RE: Billing System Query Help

2004-04-22 Thread Heald, Tim 
Do you have link (foreign key) columns?

 
With what you have here I am not sure how you would write a join.

 
Also what db?  It matters :)

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Jim McAtee [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 22, 2004 5:48 PM
To: CF-Talk
Subject: Billing System Query Help

The following is a simplification of an invoice/payment tracking database:

Invoices
-
InvoiceID INT
CustomerName  VARCHAR

InvoiceItems
-
InvoiceItemID INT
ItemAmount   CURRENCY

InvoicePayments
-
InvoicePaymentID  INT
PaymentAmountCURRENCY

I need a query to do the following: Find all invoices where the total
payments are not equal to the invoice total (line item total), and find
the difference, which is the amount due on the invoice (occasionally
overpayment).

Invoice #  Customer   Total  Paid   Due
-- -  - - -
1245   Bob Jones 450.25    300.00    150.25
1278   Norm Stanley 2295.00    100.00   1295.00 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Dumping Local Vars Scope

2004-04-21 Thread Heald, Tim 
Thought they were in 5 but hadn't been in 4.5 and previous.  My bad.  Hmm how would you do it then?

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 21, 2004 2:23 PM
To: CF-Talk
Subject: RE: Dumping Local Vars Scope

> Go download cf_dump from the macromedia exchange.

I don't think that'll let you dump all local variables within CF 5, since I
don't think they're not contained within a structure in CF 5.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Dumping Local Vars Scope

2004-04-21 Thread Heald, Tim 
Go download cf_dump from the macromedia exchange.

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Ray Champagne [mailto:[EMAIL PROTECTED]
Sent: Wednesday, April 21, 2004 2:03 PM
To: CF-Talk
Subject: Re: Dumping Local Vars Scope

I don't know how to answer your question, but it sounds like that they 
might have written it in FuseBox?  That would explain all the files being 
included

Ray
http://www.crystalvision.org

At 01:55 PM 4/21/2004, you wrote:
>Okay I'm brain cramping today so forgive the simple request -
>
>I'm working within a CF5 environment on an inherited application that has 
>approximate 30 different files being cfincluded (depending on what the end 
>user is doing) to create a single page (I don't know why the person wrote 
>it this way) and would like to output the variables. scope to figure 
>out what the H#LL this person was doing.  There's somewhere near 100 local 
>variables that are used throughout the creation of the page.  Obviously 
>[cfdump var=#variables#] doesn't work.  Anyone have tag or section of code 
>that does this?  I've checked out 'MegaDump' but it doesn't output the 
>variables. scope for CF5.
>
>
>Thanks in advance,
>
>
>Steven Semrau
>
> 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Writing formatted data to Excel

2004-04-19 Thread Heald, Tim 
There is a Jakarta project called POI that is making java objects that can create all different types of office documents.  Se it here: http://jakarta.apache.org/poi/index.html  

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Hagan, Ryan Mr (Contractor ACI) [mailto:[EMAIL PROTECTED]
Sent: Monday, April 19, 2004 1:52 PM
To: CF-Talk
Subject: Writing formatted data to Excel

Greetings,

I know that MS has kept .xsl files proprietary, but I was wondering if
anyone knew any tricks for spitting out some formatted data into Excel.
Basically, I really just want to set the format to a column as "currency".
I can dump a TAB delimited file from CFMX just fine into Excel, but that
extra little bit of formatting would be REALLY nice.  Anyone?  Thanks!

Ryan Hagan
ph: 540-731-3588 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Exchange/Outlook Tie-Ins

2004-04-16 Thread Heald, Tim 
Will try this now.

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Jeff Garza [mailto:[EMAIL PROTECTED]
Sent: Friday, April 16, 2004 12:31 PM
To: CF-Talk
Subject: Re: Exchange/Outlook Tie-Ins

Here is something you might want to try...  Create a blank Access database, choose file -> get external data -> link tables.  Then pick Exchange from the list of Datasource types.  Link to the GAL from access and set it up as a datasource or use CF to pump the data from there into a different DB...  You could also setup a scheduled DTS package (if you are using SQL Server) to pump it in nightly.

This might not be the most elegant solution, but without using LDAP (which Exchange and Active Directory both use) you are kinda hosed...

HTH,

Jeff Garza
  - Original Message - 
  From: Heald, Tim 
  To: CF-Talk 
  Sent: Friday, April 16, 2004 8:53 AM
  Subject: Exchange/Outlook Tie-Ins

  Does anyone have experience getting access to the GAL in exchange from cf?  We are not permitted to use LDAP here.  I think I have seen active x controls that would give this access, but I can't seem to find anything that does what I need.

  Basically my CF app is putting together task information.  Then the user needs to pick someone to email information from that task.  The user that gets emailed the task may not be an application user, but will be in our gal for sure.  I would like to either have some way of querying Exchange to get the different email addresses, or a way I can generate an email in the users local outlook, then they can look up the email in the gal themselves.

  Any ideas?

  -- 
  Timothy Heald
  Web Portfolio Manager
  Diplomatic Security
  U.S. Department of State
  571.345.2319

  The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Exchange/Outlook Tie-Ins

2004-04-16 Thread Heald, Tim 
Isn't COM mainly broken in MX?

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Friday, April 16, 2004 12:32 PM
To: CF-Talk
Subject: RE: Exchange/Outlook Tie-Ins

> Does anyone have experience getting access to the GAL in 
> exchange from cf?  We are not permitted to use LDAP here.  I 
> think I have seen active x controls that would give this 
> access, but I can't seem to find anything that does what I need.
> 
> Basically my CF app is putting together task information.  
> Then the user needs to pick someone to email information from 
> that task.  The user that gets emailed the task may not be an 
> application user, but will be in our gal for sure.  I would 
> like to either have some way of querying Exchange to get the 
> different email addresses, or a way I can generate an email 
> in the users local outlook, then they can look up the email 
> in the gal themselves.

I think you're looking for the CDO API (and maybe some parts of ADSI also):

http://support.microsoft.com/default.aspx?scid=kb;EN-US;225500
http://support.microsoft.com/?kbid=241474

Both CDO and ADSI are COM APIs.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Exchange/Outlook Tie-Ins

2004-04-16 Thread Heald, Tim 
Has anyone used CDO from CFMX?

-- 
Timothy Heald 
Web Portfolio Manager 
Diplomatic Security 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Heald, Tim 
Sent: Friday, April 16, 2004 12:01 PM
To: CF-Talk
Subject: Exchange/Outlook Tie-Ins

Does anyone have experience getting access to the GAL in exchange from cf?  We are not permitted to use LDAP here.  I think I have seen active x controls that would give this access, but I can't seem to find anything that does what I need.

Basically my CF app is putting together task information.  Then the user needs to pick someone to email information from that task.  The user that gets emailed the task may not be an application user, but will be in our gal for sure.  I would like to either have some way of querying Exchange to get the different email addresses, or a way I can generate an email in the users local outlook, then they can look up the email in the gal themselves.

Any ideas?

-- 
Timothy Heald
Web Portfolio Manager
Diplomatic Security
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958. 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Exchange/Outlook Tie-Ins

2004-04-16 Thread Heald, Tim 
Does anyone have experience getting access to the GAL in exchange from cf?  We are not permitted to use LDAP here.  I think I have seen active x controls that would give this access, but I can't seem to find anything that does what I need.

Basically my CF app is putting together task information.  Then the user needs to pick someone to email information from that task.  The user that gets emailed the task may not be an application user, but will be in our gal for sure.  I would like to either have some way of querying Exchange to get the different email addresses, or a way I can generate an email in the users local outlook, then they can look up the email in the gal themselves.

Any ideas?

-- 
Timothy Heald
Web Portfolio Manager
Diplomatic Security
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S. Department of State or any affiliated organization(s).  Nor have these opinions been approved or sanctioned by these organizations. This e-mail is unclassified based on the definitions in E.O. 12958.
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: why are procedures better? (was: RE: Securing CF Apps.)

2004-03-24 Thread Heald, Tim 
Ok,

 
Access to the db security model through the use of oracle users and roles.
You cannot do this with a cfquery.  

 
Try working with a pl/sql array in a query block. or a clob.  Or any kind of
advanced PL/SQL.  What kind of work can you do with the OID?  None.

 
These are oracle specific examples.  But that's the environment in which I
work.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 9:58 AM
To: CF-Talk
Subject: Re: why are procedures better? (was: RE: Securing CF Apps.)

> Yes, we are having a generic technical debate, and what I am saying is 
> that
>  when the team setup or hierarchical setup is not ideal, separating 
> work out
>  makes the project move along faster. Stored procs come into play here 
> in
>  that someone can tackle this aspect while other things are being 
> taken care
>  of That's pretty generic... Just another situation in which 
> stored procs
>  are better.
>
Maybe I wasn't clear in my reply to that statement. There is nothing 
inherent about stored procedures which makes them better for separating 
out work. It is in fact the same amount of work to separate queries as 
it is stored procedures.

So far in this thread, the only benefit mentioned so far for stored 
procedures is transaction handling.

-Matt 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: why are procedures better? (was: RE: Securing CF Apps.)

2004-03-24 Thread Heald, Tim 
Additionally, if your on a team with a good PL/SQL developer they are going
to write packages and procedures for you to call.  They can then do cross
tabs, array loops and all sorts of other things that you can't do in a
regular query block, such as work with the oracle session, db user accounts,
security according to db roles - which doesn't work with a query block.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 9:37 AM
To: CF-Talk
Subject: RE: why are procedures better? (was: RE: Securing CF Apps.)

> I certainly understand your position. But what does that have 
> to do with comparing stored procedures to queries? It may 
> matter in your particular situation, but we are supposed to 
> be having a generic technical debate.

Yes, we are having a generic technical debate, and what I am saying is that
when the team setup or hierarchical setup is not ideal, separating work out
makes the project move along faster. Stored procs come into play here in
that someone can tackle this aspect while other things are being taken care
of That's pretty generic... Just another situation in which stored procs
are better.

Mike 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-24 Thread Heald, Tim 
This is one more thing.  There is of course a firewall (three or four
actually before you get to the db) and there is and IDS, and there is virus
protection software, and the OS is locked down and so on and so on.

 
We were not advocating doing away with basic security practices, just saying
take them to the next level.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 24, 2004 9:36 AM
To: CF-Talk
Subject: Re: Securing CF Apps.

> yes matt. it is true that there is a dba login to every database. of 
> course no one using the application has the role of dba. so what is 
> your point?
>
The point is the login is there and can be exploited. No matter how 
much you lock down the schema, there is always one user account which 
has full access. Therefore, I believe you are wasting your time trying 
to lock down the schema in the case of a web application. It would be 
much better to implement a stateful firewall in front of your database, 
so it could be fully protected.

-Matt 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
>Again, that provides insight into your encryption algorithm

 
Again, I am using an open algorithm.  You can break it.  It's a speed bump.

 
>Your techniques do not give people less to go on. You just give them a
different set of things to go on.

It also makes it more difficult to get something to go on, and makes it take
more time.  Hopefully enough that they will go after a softer target.

 
>No, they have your whole application and anything else that may be useful.
Just being able to change the code in your application without anyone
knowing would allow me to many bad things.

I do grant that I was a bit extreme in saying you have nothing.  What I
meant was simply accessing my source code isn't in and of it self that big
of a deal.  Obviously if you get execute permissions on one of my servers
it's a huge deal.

 
>How is that different than any other setup?

Because the user name and password are not stored in anyway on the web
server.  Ok, I grant you IP addresses can be spoofed, as can mac addresses,
so how do you rectify this issue?

 
>Again, another user could access the schema.

 
Yes and if you can guess my sysdba account I am screwed.  However I will be
alerted by my server long before any brute force hack would work.  Is it
perfect?  No, but remember security is about risk mitigation.  Nothing can
be 100% secure.

 
>I just hope you aren't protecting something I depend on.

Don't worry Matt, they wouldn't even let you inside some of the buildings I
work in.

 
Again, I say, I am not saying that this is the only control you should be
using.  Obviously you should have many different approaches to security in
place.  From network specific controls, access controls, physical controls,
ids systems.  I mean around here the list goes on and on.  Auditing, user
interviews, it's a lot to take in in one email thread.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:06 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

> If my user.login is encrypted one time as kjdfljsldfl  and the user 
> comes
>  back and types in kjdfljsldfl they don't get taken to that circuit, 
> because
>  it's different this time.
>
Again, that provides insight into your encryption algorithm.

>  I think that with all the benefits of procedures, if you have them
>  available, you're a fool not to use them, and not just because of the
>  enhanced security.  Obviously proper error handling is important AS 
> WELL.
>  This is not an either/or argument, rather a complimentary one.
>
Since I don't use stored procedures I most be a fool. Although, I 
haven't seen how you have proven that statement to be true.

>  So by understanding the structure of an application, you can then 
> begin to
>  analyze it's weaknesses.  In the environment in which I work we want 
> to give
>  them as little as possible to go on.
>
Your techniques do not give people less to go on. You just give them a 
different set of things to go on.

>  Is that so??  I disagree.  If someone gains access to my web server 
> they
>  have nothing.  
No, they have your whole application and anything else that may be 
useful. Just being able to change the code in your application without 
anyone knowing would allow me to many bad things.

> Now my db which is on the other side of a firewall, and only
>  accepts connections from specific ips, if they got in that it could 
> become
>  problematic.
Whoops, IPs can be spoofed.

>   Why?  Because there are no user names or passwords stored on
>  my web server.  There is no way to open a direct connection into my db
>  without having a user account on the db.
How is that different than any other setup?

>   Your rights and roles are also
>  stored in that db, not in the application, and so you would not 
> really get
>  anything other than images and source code.
There are always other user accounts that can access anything.

>   You don't even get the code of
>  the procedure calls, and so you are still blind to the schema of my 
> db.
>
Again, another user could access the schema.

> But moving towards my CISSP and GSEC, having been a cyber threat 
> analyst for
>  the last two years, and soon to be managing a federal CERT, I can 
> tell you
>  this, there is always going to be some new exploit. It's going to be
>  something you didn't think of.  But that zero day exploit isn't going 
> to be
>  the one that does all the crazy damage.  It's going to be some known
>  vulnerability that you could have prevented from putting your system 
> at
>  risk. (slammer, blaster etc.)  By duplication o

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
Why do I need someone to agree with me?  I have my own mind.  I can asses
the objective reality of whether I feel something is useful to me.  You
should check out some Ayn Rand some time.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kwang Suh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:28 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

This is precisely why my security co-worker was so adament against
obfuscation: absolutely no one can agree on its usage and usefulness.

- Original Message -
From: Jochem van Dieten <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 2:53 pm
Subject: Re: Securing CF Apps.

> Dave Watts wrote:
> >> I used to work with a security/cryptology expert. His #1 rule:
> >> 
> >> "Never, ever use obfuscation".
> > 
> > 
> > While I wouldn't categorize myself as a security expert, much 
> less a
> > cryptologist, I would disagree with this. At the very least, I'd 
> amend it to
> > "Never, ever use obfuscation as your sole method of security."
> 
> I would amend it differently:
> "Never, ever use obfuscation if it adds complexity for yourself."
> 
> 
> > There is nothing wrong with "security through obscurity", as 
> long as you
> > don't rely on it as your only protection. I would draw an 
> analogy between
> > computer security and getting shot at. When you're being shot 
> at, there are
> > two sorts of protection you might resort to. You might take 
> cover by getting
> > behind a solid object that can block fire. You might conceal 
> yourself behind
> > something that would obscure you as a target. When you're 
> getting shot at,
> > cover and concealment are both useful; concealment won't stop a 
> bullet, but
> > it'll lessen the likelihood of people shooting in your 
> direction. Ideally,
> > you want both cover and concealment, of course, if for no other 
> reason than
> > to avoid the stress of being shot at.
> 
> Unless you have cover by an object that will stop the small arms 
> fire from the other side, but at the same time so well concealed 
> your side doesn't see you and you die from 'friendly' fire when 
> your side bombs the opponent.
> 
> Obfuscation can hurt the obfuscator, just like a firewall can 
> introduce a risk to an otherwise well protected computer.
> 
> Jochem
> 
> -- 
> I don't get it
> immigrants don't work
> and steal our jobs
> - Loesje
> 
> 
> 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

why are procedures better? (was: RE: Securing CF Apps.)

2004-03-23 Thread Heald, Tim 
1. They execute faster.  The db (I only know from Oracle and SQL Server, if
others are different it doesn't really concern me) can optimize the
execution plan.

 
2. You can often times do more. There are things I can do in a pl/sql
package/procedure that I cannot do in a query call

 
3. You can limit access with them.  Now granted you can set it up so you are
only selecting from a view in your query block as well, but it makes more
sense to me to do it in a procedure.

 
4. An additional layer of security.  You can ensure that you user not only
cannot execute the procedure, but they can't even tell it exists.

 
I am sure there are more reasons, but I think those are sufficient to use
procedures.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:06 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

> If my user.login is encrypted one time as kjdfljsldfl  and the user 
> comes
>  back and types in kjdfljsldfl they don't get taken to that circuit, 
> because
>  it's different this time.
>
Again, that provides insight into your encryption algorithm.

>  I think that with all the benefits of procedures, if you have them
>  available, you're a fool not to use them, and not just because of the
>  enhanced security.  Obviously proper error handling is important AS 
> WELL.
>  This is not an either/or argument, rather a complimentary one.
>
Since I don't use stored procedures I most be a fool. Although, I 
haven't seen how you have proven that statement to be true.

>  So by understanding the structure of an application, you can then 
> begin to
>  analyze it's weaknesses.  In the environment in which I work we want 
> to give
>  them as little as possible to go on.
>
Your techniques do not give people less to go on. You just give them a 
different set of things to go on.

>  Is that so??  I disagree.  If someone gains access to my web server 
> they
>  have nothing.  
No, they have your whole application and anything else that may be 
useful. Just being able to change the code in your application without 
anyone knowing would allow me to many bad things.

> Now my db which is on the other side of a firewall, and only
>  accepts connections from specific ips, if they got in that it could 
> become
>  problematic.
Whoops, IPs can be spoofed.

>   Why?  Because there are no user names or passwords stored on
>  my web server.  There is no way to open a direct connection into my db
>  without having a user account on the db.
How is that different than any other setup?

>   Your rights and roles are also
>  stored in that db, not in the application, and so you would not 
> really get
>  anything other than images and source code.
There are always other user accounts that can access anything.

>   You don't even get the code of
>  the procedure calls, and so you are still blind to the schema of my 
> db.
>
Again, another user could access the schema.

> But moving towards my CISSP and GSEC, having been a cyber threat 
> analyst for
>  the last two years, and soon to be managing a federal CERT, I can 
> tell you
>  this, there is always going to be some new exploit. It's going to be
>  something you didn't think of.  But that zero day exploit isn't going 
> to be
>  the one that does all the crazy damage.  It's going to be some known
>  vulnerability that you could have prevented from putting your system 
> at
>  risk. (slammer, blaster etc.)  By duplication of your efforts, by
>  overlapping your protection you're trying to create a shell around 
> your
>  application and it's data.  Obscurity is just one more tool you can 
> use to
>  do that.
>
I just hope you aren't protecting something I depend on.

-Matt 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
I have said time and again that I follow a layered approach to security.
Would security through obscurity work in and of itself?  No, it wouldn't.
However combined with many of the other best practices we have discussed
here today it can make for a reasonably well protected application.

