Re: SAS 70 Type II dedicated server hosting
Yes, we are SAS70 Type II compliant for dedicated environments. If you'd like a quote on your particular hardware configuration please email me at [EMAIL PROTECTED] Thanks! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:308543 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Using tags with CFSCRIPT
That's assinine. If they provide a workaround for their customers, why not just build it in to their system and officially allow multiple domains? Silliness. We allow code-based redirects because they're less likely to be implemented (you have to be somewhat familiar with coding) and they don't affect any other systems. If we were to create a workaround in our system it would have to involved creating new sites in IIS (on windows at least) using Host Headers, and that would have a great deal of repercussion through our systems. With code-based multis we don't have to worry about additional domains for email accounts, webstats, etc. Also, making this easy and doable via the control panel would encourage users to load up websites on their accounts, which in turn would generate more traffic, more errors, et al., and generally degrade the server performance. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:303313 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hostmysite down?
Thanks Adam - that was a great response you had as well. Due to the way our internal systems are setup I couldn't access any of my HMS applications during the outage (apparently they're based in DC2) but I could get the internet, so I immediately checked these forums for the inevitable HMS is down thread. We have a 100% uptime guarantee, and take it very seriously on those rare instances where we have a network or hardware outage. In an N+1 environment this should never happen, and we work very hard to make sure that it doesn't. In short: Yes, Virginia, there is a webhost that cares about customer service and meeting expectations. ;-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301252 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hostmysite down?
On Fri, Mar 14, 2008 at 11:45 PM, Jamie Price [EMAIL PROTECTED] wrote: In short: Yes, Virginia, there is a webhost that cares about customer service and meeting expectations. ;-) Unless you expect shared CF hosting on Linux. -- Meeting expectations is *exactly* why we don't offer that anymore. After extensively reviewing the performance of CF on linux servers we determined they were unsustainable due to the fact that we can't use SeeFusion on Linux. This may change in the future as CF gets better at memory management, but for the moment that's simply not the case. I'm very sorry, but if you can't do something right you shouldn't do it at all, and we'd rather have linux cf users on a VPS or at another host than see them get bad service. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301257 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Hostmysite down?
You make a good point - this was done pre-CF8, so there's definitely room to re-evaluate. I'll mention it to infrastructure and see if there's any good reason for this. I don't know the technical details behind SeeFusion's incompatibility with Linux, unfortunately, just that it exists. Regarding the outage, I am 100% positive it was a router/switch issue and not an issue with the backbone. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301268 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Hostmysite down?
Just found out - SeeFusion 'runs' on Linux, but it can't auto-kill long running threads, which is a key feature we need in order to make sure the CF app server behaves. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301301 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hostmysite down?
Honestly I don't know why they (Infra) didn't go for that. I'll ask around. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301322 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hostmysite down?
Ok, here's the background: The shared Linux CF plans we had were the lowest selling of our hosting plans, plus they were highest in terms of support load, i.e. clients with those plans created more tickets than any other plan type. As mentioned earlier SeeFusion isn't as effective on Linux as it is on Windows due to the inability to kill threads, which is 100% necessary. Having a system that simply informs us of upcoming problems isn't enough, we needed some sort of automated server healing to take place in order to make sure our techs weren't tied up fixing Linux CF servers all day. Since we had already devoted a great deal of resources to SeeFusion using another CF tool like FusionReactor wasn't ideal because it would introduce another level of complexity to our server environment (another tool for techs to configure and learn) plus another vendor/licensing agreement to be worked out. Switching over completely to FusionReactor was similarly dismissed because of the poor return involved - too few clients would really benefit and the costs and disadvantages were too great to justify them, plus our initial trials made us lean towards SeeFusion as a better product to use. Even from the clients that absolutely needed CF + Linux, we still had Linux CF VPS plans to offer, and the majority of the clients that we migrated appreciated the fact that stability is MUCH better in that environment anyway. I hope this clarifies things a bit. It's unfortunate that we can't offer shared CF Linux for our clients, but we think the decision benefitted our customer service and support tremendously. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301326 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hostmysite down?
Let's just go back to pen and paper. :-) ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301341 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Hostmysite down?
All my sites seem to be down and so does their website and phone support. Anyone know what's going on? Russ One of our Datacenters (DC2) is experiencing an outage, and has been for the last 10 minutes or so. The phones are jammed (and in some cases going to BUSY, depending on the line you call) from the traffic. Unfortunately I don't have a cause or ETA as of yet, but I'll post it here ASAP. Jamie Price Account Executive HostMySite.com ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301220 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Hostmysite down?
