 2:00 PM To: CF-Talk Subject: RE: iMail Web Messaging through IIS You mean the web interface? like http://mail.cfxhosting.com ? We used it in 2000. Where are you getting stuck? Dan Phillips CFXHosting.com [EMAIL PROTECTED] -Original Message- From: Heald, Tim [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 1:53 PM To: CF-Talk Subject: iMail Web Messaging through IIS Has anyone ever gotten the iMail web mail app to run through IIS? -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
iMail Web Messaging through IIS
Has anyone ever gotten the iMail web mail app to run through IIS? -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: MACR Stock price?
community that is. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 3:04 PM To: CF-Talk Subject: RE: MACR Stock price? Hehehehe.. It's true. But this is my last day.. Check the new signature. Adam Wayne Lehman Tim's New Bitch The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message----- From: Heald, Tim [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 12:48 PM To: CF-Talk Subject: RE: MACR Stock price? He must work in the education sector. We al know those pikers don't make any money :) -- Tim The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:59 AM To: CF-Talk Subject: RE: MACR Stock price? #1 Maybe you are right, but considering how low the volume of mail on this list is over the holidays you are just being rude. #2 If you feel so strongly about #1 then why even add your #2 theory? #3 Whose fault is it that you have a 14.4k download? To cheap to spring for a decent modem? Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Haggerty, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:39 AM To: CF-Talk Subject: RE: MACR Stock price? #1 - I am certain this thread is off topic. I don't need my .5 MB POP freemail account getting overrun by useless grousing and carrying on. It's bad enough I have to put up with the pro-Fusebox threads, those zealots. I am sick of having to wait 6 hours to download all my mail over my 14.4 K connection, so cut it out you meanies. #2 - The stock price is up because I have been seeding investment mailing lists with false rumors about MM preparing for a major IP lawsuit against companies using Linux with the Gimp installed. I alledge the Gimp uses a series of headers in the Linux kernel directly ripped from Videoworks in the early 90's, and that MM is entitled to licensing fees of up to $30,000 per use of infringing code. If you look on Motley Fool, the conversation I have been having with myself under 5 different identities is that this 'big lawsuit' is a major risk for investors, but the potential for returns is in the millions per share. Look for that stock price to hit $280 soon. M -Original Message- From: Gabriel Robichaud [mailto:[EMAIL PROTECTED] Sent: Tue 12/30/2003 11:17 AM To: CF-Talk Cc: Subject: RE: MACR Stock price? Maybe its just the January effect. Historically, the market goes up a bit in january every year while Financial Planners and people do last minute investing before tax returns. or, maybe I dont know what im talkign about, just repeating what I heard on CNN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:11 AM To: CF-Talk Subject: OT: MACR Stock price? At latest sale the MACR stock was at $18.40 -- up 2.24% today. I bought some MACR shares 5 days ago for $17.94 -- and am quite happy. I expected the price to increase gradually to the $22 range. Any ideas why the stock is going up so rapidly? (Other than the excellent company and superior products) TIA Dick _ _ _ _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: MACR Stock price?
Moved to CF-Talk :) -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 3:04 PM To: CF-Talk Subject: RE: MACR Stock price? Hehehehe.. It's true. But this is my last day.. Check the new signature. Adam Wayne Lehman Tim's New Bitch The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message----- From: Heald, Tim [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 12:48 PM To: CF-Talk Subject: RE: MACR Stock price? He must work in the education sector. We al know those pikers don't make any money :) -- Tim The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:59 AM To: CF-Talk Subject: RE: MACR Stock price? #1 Maybe you are right, but considering how low the volume of mail on this list is over the holidays you are just being rude. #2 If you feel so strongly about #1 then why even add your #2 theory? #3 Whose fault is it that you have a 14.4k download? To cheap to spring for a decent modem? Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Haggerty, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:39 AM To: CF-Talk Subject: RE: MACR Stock price? #1 - I am certain this thread is off topic. I don't need my .5 MB POP freemail account getting overrun by useless grousing and carrying on. It's bad enough I have to put up with the pro-Fusebox threads, those zealots. I am sick of having to wait 6 hours to download all my mail over my 14.4 K connection, so cut it out you meanies. #2 - The stock price is up because I have been seeding investment mailing lists with false rumors about MM preparing for a major IP lawsuit against companies using Linux with the Gimp installed. I alledge the Gimp uses a series of headers in the Linux kernel directly ripped from Videoworks in the early 90's, and that MM is entitled to licensing fees of up to $30,000 per use of infringing code. If you look on Motley Fool, the conversation I have been having with myself under 5 different identities is that this 'big lawsuit' is a major risk for investors, but the potential for returns is in the millions per share. Look for that stock price to hit $280 soon. M -Original Message- From: Gabriel Robichaud [mailto:[EMAIL PROTECTED] Sent: Tue 12/30/2003 11:17 AM To: CF-Talk Cc: Subject: RE: MACR Stock price? Maybe its just the January effect. Historically, the market goes up a bit in january every year while Financial Planners and people do last minute investing before tax returns. or, maybe I dont know what im talkign about, just repeating what I heard on CNN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:11 AM To: CF-Talk Subject: OT: MACR Stock price? At latest sale the MACR stock was at $18.40 -- up 2.24% today. I bought some MACR shares 5 days ago for $17.94 -- and am quite happy. I expected the price to increase gradually to the $22 range. Any ideas why the stock is going up so rapidly? (Other than the excellent company and superior products) TIA Dick _ _ _ _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: MACR Stock price?
He must work in the education sector. We al know those pikers don't make any money :) -- Tim The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:59 AM To: CF-Talk Subject: RE: MACR Stock price? #1 Maybe you are right, but considering how low the volume of mail on this list is over the holidays you are just being rude. #2 If you feel so strongly about #1 then why even add your #2 theory? #3 Whose fault is it that you have a 14.4k download? To cheap to spring for a decent modem? Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Haggerty, Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:39 AM To: CF-Talk Subject: RE: MACR Stock price? #1 - I am certain this thread is off topic. I don't need my .5 MB POP freemail account getting overrun by useless grousing and carrying on. It's bad enough I have to put up with the pro-Fusebox threads, those zealots. I am sick of having to wait 6 hours to download all my mail over my 14.4 K connection, so cut it out you meanies. #2 - The stock price is up because I have been seeding investment mailing lists with false rumors about MM preparing for a major IP lawsuit against companies using Linux with the Gimp installed. I alledge the Gimp uses a series of headers in the Linux kernel directly ripped from Videoworks in the early 90's, and that MM is entitled to licensing fees of up to $30,000 per use of infringing code. If you look on Motley Fool, the conversation I have been having with myself under 5 different identities is that this 'big lawsuit' is a major risk for investors, but the potential for returns is in the millions per share. Look for that stock price to hit $280 soon. M -Original Message- From: Gabriel Robichaud [mailto:[EMAIL PROTECTED] Sent: Tue 12/30/2003 11:17 AM To: CF-Talk Cc: Subject: RE: MACR Stock price? Maybe its just the January effect. Historically, the market goes up a bit in january every year while Financial Planners and people do last minute investing before tax returns. or, maybe I dont know what im talkign about, just repeating what I heard on CNN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 30, 2003 11:11 AM To: CF-Talk Subject: OT: MACR Stock price? At latest sale the MACR stock was at $18.40 -- up 2.24% today. I bought some MACR shares 5 days ago for $17.94 -- and am quite happy. I expected the price to increase gradually to the $22 range. Any ideas why the stock is going up so rapidly? (Other than the excellent company and superior products) TIA Dick _ _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: queryNew / array functions
something like arrayMax(myQuery[myColumn]) should do the trick. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Turetsky, Seth [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 3:49 PM To: CF-Talk Subject: queryNew / array functions "Coldfusion queries are essentially arrays with named columns. You therefore can use any of the array functions with queries" -CFMX WACK How would I use say ArrayMax() to get the largest value in a specified column of a query I created using queryNew. I think my brain left work at lunch today -seth _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: seven days earlier
You would use dateAdd() and add 7 days. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Robert Orlini [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 8:50 AM To: CF-Talk Subject: seven days earlier I have a CF application that needs to check a date field in an Access column and send an email 7 days earlier than the date in that column. For example if the date in the column is 12/31/03, I would need to do a comparison. When the current date is 12/24/03 then send out an email. How would I code this using dateformat(now) for the current date? I guess I would need to use the CF scheduler for this or can I use this in a CF script alone? Thanks as always. Robert O. HWW _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Run HTML through CFMX
You make .htm or .html get parsed by CF in your web server. Then you add your security. How to do this depends on the web server. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Robert Everland III [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 10:07 AM To: CF-Talk Subject: Re:Run HTML through CFMX I have a massive static HTML website that I need to add a security layer. So including a file won't work. Bob > Use an include. > > > > This is a pretty decent technique when you want to use an > administrative form (in conjunction with CFFILE) to update static > content i.e headers and footers or even long blocks of text. > > Jeremy > > > I know this is on the forum somewhere, but I don't think I am typing > > > the right search term. > > > > So how do I get HTML to run through CFMX. I know it isn't the > > suggested way, but I need to do it. Thanks. > > > > bob _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: JS help