 
So Matt you tell me how would you have me do it different?  You have sat
here and argued all day with out offering a single tangible alternative.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:16 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

>  The open source community likes to make the point that security 
> through
>  obscurity doesn't work.  Just because someone says it doesn't make it 
> true.
>  the methods I use to secure my site are open.  hell you can go 
> download the
>  udf I use to do url encryption right now to see how I do it.  You can 
> even
>  crack it if you take the time.  It's a seed bump.  Just like you have 
> to
>  decide how much time and money your going to put into securing your
>  application or site, so does the intruder have to decide to go after 
> you or
>  another weaker site.
>
What a terrible statement to make. If you are going to suggest security 
through obscurity works; prove it.

>  Also not all encryption standards are widely available.  As a matter 
> of fact
>  in some instances it is illegal to let people know the detail of high 
> level
>  encryption algorithms.
>
Yeah, laws really stopped the exportation of encryption algorithms. :)

-Matt 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
It was already proven by someone else in another post.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 6:18 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

> What is funny to me is that the number of Linux vulnerabilities far
>  surpasses the number of M$ ones.  Look into it.  It's just that M$ 
> products
>  are more commonly used, and therefore more commonly attacked.
>
Your statement is false, but since you made it, I'll let you prove it.

-Matt 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
Listen, channeling a user so that they have to follow a certain process
doesn't add hassles.  If anything it stops them from leaving your app in the
middle of a necessary step in a process, or makes it easier for them to
navigate from point a to point b.

 
I have seen so many complaints on here that revolved around book marks and
back buttons fouling up business logic that it's not even funny.

 
And yet again I say it, if you don't like it don't do it.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 5:58 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

Where do people get the idea that adding hassles to the user makes 
anything more secure. It's like our nations airport security. Making me 
jump through hoops and delaying me doesn't make things more secure; it 
pisses me off. It is possibly to have strong security and provide an 
application that meets the users' needs. Taking away bookmarks, back 
buttons, etc. doesn't do that.

-Matt

On Mar 23, 2004, at 2:23 PM, Heald, Tim wrote:

> Here's my take on it.  You layer security on like an onion.  In many 
> cases
>  you protect against the same kinds of attacks many times.  I don't 
> want a
>  user to get to a specific area of my site unless they are logged 
> in.  Ok so
>  I check a session or client variable that I set upon login.  Well I 
> have a
>  user that has logged in and gotten to my page.  Now they book marked 
> the
>  page.  Well written correctly since their session doesn't exist I 
> send them
>  to the login page.  However I personally would like to take it a step
>  further.  I don't want people to be able to bookmark pages in my app 
> at all.
>  Also I don't want them to be able to figure out the structure of my
>  application because I used plain text, easy to understand names for 
> the
>  different sections of the app (in this case circuits).  So I encrypt 
> my url
>  variables.  Why?  They don't get any information about the structure 
> of my
>  app, or about the information I am passing between pages.  When they 
> book
>  mark the site the fuseaction is gobly gook.  Means nothing and kicks 
> them to
>  my home page or login or whatever.  Ok, what else is involved here?
>  Validation.  Both client and server side.  You use client side 
> knowing that
>  it is easily defeated by turning off _javascript_s, but you use it to 
> keep
>  from hitting the server.  Then you do it again on the client side to 
> make
>  sure that nothing got by.  In 90% of the cases they user will have
>  _javascript_ enabled and it will have saved some of your server 
> resources.
>  Now you have communications between the db and cf.  What can you 
> do?  Well
>  for one you use an actual db user account to validate 
> people.  Why?  Because
>  then you can limit what actions the user can take, not only through 
> the
>  application, but through the db as well.  Also your not storing a 
> username
>  and password anywhere.  Someone said earlier that means they can open 
> up SQL
>  + or enterprise manager and login to the db, well this is true, but 
> they are
>  only able to see and do the same exact things that they would be able 
> to do
>  through your application, if the DB is locked down correctly.  In 
> oracle at
>  least you have to be granted rights to even know if a table 
> exists.  I can
>  have a user table, but if you don't have select or whatever other
>  privileges, you get a table not found error.
>
>
>  In the past we have made many mistakes in security.  I am sure that 
> we still
>  make many as a community.  New exploits are announced daily.  Most of 
> the
>  things that we are trying to protect against aren't even used anymore
>  because in general developers learned form their mistakes.  Does this 
> mean
>  we should stop doing them?
>
>  --
>  Timothy Heald
>  Web Portfolio Manager
>  Overseas Security Advisory Council
>  U.S. Department of State
>  571.345.2319
>
>  The opinions expressed here do not necessarily reflect those of the 
> U.S.
>  Department of State or any affiliated organization(s).  Nor have these
>  opinions been approved or sanctioned by these organizations. This 
> e-mail is
>  unclassified based on the definitions in E.O. 12958.
>
>  -Origin

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
I think something used to either sell products on the web, or provide
information on the web is a site.  Now the site might be controlled by a
back end content management system, or some sort of inventory application,
but the rest of it is a web site.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kwang Suh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 5:30 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

Sure, why don't you tell me what makes Amazon a site, and not an
application.

*yawn*

- Original Message -
From: Adrocknaphobia <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 2:37 pm
Subject: Re:  Securing CF Apps.

> Like you said Tim, some people have a hard time distinguishing 
> between an application and a site.
> 
> -adam
> 
> > -Original Message-
> > From: Kwang Suh [EMAIL PROTECTED]
> > Sent: Tuesday, March 23, 2004 09:16 PM
> > To: 'CF-Talk'
> > Subject: RE: Securing CF Apps.
> > 
> > > There are different controls that you would use for different 
> > > purposes.Obviously an ecommerce SITE (which is what Amazon is) 
> > > needs users to be able
> > > to return to a specific product.
> > 
> > Pure semantics.  I'm sure those guys at Amazon would beg to 
> differ with you.
> > 
> > > Web services security is very different from either public 
> site or
> > > application security.  You're comparing apples and oranges.
> > 
> > Hardly.  Web services are an internet-based resource that may or 
> may not be protected.
> > 
> > 
> > 
> 
> 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
M$ operating systems.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:38 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

Heald, Tim wrote:

> What is funny to me is that the number of Linux vulnerabilities far
> surpasses the number of M$ ones.  Look into it.  It's just that M$
products
> are more commonly used, and therefore more commonly attacked.

Linux = kernel, MS = corporation

I find it hard to compare them. What exactly do you mean?

Jochem

-- 
I don't get it
immigrants don't work
and steal our jobs
 - Loesje 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
Precisely my point.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:36 PM
To: CF-Talk
Subject: RE: RE: RE: Securing CF Apps.

> I used to work with a security/cryptology expert. His #1 rule:
> 
> "Never, ever use obfuscation".

While I wouldn't categorize myself as a security expert, much less a
cryptologist, I would disagree with this. At the very least, I'd amend it to
"Never, ever use obfuscation as your sole method of security."

There is nothing wrong with "security through obscurity", as long as you
don't rely on it as your only protection. I would draw an analogy between
computer security and getting shot at. When you're being shot at, there are
two sorts of protection you might resort to. You might take cover by getting
behind a solid object that can block fire. You might conceal yourself behind
something that would obscure you as a target. When you're getting shot at,
cover and concealment are both useful; concealment won't stop a bullet, but
it'll lessen the likelihood of people shooting in your direction. Ideally,
you want both cover and concealment, of course, if for no other reason than
to avoid the stress of being shot at.

Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
I am just glad then that for internal apps we are standardized on IE 5.5

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Jochem van Dieten [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:34 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

Heald, Tim wrote:

> I don't like giving the user browser controls even.  Which is why I tend
to
> pop my apps in a new window with no controls (back forward and so on).

You must not like the following enhancement to Mozilla 1.7:
   "A new option to prevent sites using _javascript_ to block the
    browser's context menu."

> Someone earlier said it was useless to limit sql execution in the
> administrator. Well what if your dba or dbd forgot to only give specific
> grants?

Then it is still useless because it is broken.

Jochem

-- 
I don't get it
immigrants don't work
and steal our jobs
 - Loesje 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
It's just one more control.  Alone I would agree with you, it's not enough.
You should be checking access.  In the user admin case I think it makes
sense to check and see if you are supposed to have access to that specific
user id information or not.

 
Listen this is getting silly.  Don't like it, don't do it.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Barney Boisvert [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 4:04 PM
To: CF-Talk
Subject: RE: Securing CF Apps.

What!?!?!?

I sure hope the application security would say "hey, you don't have
permission to look at that userID's info, so here's a nice fat error
message", long before it every got to querying the database.

That's the whole point of a security system: to control access to resources.
If you merely make it hard to request the resource, but don't actually
control access, you don't have a security system, you've just got a mess.

Cheers,
barneyb

> -Original Message-
> From: Bryan Stevenson [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, March 23, 2004 12:54 PM
> To: CF-Talk
> Subject: Re: Securing CF Apps.
> 
> and it's not that littletake this example
> 
> a page displays user specific medical record data and take 
> URL param containing user_ID
> 
> don't encrypt user_ID in URL
>   -any shmuck can alter the value of user_ID to see anyone's data
> 
> do encrypt user_ID in URL
>   -same shmuck would not be able to make such a chnage as the 
> user_ID would not decrypt properly and the query would fail
> 
> I'd say encrypting vars in the URL is pretty dang important ;-)
> 
> That said it's also a good idea to make sure the record being 
> displayed belongs to the logged in user ;-)
> 
> Cheers
> 
> Bryan Stevenson B.Comm.
> VP & Director of E-Commerce Development
> Electric Edge Systems Group Inc.
> t. 250.920.8830
> e. [EMAIL PROTECTED]
> 
> -
> Macromedia Associate Partner
> www.macromedia.com
> -
> Vancouver Island ColdFusion Users Group
> Founder & Director
> www.cfug-vancouverisland.com
>   - Original Message - 
>   From: Adrocknaphobia 
>   To: CF-Talk 
>   Sent: Tuesday, March 23, 2004 12:47 PM
>   Subject: Re: Securing CF Apps.
> 
> 
>   Little is better than none.
> 
>   -adam
> 
>   > -Original Message-
>   > From: Kwang Suh [mailto:[EMAIL PROTECTED]
>   > Sent: Tuesday, March 23, 2004 08:42 PM
>   > To: 'CF-Talk'
>   > Subject: RE: Securing CF Apps.
>   > 
>   > Munging URLs provides a little, if any, benefit for web apps.
>   > 
>   > - Original Message -
>   > From: "Heald, Tim" <[EMAIL PROTECTED]>
>   > Date: Tuesday, March 23, 2004 1:34 pm
>   > Subject: RE: Securing CF Apps.
>   > 
>   > > Good post man, and your right, for the most part the 
> applications 
>   > > I am
>   > > talking about are not available over the internet, or 
> only through 
>   > > VPN or
>   > > other methods.
>   > > 
>   > > Like I said earlier, for public sites you are going to use very 
>   > > differentresources than you will use on a closed/classified 
>   > > application. 
>   > > However the topic was securing CF apps.  Not sites :)  
> it can be 
>   > > difficultfor some to differentiate between an 
> application and a site.
>   > > 
>   > > -- 
>   > > Timothy Heald 
>   > > Web Portfolio Manager 
>   > > Overseas Security Advisory Council 
>   > > U.S. Department of State 
>   > > 571.345.2319 
>   > > 
>   > > The opinions expressed here do not necessarily reflect those of 
>   > > the U.S.
>   > > Department of State or any affiliated organization(s).  
> Nor have these
>   > > opinions been approved or sanctioned by these 
> organizations. This 
>   > > e-mail is
>   > > unclassified based on the definitions in E.O. 12958.
>   > > 
>   > > -Original Message-
>   > > From: Ian Skinner [EMAIL PROTECTED]
>   > > Sent: Tuesday, March 23, 2004 3:19 PM
>   > > To: CF-Talk
>   >

RE: RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
What is funny to me is that the number of Linux vulnerabilities far
surpasses the number of M$ ones.  Look into it.  It's just that M$ products
are more commonly used, and therefore more commonly attacked.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Tom Kitta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:59 PM
To: CF-Talk
Subject: RE: RE: RE: Securing CF Apps.

MS code leak illustrates my point very well. MS OS is not more secure than
say Linux because it source code is not available to the public. Hmm, I
think Linux vis MS security was already mentioned on this list in the past
few months.

TK
  -Original Message-
  From: Adrocknaphobia [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, March 23, 2004 3:47 PM
  To: CF-Talk
  Subject: Re: RE: RE: Securing CF Apps.

  If thats the case, then whats the big deal with the MS code leak?

  -adam

  > -Original Message-
  > From: Tom Kitta [mailto:[EMAIL PROTECTED]
  > Sent: Tuesday, March 23, 2004 08:08 PM
  > To: 'CF-Talk'
  > Subject: RE: RE: RE: Securing CF Apps.
  >
  > I agree with Kwang Suh, security through obscurity is no security at
all.
  > This is quite well known throughout security community and all
encryption
  > standards available to the wide public adhere to it.
  >
  > TK
  >   -Original Message-
  >   From: Kwang Suh [mailto:[EMAIL PROTECTED]
  >   Sent: Tuesday, March 23, 2004 2:56 PM
  >   To: CF-Talk
  >   Subject: Re: RE: RE: Securing CF Apps.
  >
  >
  >   > If my user.login is encrypted one time as kjdfljsldfl  and the
  >   > user comes
  >   > back and types in kjdfljsldfl they don't get taken to that
  >   > circuit, because
  >   > it's different this time.
  >
  >   This would not be acceptable in many situations, because it prevents
  > bookmarking and renders search engines useless.
  >
  >
  >   > >> 3. The objection to using cfquery is multifaceted.  There is
  >   > the
  >   > >> risk of SQL
  >   > >> injection if your not doing the correct validation.  If your
  >   > >> errors are not
  >   > >> being handled correctly you can give away table and column
  >   > names
  >   > >> in the
  >   > >> error message.
  >   >
  >   > >So don't you think it's more important to handle errors properly
  >   > than say
  >   > "don't ever use "?
  >   >
  >   > I think that with all the benefits of procedures, if you have them
  >   > available, you're a fool not to use them, and not just because of
the
  >   > enhanced security.  Obviously proper error handling is important
  >   > AS WELL.
  >   > This is not an either/or argument, rather a complimentary one.
  >
  >   What's wrong with:
  >
  >   
  >   exec my_stored_proc
  >   
  >
  >   ?
  >
  >   > >> 2. By using plain text variable names your going to give the
  >   > potential>> intruder a decent insight into your application
  >   > design, and this
  >   > >> will give
  >   > >> them the ability to make educated guesses as to your other
  >   > circuit
  >   > >> names.
  >   >
  >   > >So?
  >   >
  >   > So by understanding the structure of an application, you can then
  >   > begin to
  >   > analyze it's weaknesses.  In the environment in which I work we
  >   > want to give
  >   > them as little as possible to go on.
  >   >
  >   > >You've got bigger problems should someone gain access to your
  >   > file system.
  >   >
  >   > Is that so??  I disagree.  If someone gains access to my web
  >   > server they
  >   > have nothing.  Now my db which is on the other side of a firewall,
  >   > and only
  >   > accepts connections from specific ips, if they got in that it
  >   > could become
  >   > problematic.  Why?  Because there are no user names or passwords
  >   > stored on
  >   > my web server.  There is no way to open a direct connection into
  >   > my db
  >   > without having a user account on the db.  Your rights and roles
  >   > are also
  >   > stored in that db, not in the application, and so you would not
  >   > really get
  >   > anything other than images and source code.  You don't even get
  >   > the code of
  >   > the procedure calls, and so you are still blind to the schema of
  >   > my db.
  >
  >   If I have complete access to your file system, this means that I can,
say,
  > create a file that monitors tcp/ip traffic between your web server and
db
  > server and sends the packets over to me where I can then scan for your
  > password.  Or I could simply delete everything on the web server.
  >
  >   >
  >   > Kwang, again, this is a layered approach to security.  No one
  >   > thing is going
  >   > to protect you from everything.  

RE: RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
I don't like giving the user browser controls even.  Which is why I tend to
pop my apps in a new window with no controls (back forward and so on).  Why?
I have business rules that I want them to have to follow.  I want them to
follow a specific process for accessing and entering information.

 
Also as the proponent of team based development you should know that not
everyone meets the same standards.  I know that if I require my developers
to encrypt urls that even if they forget something else, like checking a
role, it will get caught, because the user cannot randomly access different
parts of the application.

 
Someone earlier said it was useless to limit sql execution in the
administrator. Well what if your dba or dbd forgot to only give specific
grants?  I know were talking about duplication of efforts to a certain
extent, however I think that you end up making your application more secure.
Like I said I only want to give the user the choices I provide them with, no
more, no less.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Steve Nelson [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:58 PM
To: CF-Talk
Subject: RE: RE: RE: Securing CF Apps.

In what way does a bookmark make an application less secure? Wouldn't you
consider it a good idea to bookmark an application if it means the user uses
the application more? If a bookmark allows a person to access a secure
section, it should ask them for their credentials, if valid, it should let
them access it. If the bookmark allows them to bypass the security, then the
application isn't secure.

Steve Nelson
  -Original Message-
  From: Adrocknaphobia [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, March 23, 2004 3:43 PM
  To: CF-Talk
  Subject: Re: RE: RE: Securing CF Apps.

  You do realize we are talking about applications and not websites. There
is a big difference, and I've never once found it a good idea for a user to
bookmark a part of application.

  -adam 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
There are different controls that you would use for different purposes.
Obviously an ecommerce SITE (which is what Amazon is) needs users to be able
to return to a specific product.

 
Web services security is very different from either public site or
application security.  You're comparing apples and oranges.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kwang Suh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:54 PM
To: CF-Talk
Subject: Re: RE: RE: Securing CF Apps.

I'd say something like Amazon.com is an application, and boy, would I ever
hate it if I couldn't bookmark a link to a book.  Or their wish lists.
That's not a site.

Some parts of an "application" can be public facing, you know.

How about Web Services?  Are those an application?  Well, I can sure tell
you they're not a site.  Should I be obfuscating those links too?  That sure
would suck.

- Original Message -
From: Adrocknaphobia <[EMAIL PROTECTED]>
Date: Tuesday, March 23, 2004 1:43 pm
Subject: Re:  RE: RE: Securing CF Apps.