The problem has been diagnosed and for the most part resolved. The main core switch there had a corruption in it's configuration and rebooted, but due to the corruption issue we could not automatically fail over to the hot spare. This was remedied by manually failing over. The total downtime measured for 28 minutes or so, and tonight we will be doing emergency maintainence to resolve the confug issue that prevented the automatic failover. If your site or server(s) were affected by the outage please contact [EMAIL PROTECTED] and a credit of 5% of your monthly fees. Please accept our deepest apologies for the inconvenience, and know that we are working hard to prevent this type of outage from occuring in the future. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:301222 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HostMySite: Linux Builder + CF No Longer Offered
Unfortunally HostMySite just discontinued the shared Linux Builder + CF plans, and won't offer them for CF8. The Windows plans have way less bandwidth and disk space per dollar spent. I've got a ticket in to find out if they plan to continue support for existing customers indefinitely. They are recommending their VPS for CF and Linux. --Greg Just to give you some background on this decision, after a recent audit of our services we found that the top six 'worst performing' servers were those that had the Linux CF Builder plans. That's not to say they're bad servers, but compared to the rest of our network they're an eyesore in terms of support. I think this has a LOT to do with the fact that SeeFusion, the software we use to keep CF in control on shared servers, doesn't work in a Linux Environment. Moving to a VPS would be good because you don't have to worry as much about CF performance problems stemming from other clients - just your own code. As to the RAM requirements CF can run on our 512 offering provided it's not a high traffic site...in which case I'd suggest the 1 GB offering. ~| ColdFusion 8 beta â Build next generation applications today. Free beta download on Labs http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:284278 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HMS Down?
ah crap. I spoke too soon. We're down. The tech was right - there's some kind of hardware problem at the 2nd datacenter I believe, and our infrastructure team, along with the CEO and COO, are working on it as I type. Once I have definitive information I'll post it here. ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271290 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: HMS Down?
PS For those of you that don't know I'm one of the senior employees at HMS; formerly the postmaster but now I'm in the Dedicated Server Sales department. Update: Looks like the areas being most affected are our nameservers, some shared sites, and of course our own website, but I expect a resolution within the hour given the caliber of the techs (and owners) we have working on this. ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271293 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: HMS Down?
UPDATE: Problem should be resolved now - there was a bad load balancer on the DC2 network that was flooding one of our core switches, which primarily affected our shared customers, secondary DNS servers, and our own website. After some troubleshooting to determine the cause of the problem (including shutting off the shared part of our network for short time) we were able to isolate the load balancer as the cause of the problem. The problem begain shortly before the first post here (around 8 am EST) and was confirmed resolved at about 9:30 am. Total clients affected is hard to judge, but I would have to say it would be less than 15-20% of our customers, depending on how the secondary dns servers were acting. The last statement is sheer guesswork, so please don't quote me on it! If you have any further questions about this you can contact me at jamie(at)hostmysite.com. ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271296 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: OT: Hostmysite unsupported tags, functions etc
I have looked over Hostmysite and cannot find what tags, functions that they do not allow. Could someone here that uses them let me know what limitations I would have with their hosting? Thanks Alot Doug B. HMS doesn't support CFExecute or CFRegistry, for security reasons. ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://ad.doubleclick.net/clk;56760587;14748456;a?http://www.adobe.com/products/coldfusion/flex2/?sdid=LVNU Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:263935 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Professional Opinions on HostMySite.com
will say that is one issue I'm still not happy with. If you use Microsoft SQL Server Management Studio Express, you can see all databases on a server. This is a failing of the software, not of the server-side setting. MS just recently got a patch for the 2000 series of SQL that hides db's you don't have access to. I'm not sure what the story is on the new 2005 install, but I'm sure MS will eventually release a similar patch for it as well. As for Datasources and security, originally we didn't sandbox DSN's in the fashion you're referring to, but that has been changed some time ago due to customer and MM feedback. Also, the JSP settings that James is referring to were also fixed on the newer servers; we only have one or two running on the less secure config and those will be updated or migrated off our network soon I believe. Also, it should be noted that even though the JSP issue was tossed around this board, I believe we are the ONLY host running a shared setup