Ok but what does that tag produce in html and _javascript_? It has to be using a window.open in order to pop the new window somewhere. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Tim Do [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 2:49 PM To: CF-Talk Subject: RE: JS help here is the calling page: alt="Calendar" border="0" formname="frmSearchInCheck" target="dateMax"> tag:
var months = new
Array("January","February","March","April","May","June","July","August","Sep
tember","October","November","December")
var totalDays = new Array(31,28,31,30,31,30,31,31,30,31,30,31)
function openCalWin_#attributes.target#() {
stats='toolbar=no,location=no,directories=no,status=no,menubar=no,'
stats += 'scrollbars=no,resizable=no,width=300,height=250'
CalWin = window.open ("","Calendar",stats)
var calMonth = #DateFormat(attributes.date, "M")#
var calYear = #DateFormat(attributes.date, "")#
theDate = new Date(calYear, (calMonth - 1), 1)
buildCal_#attributes.target#(theDate)
}
function buildCal_#attributes.target#(theDate) {
var startDay = theDate.getDay()
var printDays = false
var currDay = 1
var rowsNeeded = 5
if (startDay + totalDays[theDate.getMonth()] > 35)
rowsNeeded++
CalWin.document.write('Select a Date ')
CalWin.document.write('')
CalWin.document.write('')
CalWin.document.write('bordercolor=##ff cellpadding=0 cellspacing=0>')
')
CalWin.document.write('') face=Verdana color=##006699 size=2>' + months[theDate.getMonth()] + ' ' +
theDate.getFullYear() + '
CalWin.document.write('') color=##006699 size=1>Su size=1>Mo size=1>Tu size=1>We size=1>Th size=1>Fr size=1>Sa
for (x=1; x<=rowsNeeded; x++){
CalWin.document.write('') ')
for (y=0; y<=6; y++){
if (currDay == 1 && !printDays && startDay == y)
printDays = true
CalWin.document.write('') ')
if (printDays){
CalWin.document.write(' href="" + theDate.getMonth()
+ ',' + currDay + ',' + theDate.getFullYear() + ')">' + currDay++ +
'
if (currDay > totalDays[theDate.getMonth()])
printDays = false
}
else
CalWin.document.write(' ')
}
CalWin.document.write('
}
CalWin.document.write('
CalWin.document.close()
}
function getNewCal_#attributes.target#(newDir) {
if (newDir == -1){
theDate.setMonth(theDate.getMonth() - 1)
if (theDate.getMonth() == 0){
theDate.setMonth(12)
theDate.setYear(theDate.getYear() - 1)
}
}
else if (newDir == 1){
theDate.setMonth(theDate.getMonth() + 1)
if (theDate.getMonth() == 13){
theDate.setMonth(1)
theDate.setYear(theDate.getYear() + 1)
}
}
CalWin.document.clear();
buildCal_#attributes.target#(theDate);
}
function placeDate_#attributes.target#(monthNum, dayNum, yearNum){
var dateString = (monthNum + 1) + '-' + dayNum + '-' + yearNum
document.#attributes.formname#.#attributes.target#.value = dateString
CalWin.close()
}
RE: JS help
That's the page that's created with window.open() It's probably using just window.open('myfile.cfm') or something and you need to be more specific. Send the code for the originating page. -- Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Tim Do [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 2:45 PM To: CF-Talk Subject: RE: JS help No http:// this is what the source looks like: Select a DateA { color:
#00; font-family:Verdana;font-size:12px; font-weight: normal;
text-decoration: none; padding:0em .5em;}A:hover { color: #cc6600;
background-color: #ecf4f7; padding:0em .5em; }body { background: #ff;
} width=100% border=0 bordercolor=#ff cellpadding=0 cellspacing=0> bgcolor="#b2d9ec" colspan=7>December 2003 color=#006699 size=1>Su size=1>Mo size=1>Tu size=1>We size=1>Th size=1>Fr size=1>Sa align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> td align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> td align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> td align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> href=""> align="center" width=14.28%> width=14.28%> width=14.28%> align="center"> alt="" border="0" name="Backward" value="<<" face=Verdana color=#006699 size="1"> Arrows browse through the months. src="" align="middle" alt="" border="0" name="Forward" value=">>" > > -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:38 AM To: CF-Talk Subject: RE: JS help ugh, take a look at the HTML source after your page is drwan. I bet there is an HTTP in the window.open call. -Original Message- From: Tim Do [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 2:16 PM To: CF-Talk Subject: RE: JS help There is no http anywhere... the calendar is all rendered inside the custom tag. -Original Message- From: Schuster, Steven [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 11:20 AM To: CF-Talk Subject: RE: JS help Make sure the tag code does not use http:// anywhere is one way. Steve -Original Message- From: Tim Do [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 09, 2003 2:10 PM To: CF-Talk Subject: OT: JS help Hello all, I'm trying to use a calendar custom tag (cf_formFieldCalendar) inside a secure directory. Inside the tag it has a window.open command that spawns a window. When it does, the browser prompts that you're leaving a secure area. The tag is inside the secure directory. Can anybody tell me how to get it so the browser doesn't prompt the user that they're leaving a secure area? Thanks in advance, Tim Here is a piece of the js: function openCalWin_#attributes.target#() { stats='toolbar=no,location=no,directories=no,status=no,menubar=no,' stats += 'scrollbars=no,resizable=no,width=300,height=250' CalWin = window.open ("","Calendar",stats) _ _ _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: CF Certification
ack no not again. Go look in the archives /me runs and hides. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Mickael [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 2:05 PM To: CF-Talk Subject: Re: CF Certification One the topic of the CF Certification, I am curious as to what value people that are certified get from the certification? Is it worth it? - Original Message - From: Dominic J. Doucet-Lorang To: CF-Talk Sent: Wednesday, November 26, 2003 1:41 PM Subject: CF Certification Hi, I am looking at taking the Macromedia CF test and would like an idea on a good book for preparing for the exam. Thanks, Dominic J. Doucet-Lorang _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Can this be done??
I was actually wondering the same thing. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Kevin Graeme [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 10:36 AM To: CF-Talk Subject: Re: Can this be done?? Did you even try looking up how to use a list or array and figure it out for yourself? Here's a lead: _ColdFusion MX Web Application Construction Kit_ by Ben Forta, page 170. -Kevin - Original Message - From: "Bushy" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, November 26, 2003 9:12 AM Subject: Re: Can this be done?? > Cool. > > I got it to work using the URL variable. > > How can I keep adding or concatenate each selection to the URL.item variable I'm displaying in the bottomframe to a list or array? > > > > > > --Original Message Text--- > From: Kevin Graeme > Date: Wed, 26 Nov 2003 08:56:40 -0600 > > Ah, maybe I misunderstood what you were trying to do. That still sounds > pretty basic and still may not need _javascript_. > > One way that you might do it is in the top frame, each link goes to the same > page in the bottom frame and just passes the link information as a url > variable. So pass from the top frame something like: > changes > > Then on the bottom frame, just grab the url.item variable passed to it, add > it to a list or array or whatever you need of url variables that you've > passed, probably storing them in the session scope. Then output whatever is > in that list. > > -Kevin > > - Original Message - > From: "Bushy" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, November 26, 2003 8:25 AM > Subject: Re: Can this be done?? > > > --Original Message Text--- > > From: Kevin Graeme > > Date: Wed, 26 Nov 2003 08:20:45 -0600 > > > > Actually, depending on how he's doing things _javascript_ might not be > > feasible. If the file/folder listing view is a ftp window in the frame, > then > > he probably won't be able to use _javascript_. > > > > The directory/file listing is created using > > > > If it's a cf/html listing of files, then it's easy and doesn't even really > > need _javascript_. Just use the target attribute in the for each > link > > and point it to the other frame. > > > > OK...but how can I "concatenate" the listings? > > > > -Kevin > > > > - Original Message - > > From: <[EMAIL PROTECTED]> > > To: "CF-Talk" <[EMAIL PROTECTED]> > > Sent: Wednesday, November 26, 2003 8:13 AM > > Subject: RE: Can this be done?? > > > > > http://developer.irt.org/script/script.htm ... the _javascript_ > > > FAQ's learned most of my js there many moons ago... don't know how > > > up to date it is but certainly give you examples of things that you > > > could use to achieve what you want > > > > > > > > > -Original Message- > > > From: Bushy [mailto:[EMAIL PROTECTED] > > > Sent: 26 November 2003 14:02 > > > To: CF-Talk > > > Subject: RE: Can this be done?? > > > > > > > > > Do you know where I could find some examples? > > > > > > --Original Message Text--- > > > From: Heald, Tim > > > Date: Wed, 26 Nov 2003 08:56:10 -0500 > > > > > > _javascript_. > > > > > > > > > > > > -Original Message- > > > From: Bushy [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, November 26, 2003 8:56 AM > > > To: CF-Talk > > > Subject: re: Can this be done?? > > > > > > Hi, > > > > > > I have a frame split in half (topframe & bottomframe). > > > > > > I the top frame I'm listing directories/files which have links to them. > > > Beside each directory/file is an image that when clicked I want to send > > > the link information to the bottom frame as the path. Each time a link > > > is clicked the bottom frame would get updated with a new entry. > > > > > > For example (+ is directory, - is files): > > > > > > Top frame listing > > > - > > > > > > Directory Listing: > > > > > > + changes > > > + delivery > > > + late > > > + schedule > > > - data.txt > > > - test.txt > > > - mywork.txt > > > > > > So if a user click on a the directory "changes" link the file path and > > > name are passed to the bottom frame. user then click on the directory > > > "late" and then filename "test.txt" > > > > > > Bottom frame: > > > - > > > > > > changes > > > late > > > test.txt > > > > > > How could this be done? > > > > > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Can this be done??