> You do realize we are talking about applications and not websites. 
> There is a big difference, and I've never once found it a good 
> idea for a user to bookmark a part of application.
> 
> -adam
> 
> 
> > -Original Message-
> > From: Kwang Suh [EMAIL PROTECTED]
> > Sent: Tuesday, March 23, 2004 07:55 PM
> > To: 'CF-Talk'
> > Subject: Re: RE: RE: Securing CF Apps.
> > 
> > > If my user.login is encrypted one time as kjdfljsldfl  and the 
> > > user comes
> > > back and types in kjdfljsldfl they don't get taken to that 
> > > circuit, because
> > > it's different this time.
> > 
> > This would not be acceptable in many situations, because it 
> prevents bookmarking and renders search engines useless.
> > 
> > > >> 3. The objection to using cfquery is multifaceted.  There 
> is 
> > > the 
> > > >> risk of SQL
> > > >> injection if your not doing the correct validation.  If 
> your 
> > > >> errors are not
> > > >> being handled correctly you can give away table and column 
> > > names 
> > > >> in the
> > > >> error message.
> > > 
> > > >So don't you think it's more important to handle errors 
> properly 
> > > than say
> > > "don't ever use "?
> > > 
> > > I think that with all the benefits of procedures, if you have them
> > > available, you're a fool not to use them, and not just because 
> of the
> > > enhanced security.  Obviously proper error handling is 
> important 
> > > AS WELL.
> > > This is not an either/or argument, rather a complimentary one.
> > 
> > What's wrong with:
> > 
> > 
> > exec my_stored_proc
> > 
> > 
> > ?
> > 
> > 
> > > >> 2. By using plain text variable names your going to give 
> the 
> > > potential>> intruder a decent insight into your application 
> > > design, and this 
> > > >> will give
> > > >> them the ability to make educated guesses as to your other 
> > > circuit 
> > > >> names. 
> > > 
> > > >So?
> > > 
> > > So by understanding the structure of an application, you can 
> then 
> > > begin to
> > > analyze it's weaknesses.  In the environment in which I work 
> we 
> > > want to give
> > > them as little as possible to go on.
> > > 
> > > >You've got bigger problems should someone gain access to your 
> > > file system.
> > > 
> > > Is that so??  I disagree.  If someone gains access to my web 
> > > server they
> > > have nothing.  Now my db which is on the other side of a 
> firewall, 
> > > and only
> > > accepts connections from specific ips, if they got in that it 
> > > could become
> > > problematic.  Why?  Because there are no user names or 
> passwords 
> > > stored on
> > > my web server.  There is no way to open a direct connection 
> into 
> > > my db
> > > without having a user account on the db.  Your rights and 
> roles 
> > > are also
> > > stored in that db, not in the application, and so you would 
> not 
> > > really get
> > > anything other than images and source code.  You don't even 
> get 
> > > the code of
> > > the procedure calls, and so you are still blind to the schema 
> of 
> > > my db.
> > 
> > If I have complete access to your file system, this means that I 
> can, say, create a file that monitors tcp/ip traffic between your 
> web server and db server and sends the packets over to me where I 
> can then scan for your password.  Or I could simply delete 
> everything on the web server.
> > 
> > > 
> > > Kwang, again, this is a layered approach to security.  No one 
> > > thing is going
> > > to protect you from everything.  You just continue to lock 
> down 
> > > things in
> > > order to mitigate risk.  You can never be without risk, and

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
Good post man, and your right, for the most part the applications I am
talking about are not available over the internet, or only through VPN or
other methods.

 
Like I said earlier, for public sites you are going to use very different
resources than you will use on a closed/classified application.

 
However the topic was securing CF apps.  Not sites :)  it can be difficult
for some to differentiate between an application and a site.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:19 PM
To: CF-Talk
Subject: RE: Securing CF Apps.

I see this as a sliding scale, security vs user experience.

There's the general public website where the the owners want as much
exposure as possible.  For this type of application you may not want
security to the nth degree.  As was just posted, allowing the user to
bookmark pages and/or directly type url's is desirable for the purpose of
that application.

On the other hand, there are applications where this is undesirable.  I
suspect that applications Tim is writing are even available to the general
public at all, and if you are even seeing the page in a browser if you are
not supposed to be, you have hacked through several layers of security
already.

We write applications somewhat in the middle.  There are parts of our data
that we DO NOT WANT to exposed to any more risk then we can, very sensitive
HIPPA data.  We are taking at least a year to thoroughly test our first
application that will allow a very limited access to users to their personal
data directly through the internet.

So it all comes down to the analysis that has been mentioned.  You need to
decided on the purpose of the application, what are it's security needs and
build to that level.

My .02, keep the change.
--
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA

"C code. C code run. Run code run. Please!"
 - Cynthia Dunning 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
Obscuring an encryption method is different form hiding the architecture or
structure of your application.

 
The open source community likes to make the point that security through
obscurity doesn't work.  Just because someone says it doesn't make it true.
the methods I use to secure my site are open.  hell you can go download the
udf I use to do url encryption right now to see how I do it.  You can even
crack it if you take the time.  It's a seed bump.  Just like you have to
decide how much time and money your going to put into securing your
application or site, so does the intruder have to decide to go after you or
another weaker site.

 
Also not all encryption standards are widely available.  As a matter of fact
in some instances it is illegal to let people know the detail of high level
encryption algorithms.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Tom Kitta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:18 PM
To: CF-Talk
Subject: RE: RE: RE: Securing CF Apps.

I agree with Kwang Suh, security through obscurity is no security at all.
This is quite well known throughout security community and all encryption
standards available to the wide public adhere to it.

TK
  -Original Message-
  From: Kwang Suh [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, March 23, 2004 2:56 PM
  To: CF-Talk
  Subject: Re: RE: RE: Securing CF Apps.

  > If my user.login is encrypted one time as kjdfljsldfl  and the
  > user comes
  > back and types in kjdfljsldfl they don't get taken to that
  > circuit, because
  > it's different this time.

  This would not be acceptable in many situations, because it prevents
bookmarking and renders search engines useless.

  > >> 3. The objection to using cfquery is multifaceted.  There is
  > the
  > >> risk of SQL
  > >> injection if your not doing the correct validation.  If your
  > >> errors are not
  > >> being handled correctly you can give away table and column
  > names
  > >> in the
  > >> error message.
  >
  > >So don't you think it's more important to handle errors properly
  > than say
  > "don't ever use "?
  >
  > I think that with all the benefits of procedures, if you have them
  > available, you're a fool not to use them, and not just because of the
  > enhanced security.  Obviously proper error handling is important
  > AS WELL.
  > This is not an either/or argument, rather a complimentary one.

  What's wrong with:

  
  exec my_stored_proc
  

  ?

  > >> 2. By using plain text variable names your going to give the
  > potential>> intruder a decent insight into your application
  > design, and this
  > >> will give
  > >> them the ability to make educated guesses as to your other
  > circuit
  > >> names.
  >
  > >So?
  >
  > So by understanding the structure of an application, you can then
  > begin to
  > analyze it's weaknesses.  In the environment in which I work we
  > want to give
  > them as little as possible to go on.
  >
  > >You've got bigger problems should someone gain access to your
  > file system.
  >
  > Is that so??  I disagree.  If someone gains access to my web
  > server they
  > have nothing.  Now my db which is on the other side of a firewall,
  > and only
  > accepts connections from specific ips, if they got in that it
  > could become
  > problematic.  Why?  Because there are no user names or passwords
  > stored on
  > my web server.  There is no way to open a direct connection into
  > my db
  > without having a user account on the db.  Your rights and roles
  > are also
  > stored in that db, not in the application, and so you would not
  > really get
  > anything other than images and source code.  You don't even get
  > the code of
  > the procedure calls, and so you are still blind to the schema of
  > my db.

  If I have complete access to your file system, this means that I can, say,
create a file that monitors tcp/ip traffic between your web server and db
server and sends the packets over to me where I can then scan for your
password.  Or I could simply delete everything on the web server.

  >
  > Kwang, again, this is a layered approach to security.  No one
  > thing is going
  > to protect you from everything.  You just continue to lock down
  > things in
  > order to mitigate risk.  You can never be without risk, and anyone who
  > thinks they have completely secured their site deserves to be
  > attacked.Listen man.  You do whatever you feel comfortable doing.
  > No more, no less.
  > But moving towards my CISSP and GSEC, having been a cyber threat
  > analyst for
  > the last two years, and soon to be managing a federal CERT, I can

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
The majority of my points are in regards to web applications.  When talking
about a web site I can understand your point, however much of what we do are
actually applications ion the true sense, and not just sites.  The security
of our public sites is very different.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Conan Saunders [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 3:03 PM
To: CF-Talk
Subject: RE: Securing CF Apps.

At 01:30 PM 3/23/2004, you wrote:
> >> 2. By using plain text variable names your going to give the potential
> >> intruder a decent insight into your application design, and this
> >> will give
> >> them the ability to make educated guesses as to your other circuit
> >> names.
>
> >So?
>
>So by understanding the structure of an application, you can then begin to
>analyze it's weaknesses.  In the environment in which I work we want to
give
>them as little as possible to go on.

Maybe that's true in your specific application, but I don't think that 
practice has any security value for web applications in general. Trying to 
conceal your application's structure (as revealed through the PUBLIC 
interface of page paths, fuseactions, and URL/FORM variables) sounds like 
an exercise in futility and security through obscurity.

I want my application's public interface to be as clear and easy to use as 
possible. If a user is able to guess a concise, logically named URL and 
find a page he wants, or hand-edit the value of a clearly named URL 
parameter to obtain better search results, that's a victory for the user 
and for me.

Does every single request to your site look like this: 
"/index.cfm?aewuotijasdoijfj"? I don't see how that gains you much security 
at all, and it's at the expense of a fair amount of user friendliness: 
ability to bookmark; ability to type short, logical URLs; ability to 
properly link to your application's functionality; etc.

As somebody said earlier, one case where you DO have a legitimate use for 
encrypting URL/FORM variables is when you're outputing internal values 
(database row IDs, etc) to a form or query string that will then be posted 
back to your application, and you don't want the end user to see the 
internal DB value. There, you are encrypting the VALUE, but not the 
variable name itself.

Conan 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
There are very specific equations that can help you decide how much you need
to spend on risk mitigation and security.  Unfortunately most web developers
don't know where to look for information like this.  Also doing a large
scale risk analysis can be expensive and time consuming, enough that it will
be skipped by people that do know how to conduct one correctly.

 
The things that we have talked about thus far are all easy to implement, and
free.  You are using the security that is part of your database, and using
the security that you yourself build into your application.  The encryption
stuff I wrote is freely available on cflib.org (all though I do need to
update it).  Documentation on best practices is all over the net.  Open up
google and look for web application security, or something similar.  You can
get quite an education for free these days, I know I have.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Tom Kitta [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 2:39 PM
To: CF-Talk
Subject: RE: RE: Securing CF Apps.

It is a positive sign when so many people on this list recognize the need
for security in their web applications. The next step after acknowledging
that security is needed is to determine how much security is needed. We
don't want to protect 10c of assets using security worth $1000. Once we know
how much we can spend on securing our assets we proceed to security
planning.

In cf talk discussion thus we should look at easy and cheap to implement
security vis more expensive security implementations. After all, if we have
unlimited budget we could do something silly like hiring someone to watch
every request our website is about to process.

TK
  -Original Message-
  From: Kwang Suh [mailto:[EMAIL PROTECTED]
  Sent: Tuesday, March 23, 2004 2:12 PM
  To: CF-Talk
  Subject: Re: RE: Securing CF Apps.

  > 1. If your properly encrypting the url your going to change your
  > seed (key)
  > every request.  That way it is different every time

  What possible value does this bring?

  >
  > 2. By using plain text variable names your going to give the potential
  > intruder a decent insight into your application design, and this
  > will give
  > them the ability to make educated guesses as to your other circuit
  > names.

  So?

  > 3. The objection to using cfquery is multifaceted.  There is the
  > risk of SQL
  > injection if your not doing the correct validation.  If your
  > errors are not
  > being handled correctly you can give away table and column names
  > in the
  > error message.

  So don't you think it's more important to handle errors properly than say
"don't ever use "?

  Also should someone gain access to your file
  > system they can
  > build a pretty complete picture of your database from the queries.
  > You
  > can't do this when all you are using is Stored Procedures,
  > especially if
  > your variable names don't match your column names.  Throw in views
  > and you
  > can obscure it even more.

  You've got bigger problems should someone gain access to your file system.

  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
>> 1. If your properly encrypting the url your going to change your 
>> seed (key)
>> every request.  That way it is different every time

>What possible value does this bring?

If my user.login is encrypted one time as kjdfljsldfl  and the user comes
back and types in kjdfljsldfl they don't get taken to that circuit, because
it's different this time.

 
>> 3. The objection to using cfquery is multifaceted.  There is the 
>> risk of SQL
>> injection if your not doing the correct validation.  If your 
>> errors are not
>> being handled correctly you can give away table and column names 
>> in the
>> error message.

>So don't you think it's more important to handle errors properly than say
"don't ever use "?

I think that with all the benefits of procedures, if you have them
available, you're a fool not to use them, and not just because of the
enhanced security.  Obviously proper error handling is important AS WELL.
This is not an either/or argument, rather a complimentary one.

 
>> 2. By using plain text variable names your going to give the potential
>> intruder a decent insight into your application design, and this 
>> will give
>> them the ability to make educated guesses as to your other circuit 
>> names. 

>So?

So by understanding the structure of an application, you can then begin to
analyze it's weaknesses.  In the environment in which I work we want to give
them as little as possible to go on.

 
>You've got bigger problems should someone gain access to your file system.

 
Is that so??  I disagree.  If someone gains access to my web server they
have nothing.  Now my db which is on the other side of a firewall, and only
accepts connections from specific ips, if they got in that it could become
problematic.  Why?  Because there are no user names or passwords stored on
my web server.  There is no way to open a direct connection into my db
without having a user account on the db.  Your rights and roles are also
stored in that db, not in the application, and so you would not really get
anything other than images and source code.  You don't even get the code of
the procedure calls, and so you are still blind to the schema of my db.

 
Kwang, again, this is a layered approach to security.  No one thing is going
to protect you from everything.  You just continue to lock down things in
order to mitigate risk.  You can never be without risk, and anyone who
thinks they have completely secured their site deserves to be attacked.
Listen man.  You do whatever you feel comfortable doing.  No more, no less.
But moving towards my CISSP and GSEC, having been a cyber threat analyst for
the last two years, and soon to be managing a federal CERT, I can tell you
this, there is always going to be some new exploit. It's going to be
something you didn't think of.  But that zero day exploit isn't going to be
the one that does all the crazy damage.  It's going to be some known
vulnerability that you could have prevented from putting your system at
risk. (slammer, blaster etc.)  By duplication of your efforts, by
overlapping your protection you're trying to create a shell around your
application and it's data.  Obscurity is just one more tool you can use to
do that.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kwang Suh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 2:16 PM
To: CF-Talk
Subject: Re: RE: Securing CF Apps.


  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
Here's my take on it.  You layer security on like an onion.  In many cases
you protect against the same kinds of attacks many times.  I don't want a
user to get to a specific area of my site unless they are logged in.  Ok so
I check a session or client variable that I set upon login.  Well I have a
user that has logged in and gotten to my page.  Now they book marked the
page.  Well written correctly since their session doesn't exist I send them
to the login page.  However I personally would like to take it a step
further.  I don't want people to be able to bookmark pages in my app at all.
Also I don't want them to be able to figure out the structure of my
application because I used plain text, easy to understand names for the
different sections of the app (in this case circuits).  So I encrypt my url
variables.  Why?  They don't get any information about the structure of my
app, or about the information I am passing between pages.  When they book
mark the site the fuseaction is gobly gook.  Means nothing and kicks them to
my home page or login or whatever.  Ok, what else is involved here?
Validation.  Both client and server side.  You use client side knowing that
it is easily defeated by turning off _javascript_s, but you use it to keep
from hitting the server.  Then you do it again on the client side to make
sure that nothing got by.  In 90% of the cases they user will have
_javascript_ enabled and it will have saved some of your server resources.
Now you have communications between the db and cf.  What can you do?  Well
for one you use an actual db user account to validate people.  Why?  Because
then you can limit what actions the user can take, not only through the
application, but through the db as well.  Also your not storing a username
and password anywhere.  Someone said earlier that means they can open up SQL
+ or enterprise manager and login to the db, well this is true, but they are
only able to see and do the same exact things that they would be able to do
through your application, if the DB is locked down correctly.  In oracle at
least you have to be granted rights to even know if a table exists.  I can
have a user table, but if you don't have select or whatever other
privileges, you get a table not found error.

 
In the past we have made many mistakes in security.  I am sure that we still
make many as a community.  New exploits are announced daily.  Most of the
things that we are trying to protect against aren't even used anymore
because in general developers learned form their mistakes.  Does this mean
we should stop doing them?

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-----Original Message-
From: Heald, Tim 
Sent: Tuesday, March 23, 2004 2:05 PM
To: CF-Talk
Subject: RE: Securing CF Apps.

1. If your properly encrypting the url your going to change your seed (key)
every request.  That way it is different every time

2. By using plain text variable names your going to give the potential
intruder a decent insight into your application design, and this will give
them the ability to make educated guesses as to your other circuit names.

3. The objection to using cfquery is multifaceted.  There is the risk of SQL
injection if your not doing the correct validation.  If your errors are not
being handled correctly you can give away table and column names in the
error message.  Also should someone gain access to your file system they can
build a pretty complete picture of your database from the queries.  You
can't do this when all you are using is Stored Procedures, especially if
your variable names don't match your column names.  Throw in views and you
can obscure it even more.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kwang Suh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 12:55 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

> My issue with  is that you are exposing your db design. 
> It's alot harder to hack a db is you dont know the table and 
> column names.

huh?

> As for encrypting the fuseaction, the question is why not?

Because it's useless.

Let's think this through:

I have a fuseaction called "products.list"

It encrypts to "wafiawjfw"

I type in &q

RE: Securing CF Apps.

2004-03-23 Thread Heald, Tim 
1. If your properly encrypting the url your going to change your seed (key)
every request.  That way it is different every time

 
2. By using plain text variable names your going to give the potential
intruder a decent insight into your application design, and this will give
them the ability to make educated guesses as to your other circuit names.

 
3. The objection to using cfquery is multifaceted.  There is the risk of SQL
injection if your not doing the correct validation.  If your errors are not
being handled correctly you can give away table and column names in the
error message.  Also should someone gain access to your file system they can
build a pretty complete picture of your database from the queries.  You
can't do this when all you are using is Stored Procedures, especially if
your variable names don't match your column names.  Throw in views and you
can obscure it even more.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kwang Suh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, March 23, 2004 12:55 PM
To: CF-Talk
Subject: Re: Securing CF Apps.

> My issue with  is that you are exposing your db design. 
> It's alot harder to hack a db is you dont know the table and 
> column names.

huh?

> As for encrypting the fuseaction, the question is why not?

Because it's useless.

Let's think this through:

I have a fuseaction called "products.list"

It encrypts to "wafiawjfw"

I type in "wafiawjfw" in the url.

It lists the products.

Where's the security?

Users 
> can start throwing errors by trying different fuseaction calls. 
> Which in turn could expose too much info if you dont have a site 
> wide error handler.

Let me get this straight.  I should waste time encrypting urls, and yet be
stupid enough not to have an error handler.

Let's think this one through:

I type in "wiejfiawefijwf", which doesn't decrypt properly.

The site then throws an error, and since I don't have a site wide error
handler, it exposes a whole bunch of information.

Where's the security?

The topic of this thread is securing cf apps. 
> Although it may not be 100% necessary, it sure doesn't hurt. 

It doesn't help either. 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Oracle System password recovery

2004-03-03 Thread Heald, Tim 
I am in the middle of deploying an application.  I need to grant some
privileges to select from some system tables and our dbas have been gone for
hours.  Is there a way to easily recover the system user password?

-- 
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Site Compiler that will handle CF

2004-02-12 Thread Heald, Tim 
You can run cf off of iis just fine on a decent lap top.  I do. If your
using IIS then you can do ASP.