to have actually resolved that at all - others that were tasked with it simply did nothing. :-) Jamie Price HMS Postmaster email: jamie at hostmysite.com ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229214 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Actually, Enterprise Manager was REALLY slow to load about 100+ databases, so I tend to think it was more of a performance issue. Especially given that it took MS FOREVER to release the patch. I mean a really really long time - like that the lag in database name display was a problem way back in SQL 7 and went through most of the life of 2000. The patch came out less than 6 months ago, so basically they got it out just in time for the 2005 release. Now *that's* amusing. But we all know how MS is big on security so I'm sure that played a part too. g I'm not exactly sure what patch you're talking about, I would have to look and see why the patch was issued. As far as not announcing the username, and not putting your name on the mailbox, that's all security by obscurity. It will work for a little while, but the problem is that most people use security by obscurity as the only form of security. For example: if you don't put your name on your mailbox, you will think that you're more secure from thieves, and therefore won't be as careful to lock your back door. You'll think But the thief won't know if I'm home or not, so he'll be too afraid to come through my back door. This, of course, is ridiculous. Instead of relying on security by obscurity, you should make sure your doors are locked, that you have good locks, good doors and windows, and a good security system. In the computer world it's the same. Instead of hiding your username and server ip, make sure you have a strong password. Make sure you don't have any unnecessary services running. Make sure that you have proper permissions on your files and databases. So take it from me. Security by obscurity only works if it's used in combination with other, more powerful forms of security, and most of the time just gets in the way of usability. Don't let your guard down just because you've 'hidden' something. The thieves and hackers have ways of finding that stuff out, ways that you might have never though of. Russ -Original Message- From: Munson, Jacob [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 11, 2006 2:11 PM To: CF-Talk Subject: RE: Professional Opinions on HostMySite.com I was watching a show about house security once, and they said you should never put your name on your mailbox (nor anywhere visible). Why not? Because a thief can have a phone book in his car, and look up your phone number from the name and address, then give a call to see if you're not home. Would you announce to the world what your username is? Sure nobody has your password, but giving out your username (or your DB name) gives a hacker one less thing to figure out. What about paths in your web server? Could a hacker wipe out all of your custom tags if he knew what folder they were in? Probably not, but if he didn't have to discover that much information, his job is that much easier. Again, I think if it weren't a security risk, MS would not have put out a patch. [INFO] -- Access Manager: This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. A2 ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229256 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Professional Opinions on HostMySite.com
Not true. There are lots of sites that offer CF hosting on Linux. -- John McKown President/CEO Delaware.Net, Inc. Yeah, and all the really good ones are in Delaware, the home of CF Linux servers. :-) ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229262 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
At the moment, if you use GetPageContext().include() on a JSP on my SmarterLinux server you get a null pointer exception. Regardless, 2 is the case and the code will run in the CF security context of the calling page. The CF sandboxing takes over in this case. Anyone can verify this on their own dev server (as I have just done). Since the server is sandboxed this is perfectly acceptable. Good, good. It's about time something went my way. :-) Anyone else care to poke at this security update and see if it's got any holes? ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208695 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
I thought I posted this the other day, but it didn't update for some reason. Here it is again: Never let it be said that HostMySite.com doesn't listen to it's customers. After much work we've been able to find a fix for the security issue that allows safe execution of JSP and CF. On our Linux servers, we actually run two J2EE environments - JRun and Resin. While JRun does handle the Java processing for ColdFusion, Resin handles the requests for JSP pages and servlets. Java implements a security policy system that can prevent access. We have implemented security managemetn in the Resin server to prevent JSP pages from being able to read arbitrary files on the server. We have restricted code from each customer's home directory to: 1) a lengthy list of files and directories that Java and Resin require internally 2) log files for the site and for Resin 3) that customer's home directory. If anyone has any questions about this or needs any further information, feel free to post or send me a question off-list. Thanks again for bringin this to our attention! ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208506 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