You could store the info in a session variable and then append the new value to it. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Bushy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 10:21 AM To: CF-Talk Subject: Re: Can this be done?? Cool. I got it to work using the URL variable. How can I keep adding or concatenate each selection to the URL.item variable I'm displaying in the bottomframe to a list or array? --Original Message Text--- From: Kevin Graeme Date: Wed, 26 Nov 2003 08:56:40 -0600 Ah, maybe I misunderstood what you were trying to do. That still sounds pretty basic and still may not need _javascript_. One way that you might do it is in the top frame, each link goes to the same page in the bottom frame and just passes the link information as a url variable. So pass from the top frame something like: changes Then on the bottom frame, just grab the url.item variable passed to it, add it to a list or array or whatever you need of url variables that you've passed, probably storing them in the session scope. Then output whatever is in that list. -Kevin - Original Message - From: "Bushy" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, November 26, 2003 8:25 AM Subject: Re: Can this be done?? > --Original Message Text--- > From: Kevin Graeme > Date: Wed, 26 Nov 2003 08:20:45 -0600 > > Actually, depending on how he's doing things _javascript_ might not be > feasible. If the file/folder listing view is a ftp window in the frame, then > he probably won't be able to use _javascript_. > > The directory/file listing is created using > > If it's a cf/html listing of files, then it's easy and doesn't even really > need _javascript_. Just use the target attribute in the for each link > and point it to the other frame. > > OK...but how can I "concatenate" the listings? > > -Kevin > > - Original Message - > From: <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, November 26, 2003 8:13 AM > Subject: RE: Can this be done?? > > > http://developer.irt.org/script/script.htm ... the _javascript_ > > FAQ's learned most of my js there many moons ago... don't know how > > up to date it is but certainly give you examples of things that you > > could use to achieve what you want > > > > > > -Original Message- > > From: Bushy [mailto:[EMAIL PROTECTED] > > Sent: 26 November 2003 14:02 > > To: CF-Talk > > Subject: RE: Can this be done?? > > > > > > Do you know where I could find some examples? > > > > --Original Message Text--- > > From: Heald, Tim > > Date: Wed, 26 Nov 2003 08:56:10 -0500 > > > > _javascript_. > > > > > > > > -Original Message- > > From: Bushy [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 26, 2003 8:56 AM > > To: CF-Talk > > Subject: re: Can this be done?? > > > > Hi, > > > > I have a frame split in half (topframe & bottomframe). > > > > I the top frame I'm listing directories/files which have links to them. > > Beside each directory/file is an image that when clicked I want to send > > the link information to the bottom frame as the path. Each time a link > > is clicked the bottom frame would get updated with a new entry. > > > > For example (+ is directory, - is files): > > > > Top frame listing > > - > > > > Directory Listing: > > > > + changes > > + delivery > > + late > > + schedule > > - data.txt > > - test.txt > > - mywork.txt > > > > So if a user click on a the directory "changes" link the file path and > > name are passed to the bottom frame. user then click on the directory > > "late" and then filename "test.txt" > > > > Bottom frame: > > - > > > > changes > > late > > test.txt > > > > How could this be done? > > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Can this be done??
http://www.w3schools.com/js/js_frames.asp Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Bushy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 9:04 AM To: CF-Talk Subject: RE: Can this be done?? Do you know where I could find some examples? --Original Message Text--- From: Heald, Tim Date: Wed, 26 Nov 2003 08:56:10 -0500 _javascript_. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Bushy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 8:56 AM To: CF-Talk Subject: re: Can this be done?? Hi, I have a frame split in half (topframe & bottomframe). I the top frame I'm listing directories/files which have links to them. Beside each directory/file is an image that when clicked I want to send the link information to the bottom frame as the path. Each time a link is clicked the bottom frame would get updated with a new entry. For example (+ is directory, - is files): Top frame listing - Directory Listing: + changes + delivery + late + schedule - data.txt - test.txt - mywork.txt So if a user click on a the directory "changes" link the file path and name are passed to the bottom frame. user then click on the directory "late" and then filename "test.txt" Bottom frame: - changes late test.txt How could this be done? _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Can this be done??
_javascript_. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Bushy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2003 8:56 AM To: CF-Talk Subject: re: Can this be done?? Hi, I have a frame split in half (topframe & bottomframe). I the top frame I'm listing directories/files which have links to them. Beside each directory/file is an image that when clicked I want to send the link information to the bottom frame as the path. Each time a link is clicked the bottom frame would get updated with a new entry. For example (+ is directory, - is files): Top frame listing - Directory Listing: + changes + delivery + late + schedule - data.txt - test.txt - mywork.txt So if a user click on a the directory "changes" link the file path and name are passed to the bottom frame. user then click on the directory "late" and then filename "test.txt" Bottom frame: - changes late test.txt How could this be done? _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: in cfscript???
You use the arguments array's length to determine how many arguments you have. When writing functions in CF script the arguments have to be in order, first the required attributes, and then the optional ones, so something like this: function checkName(cFirstName){ if(arrayLen(arguments) gt 1){ cLastName = arguments[2] } } This allows you to have an optional argument of cLastName. It might not be exact but it should be pretty close. That what you mean? Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: BOUDOT Christian [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 9:10 AM To: CF-Talk Subject: in cfscript??? Hi Folks, Is there any equivalence for the required attribute when the function is written with ? function fctFoo(sFoo){ } thx Chris _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Cold Fusion MX - Looping over application Structure
You do still need to lock shared scope variables that would have a risk of race conditions. Why you don't run into problems with that on CF 4.5 is beyond me, but a simple cflock should fix it right up. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Reuter, Jason D (James Tower) [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 5:35 PM To: CF-Talk Subject: Cold Fusion MX - Looping over application Structure Background: I have been working with my QA group comparing performance running in a Cold Fusion 4.5 environment verses a Cold Fusion MX environment. The load test of the application in CF 4.5 went through without a problem. However, when the application was migrated to CF MX 6.1, QA found that the sites started to become unstable and strange errors occurred. I have been able to isolate the cause down to a specific discrepancy between how CF 4.5 handles looping over an application structure verses CF MX. Code Summary: The page basically caches a query results by assigning it to an application structure. After assigning the application structure to a local variable (qGetItems), the structure is looped over and the field is outputted to the screen. The results work great until two requests run the page at the exact same time. What appears to be happening is in Cold Fusion MX, the application scope assigns a single Iterator across the application structure that is shared to everyone. So in the case of two requests hitting the loop at the same time, the two (or more) simultaneous requesters only get a partial results set. Example, Requester A and Requester B hit the page that returns a total of 300 records to the screen. They hit the page at the same time and Requester A sees 200 records and Requester B sees 100 records. Other times, all records are returned, but not in the correct sequence. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Comparing Values
Use valueList() to get a comma delimited list from the c=id column of the first query then use IN in the second query sorta like this: select columns from table where table.idField in (#valueList) Should head you down towards a quicker solution. The other idea would be to alias the table against itself and do a join against itself something like: select t.columns, ta.columns from table t, table ta where t.this = ta.this OR where t.this != ta.this Without knowing the table and the desired result though I am not sure if this is what your looking for at all. HTH Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: brob [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 7:13 PM To: CF-Talk Subject: Comparing Values Hey guys. I have a query that selects about 2,000 rows (by project id) from a table. Then I use those values to compare with the same table using another query (but from a different project ID. Any numbers that aren't the same are appended to a variable named error_list. I'm basically using a CLOOP query using the first query to loop over the second query. So it's basically like #firstquery.recordcount# loops and checking each value. pseudo code SELECT name from images where project_id = #url.id# AND name = #name# #error_list# Right now, it takes like minutes to get results! Even if there's only 1 value in the list! Is there a better way to do what I am doing? Or some way to make it faster? Cos this is slow! Thankie! _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Task Scheduler Issues Yet Again
I am in the neo-cron.xml file and everything looks ok. This is super weird. Is it cached/compiled? Should I empty out the compiled files? bah. Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Heald, Tim Sent: Friday, October 31, 2003 9:17 AM To: CF-Talk Subject: Task Scheduler Issues Yet Again I have 2 tasks that run daily at 9:00 and 9:15. Each delivers several thousand emails with a daily news items. Really basic stuff. Since daylight savings they have been all hosed up. At first they were being sent out at the wrong time. I deleted and then recreated them, now one goes out at the wrong time, and I get at least one other send late on at the right time. Sometimes it has sent the email as many as three times. Has anyone run into anything like this? Has a command line method of executing cf templates like we were able to do pre MX been figured out yet so I can just use another scheduler? Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Task Scheduler Issues Yet Again
I have 2 tasks that run daily at 9:00 and 9:15. Each delivers several thousand emails with a daily news items. Really basic stuff. Since daylight savings they have been all hosed up. At first they were being sent out at the wrong time. I deleted and then recreated them, now one goes out at the wrong time, and I get at least one other send late on at the right time. Sometimes it has sent the email as many as three times. Has anyone run into anything like this? Has a command line method of executing cf templates like we were able to do pre MX been figured out yet so I can just use another scheduler? Timothy Heald Web Portfolio Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: OT multiple submits and the ENTER key
If you don't have a submit button then hitting enter doesn't work. Tim The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 4:26 PM To: CF-Talk Subject: RE: OT multiple submits and the ENTER key But that doesn't stop anyone from hitting enter to submit the form. And it means that JS is required to submit a simple form. -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: [EMAIL PROTECTED] WWW: http://www.evoch.com/ -Original Message- From: Tangorre, Michael [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 2:49 PM To: CF-Talk Subject: RE: OT multiple submits and the ENTER key I would make the buttons type "button" and not reset or submit. Then make three functions.. function checkKeyPressed(e){ if(e == 13) return false; else return mySubmit(); OR whatever function... } function mySubmit(){ } function myReset(){ } function myCancel(){ } -Original Message- From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 2:44 PM To: CF-Talk Subject: RE: OT multiple submits and the ENTER key No, if you hit the "Enter" key on your key board it will submit the form at any point. That is what I would like to control. -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA -Original Message- From: cfhelp [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 10:07 AM To: CF-Talk Subject: RE: OT multiple submits and the ENTER key Use Tab orders. Then they would have to TAB to the Enter or Reset key. Rick _ From: Ian Skinner [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 29, 2003 11:33 AM To: CF-Talk I am planning a form that will have CANCEL, SUBMIT and RESET buttons. What I would like to know is there anyway to control which of these is activated with the enter key? We would like the CANCEL button to be the default action if the enter key is pressed, can this be done? -- Ian Skinner Web Programmer BloodSource www.BloodSource.org Sacramento, CA Confidentiality Notice: This message including any attachments is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender and delete any copies of this message. _ _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: How can it be done ?