 
The database is where you will usually run into problems, but I have SQL
2000 running fine on mine, or you can just demo off of access.  Hell we have
Oracle 8 and 9i running on laptops with CF around here.  Shouldn't be a
problem.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Parker, Kevin [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 12, 2004 6:08 PM
To: CF-Talk
Subject: Site Compiler that will handle CF

Does any one know of a web site compiler that will handle ASP and CFM files
as well as the usual HTML. We need to load our site to someone laptop that
doe a lot of country demos and presentations where the connectivity is not
so good i.e. he'd have to dial in on his mobile (if he can get range).

+++
Kevin Parker
Web Services Manager
WorkCover Corporation

p: 08 8233 2548
e: [EMAIL PROTECTED]
w: www.workcover.com
+++


This e-mail is intended for the use of the addressee only. It may 
contain information that is protected by legislated confidentiality
and/or is legally privileged. If you are not the intended recipient you
are prohibited from disseminating, distributing or copying this e-mail.

Any opinion expressed in this e-mail may not necessarily be that of the
WorkCover Corporation of South Australia. Although precautions have
been taken, the sender cannot warrant that this e-mail or any files
transmitted with it are free of viruses or any other defect.

If you have received this e-mail in error, please notify the sender
immediately by return e-mail and destroy the original e-mail and any
copies.
 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Oracle 8i, CFMX 6.1 LOB issues

2004-01-08 Thread Heald, Tim 
Not a stupid question at all, but yes we do.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Dave Carabetta [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 4:35 PM
To: CF-Talk
Subject: RE: Oracle 8i, CFMX 6.1 LOB issues

>I'm experiencing quite an oddity with our Oracle 8.1.7 servers when dealing
>with any LOB data via CF 6.1 Enterprise.
>
>Via my CFML front-end, I'm able (as the oracle schema owner) to pull back
>(any) LOB data correctly with no issues. However, if I should log in as a
>user whom has execute privileges on the packages created by the schema
>owner, it will either return an empty string or the generic ORA-00942
>message via CF. If I run the procedure as either user via SQL*Plus/TOAD, I
>get no error.
>
>I've attempted to use both the 3.1 and 3.2 versions of the
>macromedia_drivers JAR, neither have helped. If I grant SELECT to the 
>Oracle
>roles on the tables containing the LOBs, the data will return correctly,
>just as if I was logged in as the schema owner.
>
>I'm under the impression this is an Oracle problem, however our DBA staff
>keeps pointing at CF/Data Direct drivers. I can't imagine it's a CF issue,
>as the data returns fine under the aforementioned conditions. Has anyone 
>had
>this problem and fixed it, or could maybe point me in a better direction?
>

This is probably a stupid question, but I didn't see it noted above, so I'll

ask anyway: Do you have the "Enable long text retrieval (CLOB)." selection 
checked off for this datasource in the MX Admin as well as a high enough 
Long Text Buffer value? We use CLOBs on our site using MX 6.1 and Oracle 
8.1.7, so I know they work in general.

Regards,
Dave. 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Oracle 8i, CFMX 6.1 LOB issues

2004-01-08 Thread Heald, Tim 
I'm experiencing quite an oddity with our Oracle 8.1.7 servers when dealing
with any LOB data via CF 6.1 Enterprise. 

Via my CFML front-end, I'm able (as the oracle schema owner) to pull back
(any) LOB data correctly with no issues. However, if I should log in as a
user whom has execute privileges on the packages created by the schema
owner, it will either return an empty string or the generic ORA-00942
message via CF. If I run the procedure as either user via SQL*Plus/TOAD, I
get no error. 

I've attempted to use both the 3.1 and 3.2 versions of the
macromedia_drivers JAR, neither have helped. If I grant SELECT to the Oracle
roles on the tables containing the LOBs, the data will return correctly,
just as if I was logged in as the schema owner.

I'm under the impression this is an Oracle problem, however our DBA staff
keeps pointing at CF/Data Direct drivers. I can't imagine it's a CF issue,
as the data returns fine under the aforementioned conditions. Has anyone had
this problem and fixed it, or could maybe point me in a better direction?

Many, many thanks in advance!

-- 
Timothy Heald
Web Portfolio Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: CFDJ isn't exactly kicking bootay

2004-01-08 Thread Heald, Tim 
If it ever actually gets to you.  We haven't seen one in months.  This isn't
the first time either, I have finally just just given up and won't be
resubscribing.

 
-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kola Oyedeji [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 08, 2004 8:39 AM
To: CF-Talk
Subject: RE: CFDJ isn't exactly kicking bootay

Not to mention that your subscription gives you access to the archives
which means for the price of a years subscription you actually are
getting more than a years worth of content ;-)

Kola

-Original Message-
From: Howard Fore [mailto:[EMAIL PROTECTED] 
Sent: 08 January 2004 13:22
To: CF-Talk
Subject: Re: CFDJ isn't exactly kicking bootay

So the Design Pattern series was invaluable. How much time did that 
series save you to be able to work on extra projects? How much is your 
time worth per hour? I'd bet that over the course of the subscription 
year, the product of number of hours saved multiplied by your hourly 
rate is more than the cost of the subscription. And if properly 
applied, those techniques won't save you time and money just this year, 
but in the future as well.

That's how I justify it at least.

--
Howard Fore, [EMAIL PROTECTED]
"Much of life is Dutch one-digit operations in which legions of big 
robust people crouch behind badly cracked dike systems attached by the 
thumbs their wide balloon-pantsed rumps up-ended to the northern sun 
while, back in town, little black-suspendered tulip magnates stride 
around." - "Dutch", Kay Ryan

On Jan 8, 2004, at 1:26 AM, Dave Carabetta wrote:

> Your monthly column
> contribution is useful (along with your papers on www.how2cf.com/),
and
> Brendan O'Hara's Design Patterns series was invaluable (at least, to 
> me).
  _ 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

OT: RE: iMail Web Messaging through IIS

2004-01-06 Thread Heald, Tim 
I am running a web server and this mail server on the same box.  I run maybe
10 personal sites off the box, nothing major, all on port 80 using virtual
servers.  I want to be able to check my web mail at work.  I can only get
the the web server on port 80. I would like to run the CGI app that comes
with iMail through IIS so I can simply set it up as a virtual server like
mail.terminal-fusion.com, but it keeps throwing a 404 error saying that
login.cgi isn't found.  However if I run it through the iMail web server it
works just fine, even though there is no iMail.cgi.

 
Someone told me that ipswitch may have set the app up so it can only run
through their server.

 
I installed active perl on the system and still nothing.
-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Dan Phillips [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 06, 2004 2:00 PM
To: CF-Talk
Subject: RE: iMail Web Messaging through IIS

You mean the web interface? like http://mail.cfxhosting.com
  ?

We used it in 2000. Where are you getting stuck?

Dan Phillips
CFXHosting.com
[EMAIL PROTECTED]

-Original Message-
From: Heald, Tim [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, January 06, 2004 1:53 PM
To: CF-Talk
Subject: iMail Web Messaging through IIS

Has anyone ever gotten the iMail web mail app to run through IIS?

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail
is
unclassified based on the definitions in E.O. 12958. 
  _ 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

iMail Web Messaging through IIS

2004-01-06 Thread Heald, Tim 
Has anyone ever gotten the iMail web mail app to run through IIS?

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: MACR Stock price?

2003-12-30 Thread Heald, Tim 
community that is.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 3:04 PM
To: CF-Talk
Subject: RE: MACR Stock price?

Hehehehe.. It's true. But this is my last day.. Check the new signature.

Adam Wayne Lehman
Tim's New Bitch

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail
is
unclassified based on the definitions in E.O. 12958.

-Original Message-----
From: Heald, Tim [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 30, 2003 12:48 PM
To: CF-Talk
Subject: RE: MACR Stock price?

He must work in the education sector.

We al know those pikers don't make any money :)

-- 
Tim

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail
is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 11:59 AM
To: CF-Talk
Subject: RE: MACR Stock price?

#1 Maybe you are right, but considering how low the volume of mail on
this list is over the holidays you are just being rude.

#2 If you feel so strongly about #1 then why even add your #2 theory?

#3 Whose fault is it that you have a 14.4k download? To cheap to spring
for a decent modem?

Adam Wayne Lehman
Web Systems Developer
Johns Hopkins Bloomberg School of Public Health
Distance Education Division

-Original Message-
From: Haggerty, Mike [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 30, 2003 11:39 AM
To: CF-Talk
Subject: RE: MACR Stock price?

#1 - I am certain this thread is off topic. I don't need my .5 MB POP
freemail account getting overrun by useless grousing and carrying on.
It's bad enough I have to put up with the pro-Fusebox threads, those
zealots. I am sick of having to wait 6 hours to download all my mail
over my 14.4 K connection, so cut it out you meanies.

#2 - The stock price is up because I have been seeding investment
mailing lists with false rumors about MM preparing for a major IP
lawsuit against companies using Linux with the Gimp installed. I alledge
the Gimp uses a series of headers in the Linux kernel directly ripped
from Videoworks in the early 90's, and that MM is entitled to licensing
fees of up to $30,000 per use of infringing code. If you look on Motley
Fool, the conversation I have been having with myself under 5 different
identities is that this 'big lawsuit' is a major risk for investors, but
the potential for returns is in the millions per share.

Look for that stock price to hit $280 soon.

M

-Original Message- 
From: Gabriel Robichaud [mailto:[EMAIL PROTECTED] 
Sent: Tue 12/30/2003 11:17 AM 
To: CF-Talk 
Cc: 
Subject: RE: MACR Stock price?

Maybe its just the January effect.  Historically, the market goes up a
bit in january every year while Financial Planners and people do last
minute investing before tax returns.  

or, maybe I dont know what im talkign about, just repeating what I heard
on CNN 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 11:11 AM
To: CF-Talk
Subject: OT: MACR Stock price?

At latest sale the MACR stock was at $18.40 -- up 2.24% today.

I bought some MACR shares 5 days ago for $17.94 -- and am quite happy.

I expected the price to increase gradually to the $22 range.

Any ideas why the stock is going up so rapidly? (Other than the 
excellent company and superior products)

TIA

Dick 
  _ 
  _
  _ 
  _
  _ 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: MACR Stock price?

2003-12-30 Thread Heald, Tim 
Moved to CF-Talk :)

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 3:04 PM
To: CF-Talk
Subject: RE: MACR Stock price?

Hehehehe.. It's true. But this is my last day.. Check the new signature.

Adam Wayne Lehman
Tim's New Bitch

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail
is
unclassified based on the definitions in E.O. 12958.

-Original Message-----
From: Heald, Tim [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 30, 2003 12:48 PM
To: CF-Talk
Subject: RE: MACR Stock price?

He must work in the education sector.

We al know those pikers don't make any money :)

-- 
Tim

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail
is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 11:59 AM
To: CF-Talk
Subject: RE: MACR Stock price?

#1 Maybe you are right, but considering how low the volume of mail on
this list is over the holidays you are just being rude.

#2 If you feel so strongly about #1 then why even add your #2 theory?

#3 Whose fault is it that you have a 14.4k download? To cheap to spring
for a decent modem?

Adam Wayne Lehman
Web Systems Developer
Johns Hopkins Bloomberg School of Public Health
Distance Education Division

-Original Message-
From: Haggerty, Mike [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 30, 2003 11:39 AM
To: CF-Talk
Subject: RE: MACR Stock price?

#1 - I am certain this thread is off topic. I don't need my .5 MB POP
freemail account getting overrun by useless grousing and carrying on.
It's bad enough I have to put up with the pro-Fusebox threads, those
zealots. I am sick of having to wait 6 hours to download all my mail
over my 14.4 K connection, so cut it out you meanies.

#2 - The stock price is up because I have been seeding investment
mailing lists with false rumors about MM preparing for a major IP
lawsuit against companies using Linux with the Gimp installed. I alledge
the Gimp uses a series of headers in the Linux kernel directly ripped
from Videoworks in the early 90's, and that MM is entitled to licensing
fees of up to $30,000 per use of infringing code. If you look on Motley
Fool, the conversation I have been having with myself under 5 different
identities is that this 'big lawsuit' is a major risk for investors, but
the potential for returns is in the millions per share.

Look for that stock price to hit $280 soon.

M

-Original Message- 
From: Gabriel Robichaud [mailto:[EMAIL PROTECTED] 
Sent: Tue 12/30/2003 11:17 AM 
To: CF-Talk 
Cc: 
Subject: RE: MACR Stock price?

Maybe its just the January effect.  Historically, the market goes up a
bit in january every year while Financial Planners and people do last
minute investing before tax returns.  

or, maybe I dont know what im talkign about, just repeating what I heard
on CNN 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 11:11 AM
To: CF-Talk
Subject: OT: MACR Stock price?

At latest sale the MACR stock was at $18.40 -- up 2.24% today.

I bought some MACR shares 5 days ago for $17.94 -- and am quite happy.

I expected the price to increase gradually to the $22 range.

Any ideas why the stock is going up so rapidly? (Other than the 
excellent company and superior products)

TIA

Dick 
  _ 
  _
  _ 
  _
  _ 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: MACR Stock price?

2003-12-30 Thread Heald, Tim 
He must work in the education sector.

 
We al know those pikers don't make any money :)

-- 
Tim

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 11:59 AM
To: CF-Talk
Subject: RE: MACR Stock price?

#1 Maybe you are right, but considering how low the volume of mail on
this list is over the holidays you are just being rude.

#2 If you feel so strongly about #1 then why even add your #2 theory?

#3 Whose fault is it that you have a 14.4k download? To cheap to spring
for a decent modem?

Adam Wayne Lehman
Web Systems Developer
Johns Hopkins Bloomberg School of Public Health
Distance Education Division

-Original Message-
From: Haggerty, Mike [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 30, 2003 11:39 AM
To: CF-Talk
Subject: RE: MACR Stock price?

#1 - I am certain this thread is off topic. I don't need my .5 MB POP
freemail account getting overrun by useless grousing and carrying on.
It's bad enough I have to put up with the pro-Fusebox threads, those
zealots. I am sick of having to wait 6 hours to download all my mail
over my 14.4 K connection, so cut it out you meanies.

#2 - The stock price is up because I have been seeding investment
mailing lists with false rumors about MM preparing for a major IP
lawsuit against companies using Linux with the Gimp installed. I alledge
the Gimp uses a series of headers in the Linux kernel directly ripped
from Videoworks in the early 90's, and that MM is entitled to licensing
fees of up to $30,000 per use of infringing code. If you look on Motley
Fool, the conversation I have been having with myself under 5 different
identities is that this 'big lawsuit' is a major risk for investors, but
the potential for returns is in the millions per share.

Look for that stock price to hit $280 soon.

M

-Original Message- 
From: Gabriel Robichaud [mailto:[EMAIL PROTECTED] 
Sent: Tue 12/30/2003 11:17 AM 
To: CF-Talk 
Cc: 
Subject: RE: MACR Stock price?

Maybe its just the January effect.  Historically, the market goes up a
bit in january every year while Financial Planners and people do last
minute investing before tax returns.  

or, maybe I dont know what im talkign about, just repeating what I heard
on CNN 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 30, 2003 11:11 AM
To: CF-Talk
Subject: OT: MACR Stock price?

At latest sale the MACR stock was at $18.40 -- up 2.24% today.

I bought some MACR shares 5 days ago for $17.94 -- and am quite happy.

I expected the price to increase gradually to the $22 range.

Any ideas why the stock is going up so rapidly? (Other than the 
excellent company and superior products)

TIA

Dick 
  _ 
  _
  _ 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: queryNew / array functions

2003-12-12 Thread Heald, Tim 
something like arrayMax(myQuery[myColumn]) should do the trick.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Turetsky, Seth [mailto:[EMAIL PROTECTED]
Sent: Friday, December 12, 2003 3:49 PM
To: CF-Talk
Subject: queryNew / array functions

"Coldfusion queries are essentially arrays with named columns.  You
therefore
can use any of the array functions with queries" -CFMX WACK

How would I use say ArrayMax() to get the largest value in a specified
column
of a query I created using queryNew.

I think my brain left work at lunch today

-seth 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: seven days earlier

2003-12-12 Thread Heald, Tim 
You would use dateAdd() and add 7 days.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Robert Orlini [mailto:[EMAIL PROTECTED]
Sent: Friday, December 12, 2003 8:50 AM
To: CF-Talk
Subject: seven days earlier

I have a CF application that needs to check a date field in an Access column
and send an email 7 days earlier than the date in that column. 
For example if the date in the column is 12/31/03, I would need to do a
comparison. When the current date is 12/24/03 then send out an email. 

How would I code this using dateformat(now) for the current date? I guess I
would need to use the CF scheduler for this or can I use this in a CF script
alone?

Thanks as always.

Robert O.
HWW 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Run HTML through CFMX

2003-12-10 Thread Heald, Tim 
You make .htm or .html get parsed by CF in your web server.  Then you add
your security.

 
How to do this depends on the web server.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Robert Everland III [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 10, 2003 10:07 AM
To: CF-Talk
Subject: Re:Run HTML through CFMX

I have a massive static HTML website that I need to add a security layer. So
including a file won't work.

Bob

> Use an include.
> 
> 
> 
> This is a pretty decent technique when you want to use an 
> administrative form (in conjunction with CFFILE) to update static 
> content i.e headers and footers or even long blocks of text.
> 
> Jeremy
> 
> > I know this is on the forum somewhere, but I don't think I am typing 
> 
> > the right search term.
> > 
> > So how do I get HTML to run through CFMX. I know it isn't the 
> > suggested way, but I need to do it. Thanks.
> > 
> > 
bob 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: JS help

2003-12-09 Thread Heald, Tim 
Ok

 
but what does that tag produce in html and _javascript_?  It has to be using a
window.open in order to pop the new window somewhere.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Tim Do [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 2:49 PM
To: CF-Talk
Subject: RE: JS help

here is the calling page:

alt="Calendar" border="0" formname="frmSearchInCheck" target="dateMax">

tag:

















var months = new

Array("January","February","March","April","May","June","July","August","Sep

tember","October","November","December")

var totalDays = new Array(31,28,31,30,31,30,31,31,30,31,30,31)



function openCalWin_#attributes.target#() { 

stats='toolbar=no,location=no,directories=no,status=no,menubar=no,'

stats += 'scrollbars=no,resizable=no,width=300,height=250'

CalWin = window.open ("","Calendar",stats)



var calMonth = #DateFormat(attributes.date, "M")#

var calYear = #DateFormat(attributes.date, "")#



theDate = new Date(calYear, (calMonth - 1), 1)



buildCal_#attributes.target#(theDate)



}



function buildCal_#attributes.target#(theDate) {



var startDay = theDate.getDay()

var printDays = false

var currDay = 1

var rowsNeeded = 5



if (startDay + totalDays[theDate.getMonth()] > 35)

  rowsNeeded++



CalWin.document.write('Select a Date')

CalWin.document.write('')

CalWin.document.write('')

CalWin.document.write('
bordercolor=##ff cellpadding=0 cellspacing=0>')

CalWin.document.write('')

CalWin.document.write('')

for (x=1; x<=rowsNeeded; x++){

  CalWin.document.write('')

  for (y=0; y<=6; y++){

   if (currDay == 1 && !printDays && startDay == y)

    printDays = true

   CalWin.document.write('')

    if (currDay > totalDays[theDate.getMonth()])

 printDays = false

   }

   else

    CalWin.document.write(' ')

  }  

  CalWin.document.write('')

} 

CalWin.document.write('

face=Verdana color=##006699 size=2>' + months[theDate.getMonth()] + ' ' +

theDate.getFullYear() + '

color=##006699 size=1>Su
size=1>Mo
size=1>Tu
size=1>We
size=1>Th
size=1>Fr
size=1>Sa
')

   if (printDays){

  CalWin.document.write('
href="" + theDate.getMonth()

+ ',' +  currDay + ',' + theDate.getFullYear() + ')">' + currDay++ +

'

align="center">
alt="" border="0" name="Backward" value="<<"

 face=Verdana

color=##006699 size="1"> Arrows browse through the months. 
type="image" src="" align="middle" alt="" border="0"

name="Forward" value=">>"

>
CalWin.document.write('
')

CalWin.document.close()



}



function getNewCal_#attributes.target#(newDir) {

if (newDir == -1){

  theDate.setMonth(theDate.getMonth() - 1)

  if (theDate.getMonth() == 0){

   theDate.setMonth(12)

   theDate.setYear(theDate.getYear() - 1)

  }

}

else if (newDir == 1){

  theDate.setMonth(theDate.getMonth() + 1)

  if (theDate.getMonth() == 13){

   theDate.setMonth(1)

   theDate.setYear(theDate.getYear() + 1)

  }

}

  

  

CalWin.document.clear();

buildCal_#attributes.target#(theDate);



}



function placeDate_#attributes.target#(monthNum, dayNum, yearNum){

var dateString = (monthNum + 1) + '-' + dayNum + '-' + yearNum



document.#attributes.formname#.#attributes.target#.value = dateString

   

CalWin.close()

}

RE: JS help

2003-12-09 Thread Heald, Tim 
That's the page that's created with window.open()

 
It's probably using just window.open('myfile.cfm') or something and you need
to be more specific.  Send the code for the originating page.