James, Can you send me an email ([EMAIL PROTECTED]) with your domain name? I'll check on your server and see if it's misbehaving, and if so get it locked down by the end of the day. Well, this isn't the case on my SmarterLinux server. I can still browse, download and view every file on the server using JSP. ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208508 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Shared CF Host security
Jochem, Can you email me offlist with what you're interested in? [EMAIL PROTECTED] Thanks! So, security in a shared hosting environment isn't exactly a myth, it just takes a little more work and flexibility. If anyone needs a more technical explanation of what we did, please let me know via email and/or a post here and I'd be happy to assist. I am very interested. Jochem ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208509 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
Ok somehow I doubled the thread and made two. Sorry! I thought I posted this the other day, but it didn't update for some reason. Here it is again: ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208515 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
We actually run two J2EE environments - JRun and Resin. While JRun does handle the Java processing for ColdFusion, Resin handles the requests for JSP pages and servlets. What happens if you use getPageContext.include() from within a CFML page to invoke a JSP page directly? Good questionThere's two possibilities: 1) CF makes the request for the page via Apache (as I think it *should*, to preserve the users' preferences about type handling, rewrites and other such web server configurations). In this case, the JSP is still handled through Resin, same situation applies. 2) Cf is hijacks it straight to JRun (which I think is more likely, since the user has put JSP code into a ColdFusion page, supposing that CF will happily run JSP code from a .cfm page. Not sure if that's correct behavior or not.). In this case, they have avoided the security we have implemented. Anyone care to test this? Dave your account is on the only server running this config on our network right now - can you test what he's talking about? Also, we'll have the other Linux CF servers done over the weekend, I believe. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208558 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Shared CF Host security
Don't ever let it be said that we don't listen to the voices of our clients. :-) We've implemented a fix for this security issue that spans all of our Linux servers running ColdFusion. Here's a synopsis from one of the techs involved in implementing the change: We actually run two J2EE environments - JRun and Resin. While JRun does handle the Java processing for ColdFusion, Resin handles the requests for JSP pages and servlets. Java implements a security policy system that can prevent access. We have implemented security managemetn in the Resin server to prevent JSP pages from being able to read arbitrary files on the server. We have restricted code from each customer's home directory to: 1) a lengthy list of files and directories that Java and Resin require internally 2) log files for the site and for Resin 3) that customer's home directory. So, security in a shared hosting environment isn't exactly a myth, it just takes a little more work and flexibility. If anyone needs a more technical explanation of what we did, please let me know via email and/or a post here and I'd be happy to assist. ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:208454 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Shared CF Host security
You will want to disable Java and COM. With CF 6.1 that means you need to disable all object access, with CF 7 you can disable just Java and COM. Are you referring to simply disabling the createobject(Java) and createobject(COM) CFML functions? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207154 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
I'm trying to test one of the scripts provided to my by Dave in a Windows environ but I'm getting this error: 500 Translator.WrongCase/buddman/jspbrowser/browser.jspbrowser.jspBrowser.jsp Translator.WrongCase/buddman/jspbrowser/browser.jspbrowser.jspBrowser.jsp Can anyone tell me how to make this exploit work in Windows so I can determine a patch? ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207217 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
forget I said that - I figured it out. :-) ~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207219 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
At this point in the discussion I'd like to invite anyone who knows of a shared host WITH A CLUE to give us all their details... Dave alerted me to this thread and the problem with CFMX + JSP just today, so I'm going to be investigating this as well on the HMS end. I can tell you that the initial reason why JSP can't be locked down is that a number of clients are using it for a legitimate purpose - we can't just shut it off and tell those clients that we suddenly became security-conscious and they have to deal and find a shoddy host that will let them run their app. On the other hand, I can't see us allowing this to continue either. Just because you're on a shared host it doesn't mean that you're on an insecure server. It will never be as tightly locked down as a dedicated server (or even a VPS, which is new at HostMySite) however that doesn't mean you're publishing your code for the world to see. IF that were the case we would change our name to HostMyBBS. :-) Seriously, I will be taking this up with the CEO and COO tomorrow, and we'll be looking into possible alternatives so everyone gets what they want. I suspect the solution will be a little different for Windows as opposed