What about adding the userid as part of the file name that they download? Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Chris [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 10:33 AM To: CF-Talk Subject: Re: How can it be done ? Thanks Ricky, I think that writing to the registry will be the best solution for this. - Original Message - From: Ricky Fritzsching To: CF-Talk Sent: Tuesday, October 28, 2003 4:27 PM Subject: RE: How can it be done ? I do agree with Neil, but another option before CFMX would be to write the information into the registry by using the cfregistry tag. Just another option for you. _ From: Robertson-Ravo, Neil (RX) [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 9:09 AM To: CF-Talk hmmmtricky especially since there is a reboot...if cookies are a no go, then I am not sure how you will keep state etc? you could write a file with the userid to the hard drive (as you are allowing a download). but even that will require a user to accept the download. _ From: Chris [mailto:[EMAIL PROTECTED] Sent: 28 October 2003 14:52 To: CF-Talk Subject: How can it be done ? Good afternoon everyone, I have a small quetion, may be one of you skilled guys can help me out. I have a login page, when the users logs in an ID is pulled from a database with CFQUERY. After logging in, a download is started, which will install additional software on the users computer. Important is that the ID can be reused after the download, so I must find a way to remember that ID somewhere or pass it with the download. Cookies are out of the question. Users have complete control over their browser settings, and I know that some have cookies out, other users are behind a firewall which will not allow ActiveX. Anyone has any ideas ? Thanks, Chris Germany. _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Scheduled Tasks executing at wrong time
Hey kids, Anyone know of scheduled task problems caused by daylights savings time? The server clock set it self correctly but my tasks are still running an hour early. Not sure what to do. Has anyone run into this before? I recreated the tasks and they are still running to soon. Weird. Guess I could just set them for an hour later. Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Top n in Oracle
Thanks everyone who helped with this. Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Deanna Schneider [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 9:38 AM To: CF-Talk Subject: Re: Top n in Oracle SELECT * FROM ( SELECT * FROM foo WHERE goo = 'koo' ORDER BY gooey ) WHERE rownum < 101 - Original Message - From: "Heald, Tim" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, October 15, 2003 6:39 AM Subject: Top n in Oracle > I need to pull Top n (lets say three) from an oracle 8i db. Now SQL Server > makes this really easy to do. How would I go about doing it in Oracle? I > have tried sub selects and rownum and stuff, but the order gets al hosed up > if I use those. Basically I need them ordered by date desc. > > Any help would be appreciated. > > Timothy Heald > Information Systems Manager > Overseas Security Advisory Council > U.S. Department of State > 571.345.2319 > > The opinions expressed here do not necessarily reflect those of the U.S. > Department of State or any affiliated organization(s). Nor have these > opinions been approved or sanctioned by these organizations. This e-mail is > unclassified based on the definitions in E.O. 12958. > > > > > _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Top n in Oracle
Yeah. it just randomly grabs the rows, ignoring my order by date_created desc Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Murat Demirci [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 8:36 AM To: CF-Talk Subject: RE: Top n in Oracle did you try "... where rownum <= 3 ... " ? -Original Message- From: Heald, Tim [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 3:27 PM To: CF-Talk Subject: RE: Top n in Oracle The table has something like 250,000 records. The performance would make that impossible. Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Thomas Chiverton [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 8:24 AM To: CF-Talk Subject: Re: Top n in Oracle On Wednesday 15 Oct 2003 12:39 pm, Heald, Tim wrote: > I need to pull Top n (lets say three) from an oracle 8i db. Now SQL Server > makes this really easy to do. How would I go about doing it in Oracle? I > have tried sub selects and rownum and stuff, but the order gets al hosed up > if I use those. Basically I need them ordered by date desc. Do that, then only print the first three rows - you can access your query as a structure remember ! -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** _ _ _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: Top n in Oracle
The table has something like 250,000 records. The performance would make that impossible. Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Thomas Chiverton [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 8:24 AM To: CF-Talk Subject: Re: Top n in Oracle On Wednesday 15 Oct 2003 12:39 pm, Heald, Tim wrote: > I need to pull Top n (lets say three) from an oracle 8i db. Now SQL Server > makes this really easy to do. How would I go about doing it in Oracle? I > have tried sub selects and rownum and stuff, but the order gets al hosed up > if I use those. Basically I need them ordered by date desc. Do that, then only print the first three rows - you can access your query as a structure remember ! -- Tom Chiverton Advanced ColdFusion Programmer Tel: +44(0)1749 834997 email: [EMAIL PROTECTED] BlueFinger Limited Underwood Business Park Wookey Hole Road, WELLS. BA5 1AF Tel: +44 (0)1749 834900 Fax: +44 (0)1749 834901 web: www.bluefinger.com Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple Quay, BRISTOL. BS1 6EG. *** This E-mail contains confidential information for the addressee only. If you are not the intended recipient, please notify us immediately. You should not use, disclose, distribute or copy this communication if received in error. No binding contract will result from this e-mail until such time as a written document is signed on behalf of the company. BlueFinger Limited cannot accept responsibility for the completeness or accuracy of this message as it has been transmitted over public networks.*** _ [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
Top n in Oracle
I need to pull Top n (lets say three) from an oracle 8i db. Now SQL Server makes this really easy to do. How would I go about doing it in Oracle? I have tried sub selects and rownum and stuff, but the order gets al hosed up if I use those. Basically I need them ordered by date desc. Any help would be appreciated. Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
RE: (Admin) List upgrades
The Fusebox lists on Topica used to. They no longer exist though. Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] Sent: Monday, September 15, 2003 3:04 PM To: CF-Talk Subject: RE: (Admin) List upgrades Use some elementary math and multiply that by 100-1000. It _is_ a big deal. Can anyone direct me to an email list that uses HTML over text? Adam Wayne Lehman Web Systems Developer Johns Hopkins Bloomberg School of Public Health Distance Education Division -Original Message- From: Claude Schneegans [mailto:[EMAIL PROTECTED] Sent: Monday, September 15, 2003 2:02 PM To: CF-Talk Subject: Re: (Admin) List upgrades >>Currently outlook takes about 5-10 minutes to download and sort them all So with HTML it will take from 15 to 30 more seconds ? Not a big deal. ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: CFTry/CFCatch
Custom tag? Timothy Heald Information Systems Manager Overseas Security Advisory Council U.S. Department of State 571.345.2319 The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s). Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. -Original Message- From: Dave Sueltenfuss [mailto:[EMAIL PROTECTED] Sent: Thursday, September 11, 2003 1:34 PM To: CF-Talk Subject: CFTry/CFCatch Good Afternoon Is it at all possible to put CFTry/CFCatch into a page by using two include statements? (one at the top, and one at the bottom) I am trying to setup better error handling on my site, but do not want to have to put the full code in each page, just include it. This way, If I need to add something to it, I can just change it in one spot Any help is appreciated Thanks Dave Sueltenfuss Application Developer Certified ColdFusion MX Developer Arch Wireless Phone: 508-870-6711 Fax: 508-836-2760 Email: [EMAIL PROTECTED] ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: decrypt() not working on CF5
Start by not using encrypt and decrypt. Instead use cfusion_encrypt() and cfusion_decrypt(). Much better functions. The results are pure alphanumeric. Weird that this shouldn't work though. What error is CF 5 throwing? Or is it decrypting incorrectly? Is the encrypted value the same on both CF 5 and MX? Tim -Original Message- From: McNamara Kyle W CONT PORT [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 12:18 PM To: CF-Talk Subject: decrypt() not working on CF5 Help! this thing (see code below) works fine on MX but not on CF5... the only way to get it towork in CF5 is to encrypt and decrypt in the same request. Can anyone suggest a workaround? we need this to work for our transition to MX. Thank you! Kyle The string: #string# The key: #key# Encrypted: #encrypted# Decrypted: #decrypted# ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com
RE: DWMX 2004 - Whats new for us?