-- 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Tim Do [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 2:45 PM
To: CF-Talk
Subject: RE: JS help

No http://
this is what the source looks like:

Select a DateA { color:

#00; font-family:Verdana;font-size:12px; font-weight: normal;

text-decoration: none; padding:0em .5em;}A:hover { color: #cc6600;

background-color: #ecf4f7; padding:0em .5em; }body { background: #ff;

}
width=100% border=0 bordercolor=#ff cellpadding=0 cellspacing=0>
bgcolor="#b2d9ec" colspan=7>December
2003
color=#006699 size=1>Su
size=1>Mo
size=1>Tu
size=1>We
size=1>Th
size=1>Fr
size=1>Sa 
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
td align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
td align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
td align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%>
href="">
align="center" width=14.28%> 
width=14.28%> 
width=14.28%> 
align="center">
alt="" border="0" name="Backward" value="<<"
 face=Verdana color=#006699
size="1"> Arrows browse through the months. 
src="" align="middle" alt="" border="0" name="Forward"
value=">>"
>
>

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 09, 2003 11:38 AM
To: CF-Talk
Subject: RE: JS help

ugh, take a look at the HTML source after your page is drwan.  I bet there
is an HTTP in the window.open call.

-Original Message-
From: Tim Do [mailto:[EMAIL PROTECTED]
Sent: Tuesday, December 09, 2003 2:16 PM
To: CF-Talk
Subject: RE: JS help

There is no http anywhere... the calendar is all rendered inside the custom
tag.

-Original Message-
From: Schuster, Steven [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 09, 2003 11:20 AM
To: CF-Talk
Subject: RE: JS help

Make sure the tag code does not use http:// anywhere is one way. 

Steve

-Original Message-
From: Tim Do [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, December 09, 2003 2:10 PM
To: CF-Talk
Subject: OT: JS help

Hello all,

I'm trying to use a calendar custom tag (cf_formFieldCalendar) inside a
secure directory.   Inside the tag it has a window.open command that spawns
a window.  When it does, the browser prompts that you're leaving a secure
area.  The tag is inside the secure directory.  Can anybody tell me how to
get it so the browser doesn't prompt the user that they're leaving a secure
area?

Thanks in advance,
Tim

Here is a piece of the js:

function openCalWin_#attributes.target#() { 
stats='toolbar=no,location=no,directories=no,status=no,menubar=no,'
stats += 'scrollbars=no,resizable=no,width=300,height=250'
CalWin = window.open ("","Calendar",stats)
  _ 
  _ 
  _ 
  _ 
  _
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: CF Certification

2003-11-26 Thread Heald, Tim 
ack no not again.

 
Go look in the archives

 
/me runs and hides.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Mickael [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 2:05 PM
To: CF-Talk
Subject: Re: CF Certification

One the topic of the CF Certification, I am curious as to what value people
that are certified get from the certification?  Is it worth it?
  - Original Message - 
  From: Dominic J. Doucet-Lorang 
  To: CF-Talk 
  Sent: Wednesday, November 26, 2003 1:41 PM
  Subject: CF Certification

  Hi,
  I am looking at taking the Macromedia CF test and would like an idea on a 
  good book for preparing for the exam.

  Thanks,

  Dominic J. Doucet-Lorang

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Can this be done??

2003-11-26 Thread Heald, Tim 
I was actually wondering the same thing.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Kevin Graeme [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 10:36 AM
To: CF-Talk
Subject: Re: Can this be done??

Did you even try looking up how to use a list or array and figure it out for
yourself?

Here's a lead:
_ColdFusion MX Web Application Construction Kit_ by Ben Forta, page 170.

-Kevin

- Original Message - 
From: "Bushy" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, November 26, 2003 9:12 AM
Subject: Re: Can this be done??

> Cool.
>
> I got it to work using the URL variable.
>
> How can I keep adding or concatenate each selection to the URL.item
variable I'm displaying in the bottomframe to a list or array?
>
>
>
>
>
> --Original Message Text---
> From: Kevin Graeme
> Date: Wed, 26 Nov 2003 08:56:40 -0600
>
> Ah, maybe I misunderstood what you were trying to do. That still sounds
> pretty basic and still may not need _javascript_.
>
> One way that you might do it is in the top frame, each link goes to the
same
> page in the bottom frame and just passes the link information as a url
> variable. So pass from the top frame something like:
> changes
>
> Then on the bottom frame, just grab the url.item variable passed to it,
add
> it to a list or array or whatever you need of url variables that you've
> passed, probably storing them in the session scope. Then output whatever
is
> in that list.
>
> -Kevin
>
> - Original Message - 
> From: "Bushy" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, November 26, 2003 8:25 AM
> Subject: Re: Can this be done??
>
> > --Original Message Text---
> > From: Kevin Graeme
> > Date: Wed, 26 Nov 2003 08:20:45 -0600
> >
> > Actually, depending on how he's doing things _javascript_ might not be
> > feasible. If the file/folder listing view is a ftp window in the frame,
> then
> > he probably won't be able to use _javascript_.
> >
> > The directory/file listing is created using 
> >
> > If it's a cf/html listing of files, then it's easy and doesn't even
really
> > need _javascript_. Just use the target attribute in the  for each
> link
> > and point it to the other frame.
> >
> > OK...but how can I "concatenate" the listings?
> >
> > -Kevin
> >
> > - Original Message - 
> > From: <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Wednesday, November 26, 2003 8:13 AM
> > Subject: RE: Can this be done??
> >
> > > http://developer.irt.org/script/script.htm
    ... the _javascript_
> > > FAQ's learned most of my js there many moons ago...  don't know
how
> > > up to date it is but certainly give you examples of things that you
> > > could use to achieve what you want
> > >
> > >
> > > -Original Message-
> > > From: Bushy [mailto:[EMAIL PROTECTED]
> > > Sent: 26 November 2003 14:02
> > > To: CF-Talk
> > > Subject: RE: Can this be done??
> > >
> > >
> > > Do you know where I could find some examples?
> > >
> > > --Original Message Text---
> > > From: Heald, Tim
> > > Date: Wed, 26 Nov 2003 08:56:10 -0500
> > >
> > > _javascript_.
> > >
> > >
> > >
> > > -Original Message-
> > > From: Bushy [mailto:[EMAIL PROTECTED]
> > > Sent: Wednesday, November 26, 2003 8:56 AM
> > > To: CF-Talk
> > > Subject: re: Can this be done??
> > >
> > > Hi,
> > >
> > > I have a frame split in half (topframe & bottomframe).
> > >
> > > I the top frame I'm listing directories/files which have links to
them.
> > > Beside each directory/file is an image that when clicked I want to
send
> > > the link information to the bottom frame as  the path. Each time a
link
> > > is clicked the bottom frame would get updated with a new entry.
> > >
> > > For example (+ is directory, - is files):
> > >
> > > Top frame listing
> > > -
> > >
> > > Directory Listing:
> > >
> > > + changes
> > > + delivery
> > > + late
> > > + schedule
> > > - data.txt
> > > - test.txt
> > > - mywork.txt
> > >
> > > So if a user click on a the directory "changes" link the file path and
> > > name are passed to the bottom frame. user then click on the directory
> > > "late" and then filename "test.txt"
> > >
> > > Bottom frame:
> > > -
> > >
> > > changes
> > > late
> > > test.txt
> > >
> > > How could this be done?
> > >
> >
> 
  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Can this be done??

2003-11-26 Thread Heald, Tim 
You could store the info in a session variable and then append the new value
to it.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Bushy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 10:21 AM
To: CF-Talk
Subject: Re: Can this be done??

Cool.

I got it to work using the URL variable.

How can I keep adding or concatenate each selection to the URL.item variable
I'm displaying in the bottomframe to a list or array?

--Original Message Text---
From: Kevin Graeme
Date: Wed, 26 Nov 2003 08:56:40 -0600

Ah, maybe I misunderstood what you were trying to do. That still sounds
pretty basic and still may not need _javascript_.

One way that you might do it is in the top frame, each link goes to the same
page in the bottom frame and just passes the link information as a url
variable. So pass from the top frame something like:
changes

Then on the bottom frame, just grab the url.item variable passed to it, add
it to a list or array or whatever you need of url variables that you've
passed, probably storing them in the session scope. Then output whatever is
in that list.

-Kevin

- Original Message - 
From: "Bushy" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, November 26, 2003 8:25 AM
Subject: Re: Can this be done??

> --Original Message Text---
> From: Kevin Graeme
> Date: Wed, 26 Nov 2003 08:20:45 -0600
>
> Actually, depending on how he's doing things _javascript_ might not be
> feasible. If the file/folder listing view is a ftp window in the frame,
then
> he probably won't be able to use _javascript_.
>
> The directory/file listing is created using 
>
> If it's a cf/html listing of files, then it's easy and doesn't even really
> need _javascript_. Just use the target attribute in the  for each
link
> and point it to the other frame.
>
> OK...but how can I "concatenate" the listings?
>
> -Kevin
>
> - Original Message - 
> From: <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, November 26, 2003 8:13 AM
> Subject: RE: Can this be done??
>
> > http://developer.irt.org/script/script.htm
    ... the _javascript_
> > FAQ's learned most of my js there many moons ago...  don't know how
> > up to date it is but certainly give you examples of things that you
> > could use to achieve what you want
> >
> >
> > -Original Message-
> > From: Bushy [mailto:[EMAIL PROTECTED]
> > Sent: 26 November 2003 14:02
> > To: CF-Talk
> > Subject: RE: Can this be done??
> >
> >
> > Do you know where I could find some examples?
> >
> > --Original Message Text---
> > From: Heald, Tim
> > Date: Wed, 26 Nov 2003 08:56:10 -0500
> >
> > _javascript_.
> >
> >
> >
> > -Original Message-
> > From: Bushy [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, November 26, 2003 8:56 AM
> > To: CF-Talk
> > Subject: re: Can this be done??
> >
> > Hi,
> >
> > I have a frame split in half (topframe & bottomframe).
> >
> > I the top frame I'm listing directories/files which have links to them.
> > Beside each directory/file is an image that when clicked I want to send
> > the link information to the bottom frame as  the path. Each time a link
> > is clicked the bottom frame would get updated with a new entry.
> >
> > For example (+ is directory, - is files):
> >
> > Top frame listing
> > -
> >
> > Directory Listing:
> >
> > + changes
> > + delivery
> > + late
> > + schedule
> > - data.txt
> > - test.txt
> > - mywork.txt
> >
> > So if a user click on a the directory "changes" link the file path and
> > name are passed to the bottom frame. user then click on the directory
> > "late" and then filename "test.txt"
> >
> > Bottom frame:
> > -
> >
> > changes
> > late
> > test.txt
> >
> > How could this be done?
> >
> 
  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Can this be done??

2003-11-26 Thread Heald, Tim 
http://www.w3schools.com/js/js_frames.asp
 

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Bushy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 9:04 AM
To: CF-Talk
Subject: RE: Can this be done??

Do you know where I could find some examples?

--Original Message Text---
From: Heald, Tim
Date: Wed, 26 Nov 2003 08:56:10 -0500

_javascript_.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Bushy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 8:56 AM
To: CF-Talk
Subject: re: Can this be done??

Hi,

I have a frame split in half (topframe & bottomframe).

I the top frame I'm listing directories/files which have links to them.
Beside each directory/file is an image that when clicked I want to send the
link information to the bottom frame as  the path.
Each time a link is clicked the bottom frame would get updated with a new
entry.

For example (+ is directory, - is files):

Top frame listing
-

Directory Listing:

+ changes
+ delivery
+ late
+ schedule
- data.txt
- test.txt
- mywork.txt

So if a user click on a the directory "changes" link the file path and name
are passed to the bottom frame. user then click on the directory "late" and
then filename "test.txt"

Bottom frame:
-

changes
late
test.txt

How could this be done?

  _  

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Can this be done??

2003-11-26 Thread Heald, Tim 
_javascript_.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Bushy [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2003 8:56 AM
To: CF-Talk
Subject: re: Can this be done??

Hi,

I have a frame split in half (topframe & bottomframe).

I the top frame I'm listing directories/files which have links to them.
Beside each directory/file is an image that when clicked I want to send the
link information to the bottom frame as  the path.
Each time a link is clicked the bottom frame would get updated with a new
entry.

For example (+ is directory, - is files):

Top frame listing
-

Directory Listing:

+ changes
+ delivery
+ late
+ schedule
- data.txt
- test.txt
- mywork.txt

So if a user click on a the directory "changes" link the file path and name
are passed to the bottom frame. user then click on the directory "late" and
then filename "test.txt"

Bottom frame:
-

changes
late
test.txt

How could this be done?


  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: in cfscript???

2003-11-18 Thread Heald, Tim 
You use the arguments array's length to determine how many arguments you
have.  When writing functions in CF script the arguments have to be in
order, first the required attributes, and then the optional ones, so
something like this:

 
function checkName(cFirstName){
    if(arrayLen(arguments) gt 1){
cLastName = arguments[2]
    }

 
}

 
This allows you to have an optional argument of cLastName.  It might not be
exact but it should be pretty close.

 
That what you mean?

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: BOUDOT Christian [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 9:10 AM
To: CF-Talk
Subject:  in cfscript???

Hi Folks,

Is there any equivalence for the required attribute when the function is
written with ?






function fctFoo(sFoo){

}


thx
Chris 
  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Cold Fusion MX - Looping over application Structure

2003-11-14 Thread Heald, Tim 
You do still need to lock shared scope variables that would have a risk of
race conditions.  Why you don't run into problems with that on CF 4.5 is
beyond me, but a simple cflock should fix it right up.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Reuter, Jason D (James Tower) [mailto:[EMAIL PROTECTED]
Sent: Friday, November 14, 2003 5:35 PM
To: CF-Talk
Subject: Cold Fusion MX - Looping over application Structure

Background:
I have been working with my QA group comparing performance running in a Cold
Fusion 4.5 environment verses a Cold Fusion MX environment.  The load test
of the application in CF 4.5 went through without a problem.  However, when
the application was migrated to CF MX 6.1, QA found that the sites started
to become unstable and strange errors occurred.  I have been able to isolate
the cause down to a specific discrepancy between how CF 4.5 handles looping
over an application structure verses CF MX.

Code Summary:
The page basically caches a query results by assigning it to an application
structure.  After assigning the application structure to a local variable
(qGetItems), the structure is looped over and the field is outputted to the
screen.

The results work great until two requests run the page at the exact same
time.  What appears to be happening is in Cold Fusion MX, the application
scope assigns a single Iterator across the application structure that is
shared to everyone.  So in the case of two requests hitting the loop at the
same time, the two (or more) simultaneous requesters only get a partial
results set.  Example, Requester A and Requester B hit the page that returns
a total of 300 records to the screen.  They hit the page at the same time
and Requester A sees 200 records and Requester B sees 100 records.  Other
times, all records are returned, but not in the correct sequence.

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Comparing Values

2003-11-12 Thread Heald, Tim 
Use valueList() to get a comma delimited list from the c=id column of the
first query then use IN in the second query  

 
sorta like this:

 


 

    select columns
    from table
    where table.idField in (#valueList)


 
Should head you down towards a quicker solution.   The other idea would be
to alias the table against itself and do a join against itself something
like:

 

    select t.columns, ta.columns
    from table t, table ta
    where t.this = ta.this
OR
    where t.this != ta.this


 
Without knowing the table and the desired result though I am not sure if
this is what your looking for at all.

 
HTH

 
Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: brob [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 12, 2003 7:13 PM
To: CF-Talk
Subject: Comparing Values

Hey guys.  I have a query that selects about 2,000 rows (by project id) from
a table.  Then I use those values to compare with the same table using
another query (but from a different project ID.  Any numbers that aren't the
same are appended to a variable named error_list.  I'm basically using a
CLOOP query using the first query to loop over the second query.  So it's
basically like #firstquery.recordcount# loops and checking each value.  

pseudo code




SELECT name
from images
where project_id = #url.id# AND name = #name#



 




#error_list#

Right now, it takes like minutes to get results!  Even if there's only 1
value in the list!  Is there a better way to do what I am doing?  Or some
way to make it faster?  Cos this is slow!  Thankie! 
  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Task Scheduler Issues Yet Again

2003-10-31 Thread Heald, Tim 
I am in the neo-cron.xml file and everything looks ok.  This is super weird.
Is it cached/compiled?  Should I empty out the compiled files?  bah.

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Heald, Tim 
Sent: Friday, October 31, 2003 9:17 AM
To: CF-Talk
Subject: Task Scheduler Issues Yet Again

I have 2 tasks that run daily at 9:00 and 9:15.  Each delivers several
thousand emails with a daily news items.  Really basic stuff.  

Since daylight savings they have been all hosed up.  At first they were
being sent out at the wrong time.  I deleted and then recreated them, now
one goes out at the wrong time, and I get at least one other send late on at
the right time.  Sometimes it has sent the email as many as three times.

Has anyone run into anything like this?  Has a command line method of
executing cf templates like we were able to do pre MX been figured out yet
so  I can just use another scheduler?

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958. 

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Task Scheduler Issues Yet Again

2003-10-31 Thread Heald, Tim 
I have 2 tasks that run daily at 9:00 and 9:15.  Each delivers several
thousand emails with a daily news items.  Really basic stuff.  

 
Since daylight savings they have been all hosed up.  At first they were
being sent out at the wrong time.  I deleted and then recreated them, now
one goes out at the wrong time, and I get at least one other send late on at
the right time.  Sometimes it has sent the email as many as three times.

 
Has anyone run into anything like this?  Has a command line method of
executing cf templates like we were able to do pre MX been figured out yet
so  I can just use another scheduler?

Timothy Heald 
Web Portfolio Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958. 


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: OT multiple submits and the ENTER key

2003-10-29 Thread Heald, Tim 
If you don't have a submit button then hitting enter doesn't work. 