to the Linux-based sites, however I'm not fluent in CFMX/JSP so I can't say for certain. If any of you have any suggestions that would accomplish both the functionality and the security, I'd be more than happy to entertain them and bring them before the CEO. I can assure you that your suggestions will not be brushed aside lightly for ANY reason. Along a similar vein, locking down datasources via sandbox security was at one time considered, however it was discarded I believe because clients can attain the same level of security by simply adding a user/pass to their code via the Application.cfm and referencing the datasource that way. We will add the user/pass to the DSN upon request, however we ALWAYS tell clients before doing so that they are basically inviting other users on the server to read/write to their database. If you have any questions and the CF mods have no problems with my being here, please feel free to post them and I'll either answer them to the best of my ability or find another rep from HostMySite.com who can. Jamie Price Email Administrator, Sr. Tech Support Rep HostMySite.com ~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207112 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
RE: Shared CF Host security
But with JSP enabled I am broadcasting my username and password to everyone on the server, as they can read my code. Right - I was just trying to clarify that there were two separate issues at hand there. The JSP one is definitely an issue; datasources on the other hand run more to personal preference. Assuming that the JSP issue is resolved, the datasource problem is effectively solved as well. As dave suggested, a slight reorganisation of servers (or even instances on the same server) such that some run JSP and some don't would suffice. Customers needing JSP can take their chances on those servers and those who want some security can have the servers wherein it is disabled. That's being considered as one alternative, but I'd personally like to avoid it if at all possible as it leads to complications on our end. This shouldn't be seen as laziness, it's just a reality - the more complex the backend is the more likely it is that there will be an issue of some sort when it comes time to update the servers. Or having to explain to a novice JSP user why this stuff is insecure shudder. I'd rather have it running and locked down permanently. Plus the idea of knowingly putting up a server with a gaping hole in security turns my stomach a little. For a shared host, the best CF security involves turning off JSP, disabling CFOBJECT and createobject() for all customers and sandboxing files for every app to allow access to only the account directory. If you can provide some servers with this config (secure hosting servers) and others with the more relaxed JSP option, you take care of both sets of needs and I stop whining like a child. CFObject is insecure in v5.0, but with the advent of sandboxes I believe it was deemed safe in MX versions. If you believe I'm mistaken on that point please let me know. Currently our server config only disallows use of CFExecute and CFRegistry, both for fairly obvious reasons. Also RDS is disabled, but that should be given as well. Sandboxing isn't quite as simple as you make it out to be - it's not enough to simply have access restricted to the webroot. You also need to implement a host of other directories that CF needs access to for various reasons. Here's an example from one of our servers running MX 7.0 c:\websites\DOMAIN_NAME\ Read,Write,Execute,Delete c:\websites\DOMAIN_NAME\- Read,Write,Execute,Delete c:\cfusionmx7\lib\updates Read c:\cfusionmx7\lib\updates\- Read c:\cfusionmx7\lib\cfxneo.dll Read c:\cfusionmx7\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp Read c:\cfusionmx7\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmp\- Read c:\cfusionmx7\customtags\ Read,Execute c:\cfusionmx7\customtags\- Read,Execute c:\cfusionmx7\cfx\ Read c:\cfusionmx7\cfx\- Read c:\cfusionmx7\wwwroot\cfide Read c:\cfusionmx7\wwwroot\cfide\- Read c:\CFusionMX7\lib\vadmin.jar Read c:\CFusionMX7\lib\verity.jar Read And this is just a server that started out as v7. You should see one of the ones that was upgraded from v6.1. ~| Find out how CFTicket can increase your company's customer support efficiency by 100% http://www.houseoffusion.com/banners/view.cfm?bannerid=49 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:207117 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
CFPOP Parsing Question
I'm thinking of setting up a CF application to process AOL Postmaster notices for me. I can direct the notices to an email account and pop them with CF, however I want to do a little bit of filtering too - specifically I want to find the following line in the body of the email's Raw Content: Received: from SMTP32-FWD by SomeDomain.xyz the phrase 'SMTP32-FWD' is unique - if it appears at all it will only appear once. My filter needs to work something like this: if message body contains SMTP32-FWD then 'Send an email' to [EMAIL PROTECTED] (where SomeDomain.xyz is the domain found in the same line as SMTP32-FWD) Question: how do i search through the contents of a message once i pop it? ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:188370 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFMX + MySQL Query Problem
Any ideas guys? ~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187958 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: toString() generates invalid xml