Also when talking about how much of the market share CF has, you have to look at the installed base, which I know is huge. I mean hell, how many 4.5.1 installs do you think are still floating around out there. I know we have several. Declining sales != declining market share Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 3:36 PM To: CF-Talk Subject: Re: DWMX 2004 - Whats new for us? Hey Matt L. So your assumption about the CF marketshare is based on declining revenue from CF MX at MM?? Is it not possible that CFs usage could have grown and the decline in CF MX revenue is simply because it was not readily adopted by ALOT of developers and ISPs because of the array of instability issues and just general buggines before 6.1 was released? Just a thought Cheers Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder & Director www.cfug-vancouverisland.com - Original Message - From: "Matt Liotta" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, August 28, 2003 12:08 PM Subject: Re: DWMX 2004 - Whats new for us? > Was your email a response to my message? If it is, apparently I > miscommunicated what I was trying to point. So, just to be clear, I am > suggesting that DW will focus on other languages besides CF since CF is > a declining market. > > -Matt > > On Thursday, August 28, 2003, at 02:47 PM, Joshua Miller wrote: > > > Frankly, I don't care if MM focuses DW entirely on the COBOL market ... > > It's NOT CF, it's an IDE and a crappy one at that. It's an excellent > > visual tool for building websites, but it's not so hot at being a > > "programmer's IDE". It has potential as an IDE, but I personally can't > > stand it. And yes, I used it for a month and still feel the same. > > > > Aside from that, how can you expect MM to drop everyone else just > > because they own CF now? I'd prefer them to keep making money so they > > can keep developing CF. They have to compete with the other offerings > > out there - GoLive, FrontPage, VisualStudio, etc. You run a business > > right? Would you drop all your old customers across several markets > > because you got some new ones in one small market who screamed a lot? > > > > There's no reason to turn DWMX into a CF-only tool - how many people > > out > > there ONLY write CF? How successful do you think Macromedia would be if > > they applied that kind of myopic principal to all of their products? > > > > Joshua Miller > > Head Programmer / IT Manager > > Garrison Enterprises Inc. > > www.garrisonenterprises.net > > [EMAIL PROTECTED] > > (704) 569-0801 ext. 254 > > > > *** > > * > > * > > Any views expressed in this message are those of the individual sender, > > except where the sender states them to be the views of > > Garrison Enterprises Inc. > > > > This e-mail is intended only for the individual or entity to which it > > is > > addressed and contains information that is private and confidential. If > > you are not the intended recipient you are hereby notified that any > > dissemination, distribution or copying is strictly prohibited. If you > > have received this e-mail in error please delete it immediately and > > advise us by return e-mail to [EMAIL PROTECTED] > > *** > > * > > * > > > > > > -Original Message- > > From: Matt Liotta [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 28, 2003 1:48 PM > > To: CF-Talk > > Subject: Re: DWMX 2004 - Whats new for us? > > > > > >> Granted, I pretty much stopped using DW when MX rolled out, but lots > >> of people love it. You can't expect MM to stop schmoozing it's > >> pre-existing customer base and ONLY focus on CF. Seriously now, you > >> don't want all those ASP and PHP folks spending their money somewhere > >> else - the beauty > >> of it is that all of those people who buy DW and use it to code PHP > > and > >> ASP are contributing to the future of MM and CF with their funds. > >> > > I disagree with the above statement. The market for ASP and PHP is > > growing, while the CF market is shrinking. Certainly, there is reason > > right now for Macromedia to support ASP, PHP, and CF, but at what point > > does the size of each respective market force MM to focus DW on only > > the largest markets, namely ASP and PHP? > > > > Matt Liotta > > President & CEO > > Montara Software, Inc. > > http://www.MontaraSoftware.com > > (888) 408-0900 x901 > > > >
RE: DWMX 2004 - Whats new for us?
You mean aside from the licenses we just bought? Tim -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 3:27 PM To: CF-Talk Subject: Re: DWMX 2004 - Whats new for us? > In government the CF market is growing, at least here at state. I > know the > market in general in D.C. for CF developers with a security clearances > is > awesome. > Do you have any evidence to support the statement that CF's market sharing is growing in the government sector? Matt Liotta President & CEO Montara Software, Inc. http://www.MontaraSoftware.com (888) 408-0900 x901 ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
RE: DWMX 2004 - Whats new for us?
In government the CF market is growing, at least here at state. I know the market in general in D.C. for CF developers with a security clearances is awesome. Tim -Original Message- From: Matt Liotta [mailto:[EMAIL PROTECTED] Sent: Thursday, August 28, 2003 2:18 PM To: CF-Talk Subject: Re: DWMX 2004 - Whats new for us? > Granted, I pretty much stopped using DW when MX rolled out, but lots of > people love it. You can't expect MM to stop schmoozing it's > pre-existing > customer base and ONLY focus on CF. Seriously now, you don't want all > those ASP and PHP folks spending their money somewhere else - the > beauty > of it is that all of those people who buy DW and use it to code PHP and > ASP are contributing to the future of MM and CF with their funds. > I disagree with the above statement. The market for ASP and PHP is growing, while the CF market is shrinking. Certainly, there is reason right now for Macromedia to support ASP, PHP, and CF, but at what point does the size of each respective market force MM to focus DW on only the largest markets, namely ASP and PHP? Matt Liotta President & CEO Montara Software, Inc. http://www.MontaraSoftware.com (888) 408-0900 x901 ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
RE: NN6+ document.all
document.getElementById() instead of document.all Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: John Wilker [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 12:38 PM To: CF-Talk Subject: SOT: NN6+ document.all So I have a little menu that is populated by CF (hence the only sorta OT :) ) in IE it works using document.all.divname but in netscape there is no document.all the JS bible uses Node.prototype._defineGetter_("all", function() {some stuff.} Netscapes javascript console says it doesn't recognize _defineGetter_. I found another example using just something.propname getter= funciton() {} That one seems to bomb out when I get to the line that reads menu=eval("document.all.d" + n) saying menu has nothing in it. Any thoughts? I can cut and paste code if anyone wants to see all that. John Wilker Software Engineer, Technical Writer Sequent Technologies. ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
J2EE CFMX install error
When we get the point where we should be brought to the administrator, after the install, we get an error: No such role cfadmin84f49b8e2fd010bc479ba763218432c4 anyone see this before? Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Get the mailserver that powers this list at http://www.coolfusion.com
RE: ambiguous
Prefix it with the table name of the one you really want. Probably want to alias it as well. myTable.customerID as thisCustomerID Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Robert Orlini [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2003 12:55 PM To: CF-Talk Subject: ambiguous I get a How do I fix this SQL error please? ODBC Error Code = 37000 (Syntax error or access violation) [Microsoft][ODBC SQL Server Driver][SQL Server]Ambiguous column name 'customerid' Both orders and customers have a customerid column My statement: SELECT * FROM bookinfo, orders, customers Where bookinfo.bookid = orders.bookid Thanks! Robert O HWW ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
RE: TEST - Please reply *at least once
Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Clint [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 4:37 PM To: CF-Talk Subject: Re: TEST - Please reply *at least once got it ;) - Original Message - From: "B G" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Thursday, August 14, 2003 3:00 PM Subject: TEST - Please reply *at least once > Sorry to do this to you all, but I haven't seen any of my messages or > responses in the last few days. > > Thanks! > > _ > Tired of spam? Get advanced junk mail protection with MSN 8. > http://join.msn.com/?page=features/junkmail > > ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
Oracle Application Server and CF 6.1
Anyone done this before? Pointers? Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 ~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com
RE: RE: re: Mach-II
nono it's like building a house silly. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 3:07 AM To: CF-Talk Subject: Re: RE: re: Mach-II Sheesh... what's next? Probably some guy somewhere saying something silly like "cooking is a lot like programming". U... nevermind. -Novak ;-) - Original Message - From: "Hal Helms" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 3:35 PM Subject: RE: RE: re: Mach-II > Yeah, yeah, I've heard of this "Fusebox" framework. I've even used it > once or twice. I just don't get what the big deal is, though. Sure it > helps you separate logic and presentation, it helps teams work together, > it provides encapsulation, etc, etc. But is that really sufficient > grounds for liking something - that it helps people? What's next? Shall > we adopt something simply because it works? Where would great > corporations like Microsoft or Oracle be if they adopted that attitude? > > You sound too much like that guy in CFDJ who sounds like freakin' Oprah > with his talk about "empowering people" and "supporting developers". > Give me something manlier than that! And as for documentation, which you > note as a strength of Fusebox, well, all I can do is quote a greater man > than I who said: "It was hard to write. It should be hard to > understand." > > Hal Helms > "Java for CF Programmers" class > in Las Vegas, August 18-22 > www.halhelms.com > > -Original Message- > From: Angus McFee [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 5:09 PM > To: CF-Talk > Subject: RE: RE: re: Mach-II > > > Matt - > > Good to hear from a fellow fuseboxer! > > No, this isn't a joke, this guy clearly has a problem with what fusebox > has become and has made this other framework that clearly doesn't do > most of what Fusebox is capable of. I don' t think him having helped > make fusebox or having been in a few books makes a huge difference. My > dog has been in a few books, that doesn't mean he don't hate cats. > > But this really sounds like he is dissing fusebox. "Mach-II, though, is > meant to be a pure OO framework. Fusebox and Mach-II have in common some > good software engineering principles, but