Tim

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Mosh Teitelbaum [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 4:26 PM
To: CF-Talk
Subject: RE: OT multiple submits and the ENTER key

But that doesn't stop anyone from hitting enter to submit the form.  And it
means that JS is required to submit a simple form.

--
Mosh Teitelbaum
evoch, LLC
Tel: (301) 942-5378
Fax: (301) 933-3651
Email: [EMAIL PROTECTED]
WWW: http://www.evoch.com/  

-Original Message-
From: Tangorre, Michael [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 2:49 PM
To: CF-Talk
Subject: RE: OT multiple submits and the ENTER key

I would make the buttons type "button" and not reset or submit.
Then make three functions..

function checkKeyPressed(e){
    if(e == 13)
return false;
    else
return mySubmit(); OR whatever function...
}

function mySubmit(){

}

function myReset(){

}

function myCancel(){

}

-Original Message-
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 2:44 PM
To: CF-Talk
Subject: RE: OT multiple submits and the ENTER key

No, if you hit the "Enter" key on your key board it will submit the form at
any point.  That is what I would like to control.

--
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA

-Original Message-
From: cfhelp [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 10:07 AM
To: CF-Talk
Subject: RE: OT multiple submits and the ENTER key

Use Tab orders. Then they would have to TAB to the Enter or Reset key.

Rick

  _

From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 29, 2003 11:33 AM
To: CF-Talk

I am planning a form that will have CANCEL, SUBMIT and RESET buttons.  What
I would like to know is there anyway to control which of these is activated
with the enter key?  We would like the CANCEL button to be the default
action if the enter key is pressed, can this be done?

--
Ian Skinner
Web Programmer
BloodSource
www.BloodSource.org
Sacramento, CA

Confidentiality Notice:  This message including any
attachments is for the sole use of the intended
recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the
intended recipient, please contact the sender and
delete any copies of this message.

  _

   _

  _

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: How can it be done ?

2003-10-28 Thread Heald, Tim 
What about adding the userid as part of the file name that they download?

Timothy Heald 
Information Systems Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Chris [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 10:33 AM
To: CF-Talk
Subject: Re: How can it be done ?

Thanks Ricky,

I think that writing to the registry will be the best solution for this.
  - Original Message - 
  From: Ricky Fritzsching 
  To: CF-Talk 
  Sent: Tuesday, October 28, 2003 4:27 PM
  Subject: RE: How can it be done ?

  I do agree with Neil, but another option before CFMX would be to write
  the information into the registry
  by using the cfregistry tag. Just another option for you.

    _  

  From: Robertson-Ravo, Neil (RX)
  [mailto:[EMAIL PROTECTED] 
  Sent: Tuesday, October 28, 2003 9:09 AM
  To: CF-Talk

  hmmmtricky especially since there is a reboot...if cookies are a no
  go,
  then I am not sure how you will keep state etc? you could write a
  file
  with the userid to the hard drive (as you are allowing a download).
  but
  even that will require a user to accept the download.

    _  

  From: Chris [mailto:[EMAIL PROTECTED] 
  Sent: 28 October 2003 14:52
  To: CF-Talk
  Subject: How can it be done ?

  Good afternoon everyone,

  I have a small quetion, may be one of you skilled guys can help me out.

  I have a login page, when the users logs in an ID is pulled from a
  database
  with CFQUERY.
  After logging in, a download is started, which will install additional
  software on the users computer.

  Important is that the ID can be reused after the download, so I must
  find a
  way to remember that ID somewhere
  or pass it with the download.

  Cookies are out of the question.

  Users have complete control over their browser settings, and I know that
  some have cookies out, other users are behind a firewall which will not
  allow ActiveX.

  Anyone has any ideas ?

  Thanks,

  Chris
  Germany. 
    _  

    _  

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Scheduled Tasks executing at wrong time

2003-10-28 Thread Heald, Tim 
Hey kids,

Anyone know of scheduled task problems caused by daylights savings time?
The server clock set it self correctly but my tasks are still running an
hour early.  Not sure what to do. Has anyone run into this before?  I
recreated the tasks and they are still running to soon.

Weird.  Guess I could just set them for an hour later.

Timothy Heald
Information Systems Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Top n in Oracle

2003-10-15 Thread Heald, Tim 
Thanks everyone who helped with this.

Timothy Heald 
Information Systems Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Deanna Schneider [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 9:38 AM
To: CF-Talk
Subject: Re: Top n in Oracle

SELECT * FROM
( SELECT *
FROM foo
WHERE goo = 'koo'
ORDER BY gooey
)
WHERE rownum < 101

- Original Message - 
From: "Heald, Tim" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, October 15, 2003 6:39 AM
Subject: Top n in Oracle

> I need to pull Top n (lets say three) from an oracle 8i db.  Now SQL
Server
> makes this really easy to do.  How would I go about doing it in Oracle?  I
> have tried sub selects and rownum and stuff, but the order gets al hosed
up
> if I use those.  Basically I need them ordered by date desc.
>
> Any help would be appreciated.
>
> Timothy Heald
> Information Systems Manager
> Overseas Security Advisory Council
> U.S. Department of State
> 571.345.2319
>
> The opinions expressed here do not necessarily reflect those of the U.S.
> Department of State or any affiliated organization(s).  Nor have these
> opinions been approved or sanctioned by these organizations. This e-mail
is
> unclassified based on the definitions in E.O. 12958.
>
>
>
>
> 
  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Top n in Oracle

2003-10-15 Thread Heald, Tim 
Yeah.  it just randomly grabs the rows, ignoring my order by date_created
desc

Timothy Heald 
Information Systems Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Murat Demirci [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 8:36 AM
To: CF-Talk
Subject: RE: Top n in Oracle

did you try "... where rownum <= 3 ... " ?

-Original Message-
From: Heald, Tim [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, October 15, 2003 3:27 PM
To: CF-Talk
Subject: RE: Top n in Oracle

The table has something like 250,000 records.  The performance would make
that impossible.

Timothy Heald 
Information Systems Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 8:24 AM
To: CF-Talk
Subject: Re: Top n in Oracle

On Wednesday 15 Oct 2003 12:39 pm, Heald, Tim wrote:
> I need to pull Top n (lets say three) from an oracle 8i db.  Now SQL
Server
> makes this really easy to do.  How would I go about doing it in Oracle?  I
> have tried sub selects and rownum and stuff, but the order gets al hosed
up
> if I use those.  Basically I need them ordered by date desc.

Do that, then only print the first three rows - you can access your query as
a 
structure remember !

-- 
Tom Chiverton 
Advanced ColdFusion Programmer

Tel: +44(0)1749 834997
email: [EMAIL PROTECTED]
BlueFinger Limited
Underwood Business Park
Wookey Hole Road, WELLS. BA5 1AF
Tel: +44 (0)1749 834900
Fax: +44 (0)1749 834901
web: www.bluefinger.com
Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple
Quay, BRISTOL. BS1 6EG.
*** This E-mail contains confidential information for the addressee
only. If you are not the intended recipient, please notify us
immediately. You should not use, disclose, distribute or copy this
communication if received in error. No binding contract will result from
this e-mail until such time as a written document is signed on behalf of
the company. BlueFinger Limited cannot accept responsibility for the
completeness or accuracy of this message as it has been transmitted over
public networks.***

  _  

  _  

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: Top n in Oracle

2003-10-15 Thread Heald, Tim 
The table has something like 250,000 records.  The performance would make
that impossible.

Timothy Heald 
Information Systems Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.

-Original Message-
From: Thomas Chiverton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 15, 2003 8:24 AM
To: CF-Talk
Subject: Re: Top n in Oracle

On Wednesday 15 Oct 2003 12:39 pm, Heald, Tim wrote:
> I need to pull Top n (lets say three) from an oracle 8i db.  Now SQL
Server
> makes this really easy to do.  How would I go about doing it in Oracle?  I
> have tried sub selects and rownum and stuff, but the order gets al hosed
up
> if I use those.  Basically I need them ordered by date desc.

Do that, then only print the first three rows - you can access your query as
a 
structure remember !

-- 
Tom Chiverton 
Advanced ColdFusion Programmer

Tel: +44(0)1749 834997
email: [EMAIL PROTECTED]
BlueFinger Limited
Underwood Business Park
Wookey Hole Road, WELLS. BA5 1AF
Tel: +44 (0)1749 834900
Fax: +44 (0)1749 834901
web: www.bluefinger.com
Company Reg No: 4209395 Registered Office: 2 Temple Back East, Temple
Quay, BRISTOL. BS1 6EG.
*** This E-mail contains confidential information for the addressee
only. If you are not the intended recipient, please notify us
immediately. You should not use, disclose, distribute or copy this
communication if received in error. No binding contract will result from
this e-mail until such time as a written document is signed on behalf of
the company. BlueFinger Limited cannot accept responsibility for the
completeness or accuracy of this message as it has been transmitted over
public networks.***

  _  


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

Top n in Oracle

2003-10-15 Thread Heald, Tim 
I need to pull Top n (lets say three) from an oracle 8i db.  Now SQL Server
makes this really easy to do.  How would I go about doing it in Oracle?  I
have tried sub selects and rownum and stuff, but the order gets al hosed up
if I use those.  Basically I need them ordered by date desc.

 
Any help would be appreciated.

Timothy Heald 
Information Systems Manager 
Overseas Security Advisory Council 
U.S. Department of State 
571.345.2319 

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.


 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]

RE: (Admin) List upgrades

2003-09-15 Thread Heald, Tim 
The Fusebox lists on Topica used to.  They no longer exist though.

Timothy Heald
Information Systems Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.


-Original Message-
From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED]
Sent: Monday, September 15, 2003 3:04 PM
To: CF-Talk
Subject: RE: (Admin) List upgrades


Use some elementary math and multiply that by 100-1000.

It _is_ a big deal.

Can anyone direct me to an email list that uses HTML over text?

Adam Wayne Lehman
Web Systems Developer
Johns Hopkins Bloomberg School of Public Health
Distance Education Division


-Original Message-
From: Claude Schneegans [mailto:[EMAIL PROTECTED] 
Sent: Monday, September 15, 2003 2:02 PM
To: CF-Talk
Subject: Re: (Admin) List upgrades

>>Currently outlook takes about 5-10 minutes to download and sort them
all

So with HTML it will take from 15 to 30 more seconds ? Not a big deal.




~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

RE: CFTry/CFCatch

2003-09-11 Thread Heald, Tim 
Custom tag?

Timothy Heald
Information Systems Manager
Overseas Security Advisory Council
U.S. Department of State
571.345.2319

The opinions expressed here do not necessarily reflect those of the U.S.
Department of State or any affiliated organization(s).  Nor have these
opinions been approved or sanctioned by these organizations. This e-mail is
unclassified based on the definitions in E.O. 12958.


-Original Message-
From: Dave Sueltenfuss [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 11, 2003 1:34 PM
To: CF-Talk
Subject: CFTry/CFCatch


Good Afternoon

Is it at all possible to put CFTry/CFCatch into a page by using two
include statements? (one at the top, and one at the bottom) I am trying
to setup better error handling on my site, but do not want to have to
put the full code in each page, just include it. This way, If I need to
add something to it, I can just change it in one spot

Any help is appreciated

Thanks

Dave Sueltenfuss 
Application Developer 
Certified ColdFusion MX Developer 
Arch Wireless 
Phone: 508-870-6711 
Fax: 508-836-2760
Email: [EMAIL PROTECTED] 



~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

RE: decrypt() not working on CF5

2003-09-09 Thread Heald, Tim 
Start by not using encrypt and decrypt.  Instead use cfusion_encrypt() and
cfusion_decrypt().  Much better functions.  The results are pure
alphanumeric.  

Weird that this shouldn't work though.  What error is CF 5 throwing?  Or is
it decrypting incorrectly?  Is the encrypted value the same on both CF 5 and
MX?

Tim


-Original Message-
From: McNamara Kyle W CONT PORT [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 09, 2003 12:18 PM
To: CF-Talk
Subject: decrypt() not working on CF5


Help! this thing (see code below) works fine on MX but not on CF5... the
only way to get it towork in CF5 is to encrypt and decrypt in the same
request.

Can anyone suggest a workaround? we need this to work for our transition to
MX.

Thank you!

Kyle

 






The string: #string# 
The key: #key#
Encrypted: #encrypted#
Decrypted: #decrypted#



~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Get the mailserver that powers this list at 
http://www.coolfusion.com

RE: DWMX 2004 - Whats new for us?

2003-08-28 Thread Heald, Tim 
Also when talking about how much of the market share CF has, you have to
look at the installed base, which I know is huge.  I mean hell, how many
4.5.1 installs do you think are still floating around out there.  I know we
have several.

Declining sales != declining market share

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 3:36 PM
To: CF-Talk
Subject: Re: DWMX 2004 - Whats new for us?


Hey Matt L.

So your assumption about the CF marketshare is based on declining revenue
from CF MX at MM??

Is it not possible that CFs usage could have grown and the decline in CF MX
revenue is simply because it was not readily adopted by ALOT of developers
and ISPs because of the array of instability issues and just general
buggines before 6.1 was released?

Just a thought

Cheers

Bryan Stevenson B.Comm.
VP & Director of E-Commerce Development
Electric Edge Systems Group Inc.
t. 250.920.8830
e. [EMAIL PROTECTED]

-
Macromedia Associate Partner
www.macromedia.com
-
Vancouver Island ColdFusion Users Group
Founder & Director
www.cfug-vancouverisland.com
- Original Message -
From: "Matt Liotta" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, August 28, 2003 12:08 PM
Subject: Re: DWMX 2004 - Whats new for us?


> Was your email a response to my message? If it is, apparently I
> miscommunicated what I was trying to point. So, just to be clear, I am
> suggesting that DW will focus on other languages besides CF since CF is
> a declining market.
>
> -Matt
>
> On Thursday, August 28, 2003, at 02:47 PM, Joshua Miller wrote:
>
> > Frankly, I don't care if MM focuses DW entirely on the COBOL market ...
> > It's NOT CF, it's an IDE and a crappy one at that. It's an excellent
> > visual tool for building websites, but it's not so hot at being a
> > "programmer's IDE". It has potential as an IDE, but I personally can't
> > stand it. And yes, I used it for a month and still feel the same.
> >
> > Aside from that, how can you expect MM to drop everyone else just
> > because they own CF now? I'd prefer them to keep making money so they
> > can keep developing CF. They have to compete with the other offerings
> > out there - GoLive, FrontPage, VisualStudio, etc. You run a business
> > right? Would you drop all your old customers across several markets
> > because you got some new ones in one small market who screamed a lot?
> >
> > There's no reason to turn DWMX into a CF-only tool - how many people
> > out
> > there ONLY write CF? How successful do you think Macromedia would be if
> > they applied that kind of myopic principal to all of their products?
> >
> > Joshua Miller
> > Head Programmer / IT Manager
> > Garrison Enterprises Inc.
> > www.garrisonenterprises.net
> > [EMAIL PROTECTED]
> > (704) 569-0801 ext. 254
> >
> > ***
> > *
> > *
> > Any views expressed in this message are those of the individual sender,
> > except where the sender states them to be the views of
> > Garrison Enterprises Inc.
> >
> > This e-mail is intended only for the individual or entity to which it
> > is
> > addressed and contains information that is private and confidential. If
> > you are not the intended recipient you are hereby notified that any
> > dissemination, distribution or copying is strictly prohibited. If you
> > have received this e-mail in error please delete it immediately and
> > advise us by return e-mail to [EMAIL PROTECTED]
> > ***
> > *
> > *
> >
> >
> > -Original Message-
> > From: Matt Liotta [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 28, 2003 1:48 PM
> > To: CF-Talk
> > Subject: Re: DWMX 2004 - Whats new for us?
> >
> >
> >> Granted, I pretty much stopped using DW when MX rolled out, but lots
> >> of people love it. You can't expect MM to stop schmoozing it's
> >> pre-existing customer base and ONLY focus on CF. Seriously now, you
> >> don't want all those ASP and PHP folks spending their money somewhere
> >> else - the beauty
> >> of it is that all of those people who buy DW and use it to code PHP
> > and
> >> ASP are contributing to the future of MM and CF with their funds.
> >>
> > I disagree with the above statement. The market for ASP and PHP is
> > growing, while the CF market is shrinking. Certainly, there is reason
> > right now for Macromedia to support ASP, PHP, and CF, but at what point
> > does the size of each respective market force MM to focus DW on only
> > the largest markets, namely ASP and PHP?
> >
> > Matt Liotta
> > President & CEO
> > Montara Software, Inc.
> > http://www.MontaraSoftware.com
> > (888) 408-0900 x901
> >
> >

RE: DWMX 2004 - Whats new for us?

2003-08-28 Thread Heald, Tim 
You mean aside from the licenses we just bought?

Tim


-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 3:27 PM
To: CF-Talk
Subject: Re: DWMX 2004 - Whats new for us?


> In government the CF market is growing, at least here at state.  I 
> know the
> market in general in D.C. for CF developers with a security clearances 
> is
> awesome.
>
Do you have any evidence to support the statement that CF's market 
sharing is growing in the government sector?

Matt Liotta
President & CEO
Montara Software, Inc.
http://www.MontaraSoftware.com
(888) 408-0900 x901



~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

RE: DWMX 2004 - Whats new for us?

2003-08-28 Thread Heald, Tim 
In government the CF market is growing, at least here at state.  I know the
market in general in D.C. for CF developers with a security clearances is
awesome.

Tim


-Original Message-
From: Matt Liotta [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2003 2:18 PM
To: CF-Talk
Subject: Re: DWMX 2004 - Whats new for us?


> Granted, I pretty much stopped using DW when MX rolled out, but lots of
> people love it. You can't expect MM to stop schmoozing it's 
> pre-existing
> customer base and ONLY focus on CF. Seriously now, you don't want all
> those ASP and PHP folks spending their money somewhere else - the 
> beauty
> of it is that all of those people who buy DW and use it to code PHP and
> ASP are contributing to the future of MM and CF with their funds.
>
I disagree with the above statement. The market for ASP and PHP is 
growing, while the CF market is shrinking. Certainly, there is reason 
right now for Macromedia to support ASP, PHP, and CF, but at what point 
does the size of each respective market force MM to focus DW on only 
the largest markets, namely ASP and PHP?

Matt Liotta
President & CEO
Montara Software, Inc.
http://www.MontaraSoftware.com
(888) 408-0900 x901



~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

RE: NN6+ document.all

2003-08-22 Thread Heald, Tim 
document.getElementById() instead of document.all

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: John Wilker [mailto:[EMAIL PROTECTED]
Sent: Friday, August 22, 2003 12:38 PM
To: CF-Talk
Subject: SOT: NN6+ document.all 


So I have a little menu that is populated by CF (hence the only sorta OT :)
)
 
in IE it works using document.all.divname but in netscape there is no
document.all
 
the JS bible uses Node.prototype._defineGetter_("all", function() {some
stuff.}
 
Netscapes javascript console says it doesn't recognize _defineGetter_. I
found another example using just something.propname getter= funciton() {}
 
That one seems to bomb out when I get to the line that reads
menu=eval("document.all.d" + n)  saying menu has nothing in it.
 
Any thoughts? I can cut and paste code if anyone wants to see all that.
 
John Wilker
Software Engineer, Technical Writer
Sequent Technologies.
 