are very different things. I'm > really referring to (a) backwards compatibility and (b) cross-language > compatibility." > > These things aren't new and they don't do something you can't do with > fusebox already. Fusebox already works in ColdFusion, PHP, ASP, JSP and > Perl, and I have even seen a TCL port for the framework. In PHP, you can > do all the object oriented programming you want, so I don't see why > there would be a need for this "mach-ii" except to take away from > fusebox. > > This guy is just one of the ones who is never going to get what it is > all about. > > Angus McFee > > -Original Message- > From: Matt Liotta [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 4:37 PM > To: CF-Talk > Subject: Re: Mach-II > > This is a joke right? > -Matt > On Wednesday, July 30, 2003, at 04:08 PM, Angus McFee wrote: > > Hal - > > > > I've heard from plenty of people looking for a way to beat up on > > Fusebox, but usually they have nothing to say when it comes to > > building a better framework. This is the first time in a long time > > anyone has suggested an alternative approach, and I really don't see > > how any of this benefits developers. This mach-ii stuff looks like > > just another petty attack on Fusebox. > > > > It's pretty clear we see things differently when it comes to building > > Web applications. I don't know you, but I can tell you are a pretty > > intelligent person, so you probably have some good reasons for why you > > > don't like or hate fusebox. > > > > What I have to ask you is: do you use fusebox? Becuase there are > > plenty of people who are ready to attack it anytime and don't even > > know ColdFusion, much less what a framework is. You will probably > > never be convinced about the benefits of fusebox, all I can do is > > disagree with you, and point out all the great things fusebox does for > > > developers: > > > > * it separates business logic from presentation logic, making for more > > > organized, efficent code > > * it gives developers a common set of rules and methods to work from, > > so that everyone can understand what the other people are doing on a > > project regardless of the size of a team > > * it modularizes and encapsulates code, making it easier to reuse and > > > thus to maintain > > * it is self-documenting, containing a complete, inline XML standard > > for documenting your applications > > * most importantly, there are thousands and thousands of fusebox > > developers out there, and more and more shops are choosing to use it > > every day. it is close to becoming a de-facto standard, which I
RE: RE: re: Mach-II
Ahhh, I was wondering when the name of Stan was going to come into this. Where has he been anyway? Rock the House and Horse and stuff :P Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Hamm, Greg [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 6:26 PM To: CF-Talk Subject: RE: RE: re: Mach-II This is the best thread in years, Now Angus do you know Stan Cox? I think he'll be at the FB conference in Vegas at the end of August, I'd buy both of you drinks, if I was going... Cheers Greg -Original Message- From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] Sent: July 30, 2003 2:27 PM To: CF-Talk Subject: RE: RE: re: Mach-II Wholly crap, and I thought I lived under a rock. - Original Message - From: "Angus McFee" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 30, 2003 4:08 PM Subject: RE: RE: re: Mach-II > Hal - > > I've heard from plenty of people looking for a way to beat up on Fusebox, but usually they have nothing to say when it comes to building a better framework. This is the first time in a long time anyone has suggested an alternative approach, and I really don't see how any of this benefits developers. This mach-ii stuff looks like just another petty attack on Fusebox. > > It's pretty clear we see things differently when it comes to building Web applications. I don't know you, but I can tell you are a pretty intelligent person, so you probably have some good reasons for why you don't like or hate fusebox. > > What I have to ask you is: do you use fusebox? Becuase there are plenty of people who are ready to attack it anytime and don't even know ColdFusion, much less what a framework is. You will probably never be convinced about the benefits of fusebox, all I can do is disagree with you, and point out all the great things fusebox does for developers: > > * it separates business logic from presentation logic, making for more organized, efficent code > * it gives developers a common set of rules and methods to work from, so that everyone can understand what the other people are doing on a project regardless of the size of a team > * it modularizes and encapsulates code, making it easier to reuse and thus to maintain > * it is self-documenting, containing a complete, inline XML standard for documenting your applications > * most importantly, there are thousands and thousands of fusebox developers out there, and more and more shops are choosing to use it every day. it is close to becoming a de-facto standard, which I doubt your mach-ii 'framework' will ever be able to match > > Angus McFee > > > -Original Message- > From: Hal Helms [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 30, 2003 2:16 PM > To: CF-Talk > Subject: RE: RE: re: Mach-II > > You're right, Dave. We're not looking to be able to incorporate Fusebox 3 (or 4) with Mach-II. We think that Fusebox is a great framework for procedural programmers. (Please, God, don't let this degenerate into yet another pro/con Fusebox debate...) > Mach-II, though, is meant to be a pure OO framework. Fusebox and Mach-II have in common some good software engineering principles, but are very different things. I'm really referring to (a) backwards compatibility and (b) cross-language compatibility. > Hal Helms > "Java for CF Programmers" class > in Las Vegas, August 18-22 > www.halhelms.com > > > > - > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: RE: RE: re: Mach-II
hehe you people really don't see the troll? Matt != Fuseboxer; Hal == FuseboxGhod; Angus == Troll; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 6:51 PM To: CF-Talk Subject: Re: RE: RE: re: Mach-II Sigh... Where did he say anywhere that those benefits are exclusive to fusebox? Point is, fusebox provides those benefits, not that they're the exclusive domain of fusebox... - Original Message - From: Calvin Ward <[EMAIL PROTECTED]> Date: Wednesday, July 30, 2003 3:52 pm Subject: Re: RE: RE: re: Mach-II > I have to comment on this > > > > * it separates business logic from presentation logic, making for > > > more organized, efficent code > > Seperating presentation from logic is not limited to, nor requires the > Fusebox methodology. > > > > * it gives developers a common set of rules and methods to work > > > from, so that everyone can understand what the other people are > > > doing on a project regardless of the size of a team > > Common sets of rules and methods are not limited to, nor require > the Fusebox > methodology. > > > > * it modularizes and encapsulates code, making it easier to reuse > > > and thus to maintain > > Encapsulation is not limited to, nor requires the Fusebox methodology. > > > > * it is self-documenting, containing a complete, inline XML > > > standard for documenting your applications > > I wouldn't consider that feature of fusebox as self documenting, > the inline > XML is a clever way of organizing comments in code that allows > access to > them in ways other than opening source code. This is not limited > to, nor > requires the Fusebox methodology. > > > > * most importantly, there are thousands and thousands of fusebox > > > developers out there, and more and more shops are choosing to use > > > it every day. it is close to becoming a de-facto standard, > which I > > > doubt your mach-ii 'framework' will ever be able to match > > This is the only semi-valid point. I think mach-ii has a lot more > promisethan Fusebox for object oriented development. Fusebox was > an attempt to > bring OO into a procedural framework. Successful? Certainly. > Effective?Apparently. Overwhelmingly so? I don't think so. > > Any methodology is better than no methodology, and the right > methodologydepends on the developer(s), the company, and/or the > project. > Fusebox is not inherently better than all other methodologies, > with the > caveat that it is more widely used than any other methodology for > CF, as far > as the casual observer can see. > > - Calvin > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: RE: re: Mach-II
hehe troll. Silly people. -Original Message- From: Angus McFee [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 4:22 PM To: CF-Talk Subject: RE: RE: re: Mach-II Hal - I've heard from plenty of people looking for a way to beat up on Fusebox, but usually they have nothing to say when it comes to building a better framework. This is the first time in a long time anyone has suggested an alternative approach, and I really don't see how any of this benefits developers. This mach-ii stuff looks like just another petty attack on Fusebox. It's pretty clear we see things differently when it comes to building Web applications. I don't know you, but I can tell you are a pretty intelligent person, so you probably have some good reasons for why you don't like or hate fusebox. What I have to ask you is: do you use fusebox? Becuase there are plenty of people who are ready to attack it anytime and don't even know ColdFusion, much less what a framework is. You will probably never be convinced about the benefits of fusebox, all I can do is disagree with you, and point out all the great things fusebox does for developers: * it separates business logic from presentation logic, making for more organized, efficent code * it gives developers a common set of rules and methods to work from, so that everyone can understand what the other people are doing on a project regardless of the size of a team * it modularizes and encapsulates code, making it easier to reuse and thus to maintain * it is self-documenting, containing a complete, inline XML standard for documenting your applications * most importantly, there are thousands and thousands of fusebox developers out there, and more and more shops are choosing to use it every day. it is close to becoming a de-facto standard, which I doubt your mach-ii 'framework' will ever be able to match Angus McFee -Original Message- From: Hal Helms [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 2:16 PM To: CF-Talk Subject: RE: RE: re: Mach-II You're right, Dave. We're not looking to be able to incorporate Fusebox 3 (or 4) with Mach-II. We think that Fusebox is a great framework for procedural programmers. (Please, God, don't let this degenerate into yet another pro/con Fusebox debate...) Mach-II, though, is meant to be a pure OO framework. Fusebox and Mach-II have in common some good software engineering principles, but are very different things. I'm really referring to (a) backwards compatibility and (b) cross-language compatibility. Hal Helms "Java for CF Programmers" class in Las Vegas, August 18-22 www.halhelms.com - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: cfobjectcache for cf5?