~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

J2EE CFMX install error

2003-08-20 Thread Heald, Tim 
When we get the point where we should be brought to the administrator, after
the install, we get an error:

No such role cfadmin84f49b8e2fd010bc479ba763218432c4

anyone see this before?

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235

~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Get the mailserver that powers this list at 
http://www.coolfusion.com

RE: ambiguous

2003-08-18 Thread Heald, Tim 
Prefix it with the table name of the one you really want. Probably want to
alias it as well.

myTable.customerID as thisCustomerID

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Robert Orlini [mailto:[EMAIL PROTECTED]
Sent: Monday, August 18, 2003 12:55 PM
To: CF-Talk
Subject: ambiguous


I get a How do I fix this SQL error please?

ODBC Error Code = 37000 (Syntax error or access violation)
[Microsoft][ODBC SQL Server Driver][SQL Server]Ambiguous column name
'customerid'

Both orders and customers have a customerid column

My statement:


SELECT * FROM bookinfo, orders, customers
Where bookinfo.bookid = orders.bookid 

Thanks!

Robert O
HWW

~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

RE: TEST - Please reply *at least once

2003-08-15 Thread Heald, Tim 
Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Clint [mailto:[EMAIL PROTECTED]
Sent: Friday, August 15, 2003 4:37 PM
To: CF-Talk
Subject: Re: TEST - Please reply *at least once


got it ;)

- Original Message - 
From: "B G" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Thursday, August 14, 2003 3:00 PM
Subject: TEST - Please reply *at least once


> Sorry to do this to you all, but I haven't seen any of my messages or
> responses in the last few days.
>
> Thanks!
>
> _
> Tired of spam? Get advanced junk mail protection with MSN 8.
> http://join.msn.com/?page=features/junkmail
>
> 

~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Oracle Application Server and CF 6.1

2003-08-14 Thread Heald, Tim 
Anyone done this before?

Pointers?

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235

~|
Archives: http://www.houseoffusion.com/lists.cfm?link=t:4
Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

RE: RE: re: Mach-II

2003-07-31 Thread Heald, Tim 
nono it's like building a house silly.

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 3:07 AM
To: CF-Talk
Subject: Re: RE: re: Mach-II


Sheesh... what's next?  Probably some guy somewhere saying something silly
like "cooking is a lot like programming".

U... nevermind.

-Novak

;-)


- Original Message - 
From: "Hal Helms" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2003 3:35 PM
Subject: RE: RE: re: Mach-II


> Yeah, yeah, I've heard of this "Fusebox" framework. I've even used it
> once or twice. I just don't get what the big deal is, though. Sure it
> helps you separate logic and presentation, it helps teams work together,
> it provides encapsulation, etc, etc. But is that really sufficient
> grounds for liking something - that it helps people? What's next? Shall
> we adopt something simply because it works? Where would great
> corporations like Microsoft or Oracle be if they adopted that attitude?
>
> You sound too much like that guy in CFDJ who sounds like freakin' Oprah
> with his talk about "empowering people" and "supporting developers".
> Give me something manlier than that! And as for documentation, which you
> note as a strength of Fusebox, well, all I can do is quote a greater man
> than I who said: "It was hard to write. It should be hard to
> understand."
>
> Hal Helms
> "Java for CF Programmers" class
> in Las Vegas, August 18-22
> www.halhelms.com
>
> -Original Message-
> From: Angus McFee [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 30, 2003 5:09 PM
> To: CF-Talk
> Subject: RE: RE: re: Mach-II
>
>
> Matt -
>
> Good to hear from a fellow fuseboxer!
>
> No, this isn't a joke, this guy clearly has a problem with what fusebox
> has become and has made this other framework that clearly doesn't do
> most of what Fusebox is capable of. I don' t think him having helped
> make fusebox or having been in a few books makes a huge difference. My
> dog has been in a few books, that doesn't mean he don't hate cats.
>
> But this really sounds like he is dissing fusebox. "Mach-II, though, is
> meant to be a pure OO framework. Fusebox and Mach-II have in common some
> good software engineering principles, but are very different things. I'm
> really referring to (a) backwards compatibility and (b) cross-language
> compatibility."
>
> These things aren't new and they don't do something you can't do with
> fusebox already. Fusebox already works in ColdFusion, PHP, ASP, JSP and
> Perl, and I have even seen a TCL port for the framework. In PHP, you can
> do all the object oriented programming you want, so I don't see why
> there would be a need for this "mach-ii" except to take away from
> fusebox.
>
> This guy is just one of the ones who is never going to get what it is
> all about.
>
> Angus McFee
>
> -Original Message-
> From: Matt Liotta [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 30, 2003 4:37 PM
> To: CF-Talk
> Subject: Re: Mach-II
>
> This is a joke right?
> -Matt
> On Wednesday, July 30, 2003, at 04:08 PM, Angus McFee wrote:
> > Hal -
> >
> > I've heard from plenty of people looking for a way to beat up on
> > Fusebox, but usually they have nothing to say when it comes to
> > building a better framework. This is the first time in a long time
> > anyone has suggested an alternative approach, and I really don't see
> > how any of this benefits developers. This mach-ii stuff looks like
> > just another petty attack on Fusebox.
> >
> > It's pretty clear we see things differently when it comes to building
> > Web applications. I don't know you, but I can tell you are a pretty
> > intelligent person, so you probably have some good reasons for why you
>
> > don't like or hate fusebox.
> >
> > What I have to ask you is: do you use fusebox? Becuase there are
> > plenty of people who are ready to attack it anytime and don't even
> > know ColdFusion, much less what a framework is. You will probably
> > never be convinced about the benefits of fusebox, all I can do is
> > disagree with you, and point out all the great things fusebox does for
>
> > developers:
> >
> > * it separates business logic from presentation logic, making for more
>
> > organized, efficent code
> > * it gives developers a common set of rules and methods to work from,
> > so that everyone can understand what the other people are doing on a
> > project regardless of the size of a team
> > * it modularizes and encapsulates code, making it easier to reuse and
>
> > thus to maintain
> > * it is self-documenting, containing a complete, inline XML standard
> > for documenting your applications
> > * most importantly, there are thousands and thousands of fusebox
> > developers out there, and more and more shops are choosing to use it
> > every day. it is close to becoming a de-facto standard, which I

RE: RE: re: Mach-II

2003-07-30 Thread Heald, Tim 
Ahhh,

I was wondering when the name of Stan was going to come into this.  Where
has he been anyway?

Rock the House and Horse and stuff :P

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Hamm, Greg [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 6:26 PM
To: CF-Talk
Subject: RE: RE: re: Mach-II


This is the best thread in years,

Now Angus do you know Stan Cox? I think he'll be at the FB conference in
Vegas at the end of August, I'd buy both of you drinks, if I was
going... 

Cheers
Greg

-Original Message-
From: Bryan F. Hogan [mailto:[EMAIL PROTECTED] 
Sent: July 30, 2003 2:27 PM
To: CF-Talk
Subject: RE: RE: re: Mach-II

Wholly crap, and I thought I lived under a rock.

- Original Message -
From: "Angus McFee" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 30, 2003 4:08 PM
Subject: RE: RE: re: Mach-II


> Hal -
>
> I've heard from plenty of people looking for a way to beat up on
Fusebox,
but usually they have nothing to say when it comes to building a better
framework. This is the first time in a long time anyone has suggested an
alternative approach, and I really don't see how any of this benefits
developers. This mach-ii stuff looks like just another petty attack on
Fusebox.
>
> It's pretty clear we see things differently when it comes to building
Web
applications. I don't know you, but I can tell you are a pretty
intelligent
person, so you probably have some good reasons for why you don't like or
hate fusebox.
>
> What I have to ask you is: do you use fusebox? Becuase there are
plenty of
people who are ready to attack it anytime and don't even know
ColdFusion,
much less what a framework is. You will probably never be convinced
about
the benefits of fusebox, all I can do is disagree with you, and point
out
all the great things fusebox does for developers:
>
> * it separates business logic from presentation logic, making for more
organized, efficent code
> * it gives developers a common set of rules and methods to work from,
so
that everyone can understand what the other people are doing on a
project
regardless of the size of a team
> * it modularizes and encapsulates code, making it easier to reuse and
thus
to maintain
> * it is self-documenting, containing a complete, inline XML standard
for
documenting your applications
> * most importantly, there are thousands and thousands of fusebox
developers out there, and more and more shops are choosing to use it
every
day. it is close to becoming a de-facto standard, which I doubt your
mach-ii
'framework' will ever be able to match
>
> Angus McFee
>
>
> -Original Message-
> From: Hal Helms [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 30, 2003 2:16 PM
> To: CF-Talk
> Subject: RE: RE: re: Mach-II
>
> You're right, Dave. We're not looking to be able to incorporate
Fusebox 3
(or 4) with Mach-II. We think that Fusebox is a great framework for
procedural programmers. (Please, God, don't let this degenerate into yet
another pro/con Fusebox debate...)
> Mach-II, though, is meant to be a pure OO framework. Fusebox and
Mach-II
have in common some good software engineering principles, but are very
different things. I'm really referring to (a) backwards compatibility
and
(b) cross-language compatibility.
> Hal Helms
> "Java for CF Programmers" class
> in Las Vegas, August 18-22
> www.halhelms.com
>
>
>
> -
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
>



~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: RE: RE: re: Mach-II

2003-07-30 Thread Heald, Tim 
hehe you people really don't see the troll?

Matt != Fuseboxer;
Hal == FuseboxGhod;
Angus == Troll;


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 6:51 PM
To: CF-Talk
Subject: Re: RE: RE: re: Mach-II


Sigh...

Where did he say anywhere that those benefits are exclusive to fusebox?

Point is, fusebox provides those benefits, not that they're the exclusive
domain of fusebox...


- Original Message -
From: Calvin Ward <[EMAIL PROTECTED]>
Date: Wednesday, July 30, 2003 3:52 pm
Subject: Re: RE: RE: re: Mach-II

> I have to comment on this
> 
> > > * it separates business logic from presentation logic, making for
> > > more organized, efficent code
> 
> Seperating presentation from logic is not limited to, nor requires the
> Fusebox methodology.
> 
> > > * it gives developers a common set of rules and methods to work
> > > from, so that everyone can understand what the other people are
> > > doing on a project regardless of the size of a team
> 
> Common sets of rules and methods are not limited to, nor require 
> the Fusebox
> methodology.
> 
> > > * it modularizes and encapsulates code, making it easier to reuse
> > > and thus to maintain
> 
> Encapsulation is not limited to, nor requires the Fusebox methodology.
> 
> > > * it is self-documenting, containing a complete, inline XML
> > > standard for documenting your applications
> 
> I wouldn't consider that feature of fusebox as self documenting, 
> the inline
> XML is a clever way of organizing comments in code that allows 
> access to
> them in ways other than opening source code. This is not limited 
> to, nor
> requires the Fusebox methodology.
> 
> > > * most importantly, there are thousands and thousands of fusebox
> > > developers out there, and more and more shops are choosing to use
> > > it every day. it is close to becoming a de-facto standard, 
> which I
> > > doubt your mach-ii 'framework' will ever be able to match
> 
> This is the only semi-valid point. I think mach-ii has a lot more 
> promisethan Fusebox for object oriented development. Fusebox was 
> an attempt to
> bring OO into a procedural framework. Successful? Certainly. 
> Effective?Apparently. Overwhelmingly so? I don't think so.
> 
> Any methodology is better than no methodology, and the right 
> methodologydepends on the developer(s), the company, and/or the 
> project.
> Fusebox is not inherently better than all other methodologies, 
> with the
> caveat that it is more widely used than any other methodology for 
> CF, as far
> as the casual observer can see.
> 
> - Calvin
> 
> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: RE: re: Mach-II

2003-07-30 Thread Heald, Tim 
hehe troll.

Silly people.
-Original Message-
From: Angus McFee [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 4:22 PM
To: CF-Talk
Subject: RE: RE: re: Mach-II


Hal - 
 
I've heard from plenty of people looking for a way to beat up on Fusebox,
but usually they have nothing to say when it comes to building a better
framework. This is the first time in a long time anyone has suggested an
alternative approach, and I really don't see how any of this benefits
developers. This mach-ii stuff looks like just another petty attack on
Fusebox.
 
It's pretty clear we see things differently when it comes to building Web
applications. I don't know you, but I can tell you are a pretty intelligent
person, so you probably have some good reasons for why you don't like or
hate fusebox. 
 
What I have to ask you is: do you use fusebox? Becuase there are plenty of
people who are ready to attack it anytime and don't even know ColdFusion,
much less what a framework is. You will probably never be convinced about
the benefits of fusebox, all I can do is disagree with you, and point out
all the great things fusebox does for developers:
 
* it separates business logic from presentation logic, making for more
organized, efficent code 
* it gives developers a common set of rules and methods to work from, so
that everyone can understand what the other people are doing on a project
regardless of the size of a team
* it modularizes and encapsulates code, making it easier to reuse and thus
to maintain
* it is self-documenting, containing a complete, inline XML standard for
documenting your applications
* most importantly, there are thousands and thousands of fusebox developers
out there, and more and more shops are choosing to use it every day. it is
close to becoming a de-facto standard, which I doubt your mach-ii
'framework' will ever be able to match
 
Angus McFee
 
 
-Original Message-
From: Hal Helms [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, July 30, 2003 2:16 PM
To: CF-Talk
Subject: RE: RE: re: Mach-II

You're right, Dave. We're not looking to be able to incorporate Fusebox 3
(or 4) with Mach-II. We think that Fusebox is a great framework for
procedural programmers. (Please, God, don't let this degenerate into yet
another pro/con Fusebox debate...) 
Mach-II, though, is meant to be a pure OO framework. Fusebox and Mach-II
have in common some good software engineering principles, but are very
different things. I'm really referring to (a) backwards compatibility and
(b) cross-language compatibility.
Hal Helms
"Java for CF Programmers" class 
in Las Vegas, August 18-22
www.halhelms.com



-
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: cfobjectcache for cf5?

2003-07-30 Thread Heald, Tim 
structDelete?

Depends on the scope in 5.  Some were structs and some weren't if I remember
correctly.

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Tyler Silcox [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 30, 2003 10:01 AM
To: CF-Talk
Subject: cfobjectcache for cf5?


Is there anyway to programically clear the application/server's cache for
CF5?  I'd like to set up a url to hit to clear out my queries whenever the
client makes an update...TIA->
 
Tyler


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Search engine safe urls

2003-07-28 Thread Heald, Tim 
The two main things I have heard about this are:

1. Make sure to have a base tag in you head

2. Uncheck the "check for files existence" (or something like that) in
Internet Services Manager > Home Directory > Configuration

So far neither of those have fixed my Server Not Found error.  If it's a 404
try both of the above methods.

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2003 4:33 PM
To: CF-Talk
Subject: Search engine safe urls


I've looked high and low and I can't find an answer that works so I'm going
to
ask here. In the release notes for the updater it says as one of the
features
fixed:
Search engine safe URLs of the form *.cfm/* did not work properly, so a URL
such
as http:/server/test.cfm/alpha/beta would not execute test.cfm.

Nice statement but I can't find anything more about SES urls, nothing works
and
every attempt I make to get them to work fails.
Is it limited to a single domain site? Does it need changes to the XML
pages?
Does it only work on IIS? Has anyone gotten this to work? If so, want to
write a
paper on it?
Thanks

Michael Dinowitz
Finding technical solutions to the problems you didn't know you had yet


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

rds error

2003-07-25 Thread Heald, Tim 
I am suddenly getting a 405 error when trying to browse my dev box with CF
Studio 5 RDS.  Anyone seen this?   I checked and the servlet mapping is
still in web.xml, and the path is what the mm site says it should be, only
/cfide/main/ide.cfm doesn't exist.  This is after installing updater 3 a few
days ago.  Any ideas?

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Funky Column Names

2003-07-24 Thread Heald, Tim 
doh, got to read better :(

Sorry man,

Tim


-Original Message-
From: Critz [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 2:20 PM
To: CF-Talk
Subject: Re: Funky Column Names


oi Tim!!

that's not the query though: out_queryTable is the query...

oh well for now this will work Eek!:





t'ain perdy but she's a werkin naw



Thursday, July 24, 2003, 2:03:28 PM, you wrote:

HT> myQuery = SDE.DBO.TMLS_PARCELS;
HT> pin = myQuery.pin;

HT> Timothy Heald
HT> Information Systems Specialist
HT> Overseas Security Advisory Council
HT> U.S. Department of State
HT> 571.345.2235


HT> -Original Message-
HT> From: Critz [mailto:[EMAIL PROTECTED]
HT> Sent: Thursday, July 24, 2003 1:54 PM
HT> To: CF-Talk
HT> Subject: Re: Funky Column Names


HT> oi webguy!!

HT> it's an ArcIMS query... I get what it spits out..




HT> 
HT> Thursday, July 24, 2003, 1:48:04 PM, you wrote:

w>> Can you change the query ?

w>> select SDE.DBO.TMLS_PARCELS.PIN AS pin
w>> FROM table

w>> 

w>> -Original Message-
w>> From: Critz [mailto:[EMAIL PROTECTED]
w>> Sent: 24 July 2003 18:39
w>> To: CF-Talk
w>> Subject: Funky Column Names


w>> oi CF-Talk,!!

w>>   I've got a query that returns a column: SDE.DBO.TMLS_PARCELS.PIN

w>>   and if I attempt valueList(out_queryTable.SDE.DBO.TMLS_PARCELS.PIN)

w>>   I get a nice error.
w>>   Parameter 1 of function ValueList which is now
w>>   "out_queryTable.SDE.DBO.TMLS_PARCELS.PIN" must
w>>   be pointing to a valid query name


w>>   any  ideas  how I can get around this (besides renaming the
HT> column..I
w>> do not have control over
w>>   that..


w>>   Crit


w>> ---
w>> [This E-mail scanned for viruses by Declude Virus]


w>> 

HT> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Funky Column Names

2003-07-24 Thread Heald, Tim 
myQuery = SDE.DBO.TMLS_PARCELS;
pin = myQuery.pin;

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Critz [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 24, 2003 1:54 PM
To: CF-Talk
Subject: Re: Funky Column Names


oi webguy!!

it's an ArcIMS query... I get what it spits out..





Thursday, July 24, 2003, 1:48:04 PM, you wrote:

w> Can you change the query ?

w> select SDE.DBO.TMLS_PARCELS.PIN AS pin
w> FROM table

w> 

w> -Original Message-
w> From: Critz [mailto:[EMAIL PROTECTED]
w> Sent: 24 July 2003 18:39
w> To: CF-Talk
w> Subject: Funky Column Names


w> oi CF-Talk,!!

w>   I've got a query that returns a column: SDE.DBO.TMLS_PARCELS.PIN

w>   and if I attempt valueList(out_queryTable.SDE.DBO.TMLS_PARCELS.PIN)

w>   I get a nice error.
w>   Parameter 1 of function ValueList which is now
w>   "out_queryTable.SDE.DBO.TMLS_PARCELS.PIN" must
w>   be pointing to a valid query name


w>   any  ideas  how I can get around this (besides renaming the
column..I
w> do not have control over
w>   that..


w>   Crit


w> ---
w> [This E-mail scanned for viruses by Declude Virus]


w> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Red sky

2003-07-23 Thread Heald, Tim 
Are you honestly a partner that isn't running some PURCHASED CF server?
Last partner I worked at the software we received was for demonstration and
development, not production.  Unless that changed recently?