structDelete? Depends on the scope in 5. Some were structs and some weren't if I remember correctly. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Tyler Silcox [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 30, 2003 10:01 AM To: CF-Talk Subject: cfobjectcache for cf5? Is there anyway to programically clear the application/server's cache for CF5? I'd like to set up a url to hit to clear out my queries whenever the client makes an update...TIA-> Tyler ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Search engine safe urls
The two main things I have heard about this are: 1. Make sure to have a base tag in you head 2. Uncheck the "check for files existence" (or something like that) in Internet Services Manager > Home Directory > Configuration So far neither of those have fixed my Server Not Found error. If it's a 404 try both of the above methods. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:33 PM To: CF-Talk Subject: Search engine safe urls I've looked high and low and I can't find an answer that works so I'm going to ask here. In the release notes for the updater it says as one of the features fixed: Search engine safe URLs of the form *.cfm/* did not work properly, so a URL such as http:/server/test.cfm/alpha/beta would not execute test.cfm. Nice statement but I can't find anything more about SES urls, nothing works and every attempt I make to get them to work fails. Is it limited to a single domain site? Does it need changes to the XML pages? Does it only work on IIS? Has anyone gotten this to work? If so, want to write a paper on it? Thanks Michael Dinowitz Finding technical solutions to the problems you didn't know you had yet ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
rds error
I am suddenly getting a 405 error when trying to browse my dev box with CF Studio 5 RDS. Anyone seen this? I checked and the servlet mapping is still in web.xml, and the path is what the mm site says it should be, only /cfide/main/ide.cfm doesn't exist. This is after installing updater 3 a few days ago. Any ideas? Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Funky Column Names
doh, got to read better :( Sorry man, Tim -Original Message- From: Critz [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 2:20 PM To: CF-Talk Subject: Re: Funky Column Names oi Tim!! that's not the query though: out_queryTable is the query... oh well for now this will work Eek!: t'ain perdy but she's a werkin naw Thursday, July 24, 2003, 2:03:28 PM, you wrote: HT> myQuery = SDE.DBO.TMLS_PARCELS; HT> pin = myQuery.pin; HT> Timothy Heald HT> Information Systems Specialist HT> Overseas Security Advisory Council HT> U.S. Department of State HT> 571.345.2235 HT> -Original Message- HT> From: Critz [mailto:[EMAIL PROTECTED] HT> Sent: Thursday, July 24, 2003 1:54 PM HT> To: CF-Talk HT> Subject: Re: Funky Column Names HT> oi webguy!! HT> it's an ArcIMS query... I get what it spits out.. HT> HT> Thursday, July 24, 2003, 1:48:04 PM, you wrote: w>> Can you change the query ? w>> select SDE.DBO.TMLS_PARCELS.PIN AS pin w>> FROM table w>> w>> -Original Message- w>> From: Critz [mailto:[EMAIL PROTECTED] w>> Sent: 24 July 2003 18:39 w>> To: CF-Talk w>> Subject: Funky Column Names w>> oi CF-Talk,!! w>> I've got a query that returns a column: SDE.DBO.TMLS_PARCELS.PIN w>> and if I attempt valueList(out_queryTable.SDE.DBO.TMLS_PARCELS.PIN) w>> I get a nice error. w>> Parameter 1 of function ValueList which is now w>> "out_queryTable.SDE.DBO.TMLS_PARCELS.PIN" must w>> be pointing to a valid query name w>> any ideas how I can get around this (besides renaming the HT> column..I w>> do not have control over w>> that.. w>> Crit w>> --- w>> [This E-mail scanned for viruses by Declude Virus] w>> HT> ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Funky Column Names
myQuery = SDE.DBO.TMLS_PARCELS; pin = myQuery.pin; Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Critz [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 1:54 PM To: CF-Talk Subject: Re: Funky Column Names oi webguy!! it's an ArcIMS query... I get what it spits out.. Thursday, July 24, 2003, 1:48:04 PM, you wrote: w> Can you change the query ? w> select SDE.DBO.TMLS_PARCELS.PIN AS pin w> FROM table w> w> -Original Message- w> From: Critz [mailto:[EMAIL PROTECTED] w> Sent: 24 July 2003 18:39 w> To: CF-Talk w> Subject: Funky Column Names w> oi CF-Talk,!! w> I've got a query that returns a column: SDE.DBO.TMLS_PARCELS.PIN w> and if I attempt valueList(out_queryTable.SDE.DBO.TMLS_PARCELS.PIN) w> I get a nice error. w> Parameter 1 of function ValueList which is now w> "out_queryTable.SDE.DBO.TMLS_PARCELS.PIN" must w> be pointing to a valid query name w> any ideas how I can get around this (besides renaming the column..I w> do not have control over w> that.. w> Crit w> --- w> [This E-mail scanned for viruses by Declude Virus] w> ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Red sky
Are you honestly a partner that isn't running some PURCHASED CF server? Last partner I worked at the software we received was for demonstration and development, not production. Unless that changed recently? I notice your site is in CF. That would be production yes? Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 11:30 AM To: CF-Talk Subject: Re: Red sky Thanks Tim..but partners don't PAY for software and COULD be considered as NOT customersthat's why I asked ;-) Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder & Director www.cfug-vancouverisland.com - Original Message - From: "Heald, Tim" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 8:21 AM Subject: RE: Red sky > > Red Sky will be free for all existing ColdFusion MX customers and will > > be released sometime this summer. > > Tim > > > -Original Message- > From: Bryan Stevenson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 23, 2003 11:23 AM > To: CF-Talk > Subject: Re: Red sky > > > Hey Christian, > > Perhaps you know whether or not MM partners will get Red Sky for free as > well as part of the software we get as partners? > > Thanks > > Bryan Stevenson B.Comm. > VP & Director of E-Commerce Development > Electric Edge Systems Group Inc. > t. 250.920.8830 > e. [EMAIL PROTECTED] > > - > Macromedia Associate Partner > www.macromedia.com > - > Vancouver Island ColdFusion Users Group > Founder & Director > www.cfug-vancouverisland.com > - Original Message - > From: "Christian Cantrell" <[EMAIL PROTECTED]> > To: "CF-Talk" <[EMAIL PROTECTED]> > Sent: Wednesday, July 23, 2003 8:04 AM > Subject: Re: Red sky > > > > On Wednesday, July 23, 2003, at 07:53 AM, John McCosker wrote: > > > > > What I took from it was there will be an updater 4 for current > > > versions of > > > MX, > > > that have had outstanding bugs and have been fixed during the Red Sky > > > beta > > > test, > > > which I think is leading to the new realease of MX, and updaters for > > > pre MX. > > > > There will not be an Updater 4, or at least we are not planning one > > anytime soon. Red Sky is the updater. We are not calling Red Sky > > updater 4 because it is much more than just an updater. It is a > > point-release which both fixes bugs and adds/improves functionality. > > Red Sky will be free for all existing ColdFusion MX customers and will > > be released sometime this summer. > > > > Christian > > > > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Red sky
> Red Sky will be free for all existing ColdFusion MX customers and will > be released sometime this summer. Tim -Original Message- From: Bryan Stevenson [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 11:23 AM To: CF-Talk Subject: Re: Red sky Hey Christian, Perhaps you know whether or not MM partners will get Red Sky for free as well as part of the software we get as partners? Thanks Bryan Stevenson B.Comm. VP & Director of E-Commerce Development Electric Edge Systems Group Inc. t. 250.920.8830 e. [EMAIL PROTECTED] - Macromedia Associate Partner www.macromedia.com - Vancouver Island ColdFusion Users Group Founder & Director www.cfug-vancouverisland.com - Original Message - From: "Christian Cantrell" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, July 23, 2003 8:04 AM Subject: Re: Red sky > On Wednesday, July 23, 2003, at 07:53 AM, John McCosker wrote: > > > What I took from it was there will be an updater 4 for current > > versions of > > MX, > > that have had outstanding bugs and have been fixed during the Red Sky > > beta > > test, > > which I think is leading to the new realease of MX, and updaters for > > pre MX. > > There will not be an Updater 4, or at least we are not planning one > anytime soon. Red Sky is the updater. We are not calling Red Sky > updater 4 because it is much more than just an updater. It is a > point-release which both fixes bugs and adds/improves functionality. > Red Sky will be free for all existing ColdFusion MX customers and will > be released sometime this summer. > > Christian > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Strange Administrator Error
NM, I reinstalled updater three and it fixed it. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Heald, Tim Sent: Tuesday, July 22, 2003 8:52 AM To: CF-Talk Subject: RE: Strange Administrator Error Hey I had asked this yesterday, but it was right around COB, has anyone seen anything like the error below? And if so, is there any other way around this besides reinstalling?? Thanks, Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Heald, Tim Sent: Monday, July 21, 2003 4:48 PM To: CF-Talk Subject: Strange Administrator Error Any of you ever see this before? How would I go about fixing it? BTW this is an error when I try to get to the administrator, and just started after installing SQL Server 200. THX Error Occurred While Processing Request Method selection Exception. An exception occurred during method selection process for Method getAdminHash The cause of this exception was that either there are no methods with the the specified method name and argument types, or the method getAdminHash is overloaded with arguments types that Coldfusion can't decipher reliablly. Use javacast function to reduce ambiguity. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Strange Administrator Error
Hey I had asked this yesterday, but it was right around COB, has anyone seen anything like the error below? And if so, is there any other way around this besides reinstalling?? Thanks, Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Heald, Tim Sent: Monday, July 21, 2003 4:48 PM To: CF-Talk Subject: Strange Administrator Error Any of you ever see this before? How would I go about fixing it? BTW this is an error when I try to get to the administrator, and just started after installing SQL Server 200. THX Error Occurred While Processing Request Method selection Exception. An exception occurred during method selection process for Method getAdminHash The cause of this exception was that either there are no methods with the the specified method name and argument types, or the method getAdminHash is overloaded with arguments types that Coldfusion can't decipher reliablly. Use javacast function to reduce ambiguity. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Strange Administrator Error
Any of you ever see this before? How would I go about fixing it? BTW this is an error when I try to get to the administrator, and just started after installing SQL Server 200. THX Error Occurred While Processing Request Method selection Exception. An exception occurred during method selection process for Method getAdminHash The cause of this exception was that either there are no methods with the the specified method name and argument types, or the method getAdminHash is overloaded with arguments types that Coldfusion can't decipher reliablly. Use javacast function to reduce ambiguity. Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Structure, Array, Both?
Why not either cache the query or put the query in a memory resident scope? Tim -Original Message- From: James Blaha [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 1:34 PM To: CF-Talk Subject: Structure, Array, Both? All: Structure or Array? I have a large table that I want in server memory but I'm not sure what the best route to follow is. There are many columns. Let say its White Pages information. Tables Columns e.g. : ID, FirstName, LastName, Address, City, State, Zip and Notes What is the best route to follow for a CFQUERY e.g. (Select * From Table) to place all its information into a structure or array? Regards, James Blaha ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Browser resize looses attributes scope
F5 is another request, it just mirrors the last request, so it passes any form variables along as it should. There isn't a script or anything causing it to reload the page or send it to the new URL, without accounting for the form variables is there? Ok using FB I assume that the variables your talking about start off life as form variables right? See if form.varName comes back undefined. I am betting that for whatever reason rather than doing like a refresh and passing the form variables along with the request, it's just sending the browser to that page. Now since your using FB, and I assume your using a script or something to send the user to the url of the action page you can pass those variables appended on the url and they will still be available in the attributes scope. That make any sense? Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Tyagi, Badal [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 9:12 AM To: CF-Talk Subject: RE: Browser resize looses attributes scope That is also my main worry that why the page refreshes on browser resize and rather it does not behave like normal refresh(F5) but loads like new request altogether and looses attributes value too, bcoz normal F5 is working fine. This testing team is really eating my time and brain? regards badal -Original Message- From: Nagy, Daniel J [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 6:32 PM To: CF-Talk Subject: RE: Browser resize looses attributes scope do something here. it's a coding style rather than an axiom, but it works for me. i know this isn't the panacea he's looking for, but it -will- stop the error. :P i'm really more curious as to why the page refreshes on browser resize. --d. -Original Message- From: GL [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 9:00 AM To: CF-Talk Subject: RE: Browser resize looses attributes scope But that would render the page useless, if you discount the reason that these variables don't exist. Just faking a value for them isn't going to accomplish anything. -Original Message- From: Nagy, Daniel J [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 7:48 AM To: CF-Talk Subject: RE: Browser resize looses attributes scope if the variables have no value on initial load of that page, use a cfparam tag to ensure that they exist on pageload. -Original Message- From: Tyagi, Badal [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 8:44 AM To: CF-Talk Subject: RE: Browser resize looses attributes scope Thanks Daniel, but there is no need to resize the window it was just caught during testing when one of the testers did this. And I did not get your second point regarding . regards badal Tyagi -Original Message- From: Nagy, Daniel J [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 5:05 PM To: CF-Talk Subject: RE: Browser resize looses attributes scope no offense, but wouldn't it have been easier to make all the tables/etc percentages so you wouldn't ever -need- to refresh on resize? i don't think i've seen this kind of hack since netscape 3. either that, or CFPARAM out all your junk if it's null on that page. --d. -Original Message- From: Tyagi, Badal [mailto:[EMAIL PROTECTED] Sent: Friday, June 27, 2003 5:26 AM To: CF-Talk Subject: Browser resize looses attributes scope We have one application running on fusebox1.0 on CFMX and we are using to convert all form and URL variables to attributes. Now when one page is called with few attributes type variables, the page gets loaded but the problem occures when we resize the browser window, because the page refreshes automatically and page looses its attributes values and CF throws ERROR saying "Element QUOT_SUB_QUOTE is undefined in ATTRIBUTES" This happens anywhere in the application where attributes.varname is called and they are now "Undefined" as error says. Any help on this issue? regards, badal Tyagi, HCL Perot Systems, Noida, India ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CSS and vertical text - help!
L O O K S L I K E T H I S Remove the tabs if it looks wrong :) Timothy Heald Information Systems Specialist Overseas Security Advisory Council U.S. Department of State 571.345.2235 -Original Message- From: Reed Powell [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 2:21 PM To: CF-Talk Subject: CSS and vertical text - help! Hi guys - I have 1 foot out the door for vacation, and the other is typing on a keyboard while my hands are busy with my CSS books. Is there a way to text to align vertically? In Excel, for instance, there is an option on the font properties so that text L O O K S L I K E T H I S Can I get this effect in CSS? I have a helaciously wide table to display and am trying to buy some horizontal real estate because it is the column headings that are making it so wide. Am hoping I don't have to do something like break each word into individual characters with in between. thanks everyone -reed ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CFUN 2k3 Rollcall
I'm local too. Tim > -Original Message- > From: Adam Wayne Lehman [SMTP:[EMAIL PROTECTED] > Sent: Thursday, June 19, 2003 10:15 AM > To: CF-Talk > Subject: RE: CFUN 2k3 Rollcall > > Well, I live in rockVegas (aka Rockville, MD), so I'm always here. My > question is... should I bring the beer pig? He's been working the front > door of my home since devCon. > > Adam Wayne Lehman > Web Systems Developer > Johns Hopkins Bloomberg School of Public Health > Distance Education Division > > > -Original Message- > From: Judith Dinowitz [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 10:19 PM > To: CF-Talk > Subject: CFUN 2k3 Rollcall > > Me too! I'll be there Thursday night to Sunday. Anyone else coming in > early? > > Judith > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CFMX looses CFM mime type at reboot
Very cool. Fixed me right up. Thanks, Tim > -Original Message- > From: Dan G. Switzer, II [SMTP:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 10:18 PM > To: CF-Talk > Subject: RE: CFMX looses CFM mime type at reboot > > Tim, > > > On reboot we can now browse the home page by domain. However if you > > append > > index.cfm onto the domain it throws a 404. If you try to follow any > links > > it > > throws a 404. Just for s&g I check the mime types and the IIS > connector. > > Conector is listed as it should be, but there is no entry in mime types > > for > > CFM. Super strange. I run the remove connectors and the add > connectors. > > All is well in the world. > > > > Anyone seen this before? > > I blogged a solution to this on my site: > http://blog.pengoworks.com/blogger/index.cfm?action=blog:90 > > There have been some useful additional comments from other users as well > in > case my solution doesn't fix the problem for you. > > - Dan > ... > : Name: Dan G. Switzer, II: > : E-mail: [EMAIL PROTECTED] : > : Blog: http://blog.pengoworks.com/ : > :...: > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
CFMX looses CFM mime type at reboot
Sounds weird right? Windows 2K Server CFMX Ent IIS 5 Oracle 8i New install of CFMX. Runs great. MM went the extra mile helping us with some problems we were having with cfmail and the oracle driver. Happy Hapy Joy Joy. Today we started getting time outs back from the machine. Term Serv in and can brose localhost so we figure its something outside. Wait can't browse it by it's own IP. Ok strange. Reboot. On reboot we can now browse the home page by domain. However if you append index.cfm onto the domain it throws a 404. If you try to follow any links it throws a 404. Just for s&g I check the mime types and the IIS connector. Conector is listed as it should be, but there is no entry in mime types for CFM. Super strange. I run the remove connectors and the add connectors. All is well in the world. Anyone seen this before? Tim Heald MCP/CCFD Information Systems Specialist Overseas Security Advisory Council U.S. Department of State (202) 663-0130 ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: CFUN 2k3 Rollcall
hehe meee to Bald & Pierced Light :) Tim > -Original Message- > From: Critz [SMTP:[EMAIL PROTECTED] > Sent: Wednesday, June 18, 2003 3:00 PM > To: CF-Talk > Subject: Re: CFUN 2k3 Rollcall > > oi cfmail!! > > I'll be there. bald pierced. find me buy my drinks > > > Crit > > > > > > Wednesday, June 18, 2003, 2:38:40 PM, you wrote: > > c> Not that any of you know who I am, but I'll be there. > > c> Regards, > > c> Chuck > > c> -Original Message- > c> From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] > c> Sent: Wednesday, June 18, 2003 2:31 PM > c> To: CF-Talk > c> Subject: OT: CFUN 2k3 Rollcall > > > c> So is anyone from the list planning to attend CFUN? (Or will I be the > c> only one in the hotel bar?) > > c> Adam Wayne Lehman > c> Web Systems Developer > c> Johns Hopkins Bloomberg School of Public Health > c> Distance Education Division > > > > c> > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Definfing system environment variables
Use the command line path=%path%+c:\myNewPath\; Or whatever Tim > -Original Message- > From: Bushy [SMTP:[EMAIL PROTECTED] > Sent: Thursday, June 05, 2003 8:07 AM > To: CF-Talk > Subject: re: Definfing system environment variables > > Hi, > > I've developed a web interface that executes a .EXE file on the server. > This program being executed requires the system environment "LPDSERVER" to > be defined. > I can get my application to work if I go and define "LPDSERVER" as a > system environment variable and reboot the box. There are quite a few > other that need defining also. > > Is there a way in CF (or someother language) to define Windows 2000 > environment variables without having to do it via COntrol Panel? It would > be so much easier if they could > all be hammered into a database which would make easy updating/defining > etc. > > Please say it can be done? Maybe with a COM? > > Help... > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Encrypt/Decrypt
Use cfusion_encrypt() instead. Tim Heald MCP/CCFD Information Systems Specialist Overseas Security Advisory Council U.S. Department of State (202) 663-0130 > -Original Message- > From: Greg Luce [SMTP:[EMAIL PROTECTED] > Sent: Tuesday, May 27, 2003 4:23 PM > To: CF-Talk > Subject: Encrypt/Decrypt > > I encrypted a value to store in the db using the CF encrypt() function. > It worked a few times, but then it encrypted a value with a double quote > as one of the encrypted chars. Now when I try to decrypt() the value I > get an error that the value to be decrypted is not valid. > > > > I tried htmlcodeformat() because it escapes double quotes. But it still > errors: > > > > Ideas? > > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Block Competitors from Web site
VPN? Tim Heald MCP/CCFD Information Systems Specialist Overseas Security Advisory Council U.S. Department of State (202) 663-0130 > -Original Message- > From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED] > Sent: Tuesday, May 27, 2003 1:11 PM > To: CF-Talk > Subject: Block Competitors from Web site > > Hello, > > Any have any other creative ideas on how to block competitors from gaining > > access to a Web site. > > My idea, which isn't fool proof is to try and find out what their network > IP > address is and write code in your site wide header to redirect or block > traffic > from a IP sub set, as long you know they company owns the IP sub set. > > I know the user could just log in fromo their home connection to open a TS > > session outside of their company. I want to make sure they are blocked > from > the company. > > Any other ideas? > > > Thanks. > > D > > ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Host with the leader in ColdFusion hosting. Voted #1 ColdFusion host by CF Developers. Offering shared and dedicated hosting options. www.cfxhosting.com/default.cfm?redirect=10481 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4