I notice your site is in CF.  That would be production yes?

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 11:30 AM
To: CF-Talk
Subject: Re: Red sky


Thanks Tim..but partners don't PAY for software and COULD be considered as
NOT customersthat's why I asked ;-)

Bryan Stevenson B.Comm.
VP & Director of E-Commerce Development
Electric Edge Systems Group Inc.
t. 250.920.8830
e. [EMAIL PROTECTED]

-
Macromedia Associate Partner
www.macromedia.com
-
Vancouver Island ColdFusion Users Group
Founder & Director
www.cfug-vancouverisland.com
- Original Message -
From: "Heald, Tim" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 8:21 AM
Subject: RE: Red sky


> > Red Sky will be free for all existing ColdFusion MX customers and will
> > be released sometime this summer.
>
> Tim
>
>
> -Original Message-
> From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 23, 2003 11:23 AM
> To: CF-Talk
> Subject: Re: Red sky
>
>
> Hey Christian,
>
> Perhaps you know whether or not MM partners will get Red Sky for free as
> well as part of the software we get as partners?
>
> Thanks
>
> Bryan Stevenson B.Comm.
> VP & Director of E-Commerce Development
> Electric Edge Systems Group Inc.
> t. 250.920.8830
> e. [EMAIL PROTECTED]
>
> -
> Macromedia Associate Partner
> www.macromedia.com
> -
> Vancouver Island ColdFusion Users Group
> Founder & Director
> www.cfug-vancouverisland.com
> - Original Message -
> From: "Christian Cantrell" <[EMAIL PROTECTED]>
> To: "CF-Talk" <[EMAIL PROTECTED]>
> Sent: Wednesday, July 23, 2003 8:04 AM
> Subject: Re: Red sky
>
>
> > On Wednesday, July 23, 2003, at 07:53 AM, John McCosker wrote:
> >
> > > What I took from it was there will be an updater 4 for current
> > > versions of
> > > MX,
> > > that have had outstanding bugs and have been fixed during the Red Sky
> > > beta
> > > test,
> > > which I think is leading to the new realease of MX, and updaters for
> > > pre MX.
> >
> > There will not be an Updater 4, or at least we are not planning one
> > anytime soon.  Red Sky is the updater.  We are not calling Red Sky
> > updater 4 because it is much more than just an updater.  It is a
> > point-release which both fixes bugs and adds/improves functionality.
> > Red Sky will be free for all existing ColdFusion MX customers and will
> > be released sometime this summer.
> >
> > Christian
> >
> >
>
> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Red sky

2003-07-23 Thread Heald, Tim 
> Red Sky will be free for all existing ColdFusion MX customers and will
> be released sometime this summer.

Tim


-Original Message-
From: Bryan Stevenson [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2003 11:23 AM
To: CF-Talk
Subject: Re: Red sky


Hey Christian,

Perhaps you know whether or not MM partners will get Red Sky for free as
well as part of the software we get as partners?

Thanks

Bryan Stevenson B.Comm.
VP & Director of E-Commerce Development
Electric Edge Systems Group Inc.
t. 250.920.8830
e. [EMAIL PROTECTED]

-
Macromedia Associate Partner
www.macromedia.com
-
Vancouver Island ColdFusion Users Group
Founder & Director
www.cfug-vancouverisland.com
- Original Message -
From: "Christian Cantrell" <[EMAIL PROTECTED]>
To: "CF-Talk" <[EMAIL PROTECTED]>
Sent: Wednesday, July 23, 2003 8:04 AM
Subject: Re: Red sky


> On Wednesday, July 23, 2003, at 07:53 AM, John McCosker wrote:
>
> > What I took from it was there will be an updater 4 for current
> > versions of
> > MX,
> > that have had outstanding bugs and have been fixed during the Red Sky
> > beta
> > test,
> > which I think is leading to the new realease of MX, and updaters for
> > pre MX.
>
> There will not be an Updater 4, or at least we are not planning one
> anytime soon.  Red Sky is the updater.  We are not calling Red Sky
> updater 4 because it is much more than just an updater.  It is a
> point-release which both fixes bugs and adds/improves functionality.
> Red Sky will be free for all existing ColdFusion MX customers and will
> be released sometime this summer.
>
> Christian
>
> 

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Strange Administrator Error

2003-07-22 Thread Heald, Tim 
NM, I reinstalled updater three and it fixed it.

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Heald, Tim 
Sent: Tuesday, July 22, 2003 8:52 AM
To: CF-Talk
Subject: RE: Strange Administrator Error


Hey I had asked this yesterday, but it was right around COB, has anyone seen
anything like the error below?  And if so, is there any other way around
this besides reinstalling??

Thanks,

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Heald, Tim 
Sent: Monday, July 21, 2003 4:48 PM
To: CF-Talk
Subject: Strange Administrator Error


Any of you ever see this before?  How would I go about fixing it?

BTW this is an error when I try to get to the administrator, and just
started after installing SQL Server 200.

THX

Error Occurred While Processing Request  
Method selection Exception.  
An exception occurred during method selection process for Method
getAdminHash The cause of this exception was that either there are no
methods with the the specified method name and argument types, or the method
getAdminHash is overloaded with arguments types that Coldfusion can't
decipher reliablly. Use javacast function to reduce ambiguity.  
 

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235



~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Strange Administrator Error

2003-07-22 Thread Heald, Tim 
Hey I had asked this yesterday, but it was right around COB, has anyone seen
anything like the error below?  And if so, is there any other way around
this besides reinstalling??

Thanks,

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Heald, Tim 
Sent: Monday, July 21, 2003 4:48 PM
To: CF-Talk
Subject: Strange Administrator Error


Any of you ever see this before?  How would I go about fixing it?

BTW this is an error when I try to get to the administrator, and just
started after installing SQL Server 200.

THX

Error Occurred While Processing Request  
Method selection Exception.  
An exception occurred during method selection process for Method
getAdminHash The cause of this exception was that either there are no
methods with the the specified method name and argument types, or the method
getAdminHash is overloaded with arguments types that Coldfusion can't
decipher reliablly. Use javacast function to reduce ambiguity.  
 

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

Strange Administrator Error

2003-07-21 Thread Heald, Tim 
Any of you ever see this before?  How would I go about fixing it?

BTW this is an error when I try to get to the administrator, and just
started after installing SQL Server 200.

THX

Error Occurred While Processing Request  
Method selection Exception.  
An exception occurred during method selection process for Method
getAdminHash The cause of this exception was that either there are no
methods with the the specified method name and argument types, or the method
getAdminHash is overloaded with arguments types that Coldfusion can't
decipher reliablly. Use javacast function to reduce ambiguity.  
 

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Structure, Array, Both?

2003-07-18 Thread Heald, Tim 
Why not either cache the query or put the query in a memory resident scope?

Tim


-Original Message-
From: James Blaha [mailto:[EMAIL PROTECTED]
Sent: Friday, July 18, 2003 1:34 PM
To: CF-Talk
Subject: Structure, Array, Both?


All:

Structure or Array?

I have a large table that I want in server memory but I'm not sure what 
the best route to follow is. There are many columns. Let say its White 
Pages information.

Tables Columns e.g. :

ID, FirstName, LastName, Address, City, State, Zip and Notes

What is the best route to follow for a CFQUERY e.g. (Select * From 
Table) to place all its information into a structure or array?

Regards,
James Blaha



~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

This list and all House of Fusion resources hosted by CFHosting.com. The place for 
dependable ColdFusion Hosting.
http://www.cfhosting.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Browser resize looses attributes scope

2003-06-27 Thread Heald, Tim 
F5 is another request, it just mirrors the last request, so it passes any
form variables along as it should.

There isn't a script or anything causing it to reload the page or send it to
the new URL, without accounting for the form variables is there?

Ok using FB I assume that the variables your talking about start off life as
form variables right?  See if form.varName comes back undefined.  I am
betting that for whatever reason rather than doing like a refresh and
passing the form variables along with the request, it's just sending the
browser to that page.  Now since your using FB, and I assume your using a
script or something to send the user to the url of the action page you can
pass those variables appended on the url and they will still be available in
the attributes scope.

That make any sense?

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Tyagi, Badal [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 9:12 AM
To: CF-Talk
Subject: RE: Browser resize looses attributes scope


That is also my main worry that why the page refreshes on browser resize and
rather it does not behave like normal refresh(F5) but loads like new request
altogether and looses attributes value too, bcoz normal F5 is working fine.
This testing team is really eating my time and brain?

regards
badal

-Original Message-
From: Nagy, Daniel J [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 6:32 PM
To: CF-Talk
Subject: RE: Browser resize looses attributes scope





do something here.


it's a coding style rather than an axiom, but it works for me. i know this
isn't the panacea
he's looking for, but it -will- stop the error. :P

i'm really more curious as to why the page refreshes on browser resize.

--d.

-Original Message-
From: GL [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 9:00 AM
To: CF-Talk
Subject: RE: Browser resize looses attributes scope


But that would render the page useless, if you discount the reason that
these variables don't exist. Just faking a value for them isn't going to
accomplish anything.

-Original Message-
From: Nagy, Daniel J [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 27, 2003 7:48 AM
To: CF-Talk
Subject: RE: Browser resize looses attributes scope


if the variables have no value on initial load of that page, use a
cfparam tag to ensure that they exist on pageload.



-Original Message-
From: Tyagi, Badal [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 8:44 AM
To: CF-Talk
Subject: RE: Browser resize looses attributes scope


Thanks Daniel, but there is no need to resize the window it was just
caught during testing when one of the testers did this. And I did not
get your second point regarding .

regards
badal Tyagi


-Original Message-
From: Nagy, Daniel J [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 5:05 PM
To: CF-Talk
Subject: RE: Browser resize looses attributes scope


no offense, but wouldn't it have been easier to make all the tables/etc
percentages so you wouldn't ever -need- to refresh on resize? i don't
think i've seen this kind of hack since netscape 3.

either that, or CFPARAM out all your junk if it's null on that page.

--d.

-Original Message-
From: Tyagi, Badal [mailto:[EMAIL PROTECTED]
Sent: Friday, June 27, 2003 5:26 AM
To: CF-Talk
Subject: Browser resize looses attributes scope


We have one application running on fusebox1.0 on CFMX and we are using
 to convert all form and URL variables to
attributes. Now when one page is called with few attributes type
variables, the page gets loaded but the problem occures when we resize
the browser window, because the page refreshes automatically and page
looses its attributes values and CF throws ERROR saying

"Element QUOT_SUB_QUOTE is undefined in ATTRIBUTES"
This happens anywhere in the application where attributes.varname is
called and they are now "Undefined" as error says. Any help on this
issue?


regards,
badal Tyagi,
HCL Perot Systems,
Noida, India








~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CSS and vertical text - help!

2003-06-25 Thread Heald, Tim 

L
O
O
K
S

L
I
K
E

T
H
I
S


Remove the tabs if it looks wrong :)

Timothy Heald
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
571.345.2235


-Original Message-
From: Reed Powell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 25, 2003 2:21 PM
To: CF-Talk
Subject: CSS and vertical text - help!


Hi guys - I have 1 foot out the door for vacation, and the other is typing
on a keyboard while my hands are busy with my CSS books.  Is there a way to
text to align vertically?  In Excel, for instance, there is an option on the
font properties so that text

L
O
O
K
S

L
I
K
E

T
H
I
S


Can I get this effect in CSS?  I have a helaciously wide table to display
and am trying to buy some horizontal real estate because it is the column
headings that are making it so wide.  Am hoping I don't have to do something
like break each word into individual characters with  in between.

thanks everyone
-reed



~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Your ad could be here. Monies from ads go to support these lists and provide more 
resources for the community. 
http://www.fusionauthority.com/ads.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CFUN 2k3 Rollcall

2003-06-19 Thread Heald, Tim 
I'm local too.

Tim 

> -Original Message-
> From: Adam Wayne Lehman [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, June 19, 2003 10:15 AM
> To:   CF-Talk
> Subject:  RE: CFUN 2k3 Rollcall
> 
> Well, I live in rockVegas (aka Rockville, MD), so I'm always here. My
> question is... should I bring the beer pig? He's been working the front
> door of my home since devCon.
> 
> Adam Wayne Lehman
> Web Systems Developer
> Johns Hopkins Bloomberg School of Public Health
> Distance Education Division
> 
> 
> -Original Message-
> From: Judith Dinowitz [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, June 18, 2003 10:19 PM
> To: CF-Talk
> Subject: CFUN 2k3 Rollcall
> 
> Me too! I'll be there Thursday night to Sunday. Anyone else coming in
> early?
> 
> Judith
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CFMX looses CFM mime type at reboot

2003-06-19 Thread Heald, Tim 
Very cool.  Fixed me right up.

Thanks,

Tim

> -Original Message-
> From: Dan G. Switzer, II [SMTP:[EMAIL PROTECTED]
> Sent: Wednesday, June 18, 2003 10:18 PM
> To:   CF-Talk
> Subject:  RE: CFMX looses CFM mime type at reboot
> 
> Tim,
> 
> > On reboot we can now browse the home page by domain.  However if you
> > append
> > index.cfm onto the domain it throws a 404. If you try to follow any
> links
> > it
> > throws a 404.  Just for s&g I check the mime types and the IIS
> connector.
> > Conector is listed as it should be, but there is no entry in mime types
> > for
> > CFM.  Super strange.  I run the remove connectors and the add
> connectors.
> > All is well in the world.
> > 
> > Anyone seen this before?
> 
> I blogged a solution to this on my site:
> http://blog.pengoworks.com/blogger/index.cfm?action=blog:90
> 
> There have been some useful additional comments from other users as well
> in
> case my solution doesn't fix the problem for you.
> 
> - Dan
>  ... 
> : Name:   Dan G. Switzer, II:
> : E-mail: [EMAIL PROTECTED]   :
> : Blog:   http://blog.pengoworks.com/   :
> :...:
> 
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Get the mailserver that powers this list at 
http://www.coolfusion.com

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

CFMX looses CFM mime type at reboot

2003-06-18 Thread Heald, Tim 
Sounds weird right?

Windows 2K Server
CFMX Ent
IIS 5
Oracle 8i

New install of CFMX.  Runs great.  MM went the extra mile helping us with
some problems we were having with cfmail and the oracle driver. Happy Hapy
Joy Joy.

Today we started getting time outs back from the machine.  Term Serv in and
can brose localhost so we figure its something outside.  Wait can't browse
it by it's own IP.  Ok strange.  Reboot.

On reboot we can now browse the home page by domain.  However if you append
index.cfm onto the domain it throws a 404. If you try to follow any links it
throws a 404.  Just for s&g I check the mime types and the IIS connector.
Conector is listed as it should be, but there is no entry in mime types for
CFM.  Super strange.  I run the remove connectors and the add connectors.
All is well in the world.  

Anyone seen this before?

Tim Heald MCP/CCFD
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
(202) 663-0130

~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: CFUN 2k3 Rollcall

2003-06-18 Thread Heald, Tim 
hehe meee to

Bald & Pierced Light :)

Tim 

> -Original Message-
> From: Critz [SMTP:[EMAIL PROTECTED]
> Sent: Wednesday, June 18, 2003 3:00 PM
> To:   CF-Talk
> Subject:  Re: CFUN 2k3 Rollcall
> 
> oi cfmail!!
> 
> I'll be there. bald pierced. find me buy my drinks
> 
> 
> Crit
> 
> 
> 
> 
> 
> Wednesday, June 18, 2003, 2:38:40 PM, you wrote:
> 
> c> Not that any of you know who I am, but I'll be there.
> 
> c> Regards,
> 
> c> Chuck
> 
> c> -Original Message-
> c> From: Adam Wayne Lehman [mailto:[EMAIL PROTECTED] 
> c> Sent: Wednesday, June 18, 2003 2:31 PM
> c> To: CF-Talk
> c> Subject: OT: CFUN 2k3 Rollcall
> 
> 
> c> So is anyone from the list planning to attend CFUN? (Or will I be the
> c> only one in the hotel bar?)
>  
> c> Adam Wayne Lehman
> c> Web Systems Developer
> c> Johns Hopkins Bloomberg School of Public Health
> c> Distance Education Division
>  
> 
> 
> c> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Definfing system environment variables

2003-06-05 Thread Heald, Tim 
Use the command line 

path=%path%+c:\myNewPath\;

Or whatever

Tim 

> -Original Message-
> From: Bushy [SMTP:[EMAIL PROTECTED]
> Sent: Thursday, June 05, 2003 8:07 AM
> To:   CF-Talk
> Subject:  re: Definfing system environment variables
> 
> Hi,
> 
> I've developed a web interface that executes a .EXE file on the server.
> This program being executed requires the system environment "LPDSERVER" to
> be defined.
> I can get my application to work if I go and define "LPDSERVER" as a
> system environment variable and reboot the box. There are quite a few
> other that need defining also.
> 
> Is there a way in CF (or someother language) to define Windows 2000
> environment variables without having to do it via COntrol Panel? It would
> be so much easier if they could 
> all be hammered into a database which would make easy updating/defining
> etc.
> 
> Please say it can be done? Maybe with a COM?
> 
> Help...
> 
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Signup for the Fusion Authority news alert and keep up with the latest news in 
ColdFusion and related topics. 
http://www.fusionauthority.com/signup.cfm

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Encrypt/Decrypt

2003-05-27 Thread Heald, Tim 
Use cfusion_encrypt() instead.

Tim Heald MCP/CCFD
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
(202) 663-0130

> -Original Message-
> From: Greg Luce [SMTP:[EMAIL PROTECTED]
> Sent: Tuesday, May 27, 2003 4:23 PM
> To:   CF-Talk
> Subject:  Encrypt/Decrypt
> 
> I encrypted a value to store in the db using the CF encrypt() function.
> It worked a few times, but then it encrypted a value with a double quote
> as one of the encrypted chars. Now when I try to decrypt() the value I
> get an error that the value to be decrypted is not valid. 
> 
> 
> 
> I tried htmlcodeformat() because it escapes double quotes. But it still
> errors:
> 
> 
> 
> Ideas?
> 
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Host with the leader in ColdFusion hosting. 
Voted #1 ColdFusion host by CF Developers. 
Offering shared and dedicated hosting options. 
www.cfxhosting.com/default.cfm?redirect=10481

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4

RE: Block Competitors from Web site

2003-05-27 Thread Heald, Tim 
VPN?

Tim Heald MCP/CCFD
Information Systems Specialist
Overseas Security Advisory Council
U.S. Department of State
(202) 663-0130

> -Original Message-
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]
> Sent: Tuesday, May 27, 2003 1:11 PM
> To:   CF-Talk
> Subject:  Block Competitors from Web site
> 
> Hello,
> 
> Any have any other creative ideas on how to block competitors from gaining
> 
> access to a Web site.  
> 
> My idea, which isn't fool proof is to try and find out what their network
> IP 
> address is and write code in your site wide header to redirect or block
> traffic 
> from a IP sub set, as long you know they company owns the IP sub set.
> 
> I know the user could just log in fromo their home connection to open a TS
> 
> session outside of their company.  I want to make sure they are blocked
> from 
> the company.
> 
> Any other ideas?
> 
> 
> Thanks.
> 
> D
> 
> 
~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4
Subscription: 
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq

Host with the leader in ColdFusion hosting. 
Voted #1 ColdFusion host by CF Developers. 
Offering shared and dedicated hosting options. 
www.cfxhosting.com/default.cfm?redirect=10481

Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4