I don't know if this helps or not, but here's an interal KB we have on a ToString/XML bug: CFMX function toString() outputs null when attempting to output a XML document created with the cfxml tag. Example:cfxml variable=ticker xmlticker cfoutput tickeritemheadline #XMLFormat(Trim(tempText))# /headline link#XMLFormat(Trim(tempLink))# /link/tickeritem/cfoutput/xmlticker /cfxml !--- this will output null when sandbox security is enabled ---cfoutputToString Result: #ToString(ticker)#/cfoutput The preceding toString() function outputs null or an empty string. Answer/Solution: The following solution was found on Macromedia's forums. (see reference below) 1. Copy and paste this CF code into the template where the toString function is being used. !--- Standardized, JAXP-based version --- !--- (info on JAXP at http://java.sun.com/xml/jaxp/) --- cffunction name=XmlToString returntype=string cfargument name=Xml required=true !--- Classes from the standard Java/JAXP APIs --- cfset var stream = CreateObject(java, java.io.ByteArrayOutputStream) cfset var transformer = CreateObject(java, javax.xml.transform.TransformerFactory).newInstance().newTransformer() cfset var domsource = CreateObject(java, javax.xml.transform.dom.DOMSource) cfset var streamresult = CreateObject(java, javax.xml.transform.stream.StreamResult) !--- Initialize class instances --- cfset stream.init() cfset domsource.init(Arguments.Xml.getDocumentElement()) cfset streamresult.init(stream) !--- Perform the actual serialization --- cfset transformer.transform(domsource, streamresult) !--- Return the result --- cfreturn stream.toString() /cffunction 2. replace the toString() function with XmlToString() in the CF Code. Reference: http://webforums.macromedia.com/coldfusion/messageview.cfm?catid=143threadid=461867 ~| Special thanks to the CF Community Suite Silver Sponsor - RUWebby http://www.ruwebby.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187959 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFMX + MySQL Query Problem
Simon - Here's the dumps - the GetMatches dump has never returned results for me (though it seems like it is doing something since it's outputting results) GetWantedCards Query - query CARDID USERID 1 41001101 7 2 41001102 7 3 41001151 7 4 41001152 7 5 41001153 7 GetMatches Query - query CARDID USERID If this is too confusing, you can see this 'live' by going here: http://www.mtgotradingpost.com/users/login.cfm username: yourmom password: yourmom Then goto Trading-Match (http://www.mtgotradingpost.com/traders/match.cfm) Thanks Marco for the MySQL info - if I hear one more report of you can't do that in 4.0, but 4.1 supports it I swear to God I will shoot myself. We don't have a 4.1 server up yet since there's not enough call for it (and no one wants to attempt a conversion) ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187728 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mail Server Software
This is kinda OT so I'll only post it once and ne'er shall it be mentioned again... For anyone interested in running SmarterMail... 1. SmarterMail POP accounts come with every new shared hosting account setup at HostMySite.com. So, if you need a place to host your website but don't need a whole server for it, plus you like the SmarterMail interface, HMS is ideal for your needs (and it's darn good CF webhost too!) You can place an order for a new account here: http://hostmysite.com/order.cfm?id=192 As part of our push to drive up sales in December, which is generally a slow month for webhosts, I can offer free setup + 2 free months of hosting for any yearly account - simply request the offer in the 'notes' section of the setup and it will be done (or call in and ask to speak with me) 2. Alternatively if you're looking to setup your own webserver or mailserver (or both!) you can setup a dedicated server with us. The quote on that would depend on the hardware you need, however you'll find us to be very reasonable - plus a 50 domain SmarterMail license comes FREE with any Windows server you setup! Call me if you're interested in either offer - 877.215.4678 Jamie Price HMS Email Admin and SmarterMail Advocate ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187834 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFMX + MySQL Query Problem
Jochem - that code worked (with some minor adjustment)! Thanks! Now, to up the level of complexity a bit. currently it outputs like so: userid1 cardid1 cardid2 . . . userid2 cardid1 cardid2 In other words it lists the other users with matching cards and then below each user it lists the cards themselves. Now, not every user will have the same number of matching cards - some will be a 'better trade' than others. How would I go about re-ordering this list so it is displayed in the same format, but in order with the user having the most 'matches' first, then the next user, then the next, and so on descending to the users with only a single match? I was thinking a query of queries, but since we're actually ordering in the output I think the 're-ordering' would need to be done in the output as well? ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187845 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mail Server Software
HostMySite.com is converting over from IpSwitch Imail Server to SmarterTools SmarterMail as of TOMORROW. I'm the email administrator for HMS, and let me tell you I will breath a sigh of relief when we get this up and running and all of our 30 or so Imail servers migrated over. We've done some prelim testing and found SmarterMail to be far better than Imail in the performance department. Two big considerations: 1. Imail's webmail client vs SmarterMail webmail It's like comparing the fake rock you gave your first wife to the Hope Diamond. 2. Imail stores the email for each folder in a single text-format .mbx file. This can result in some HUGE files that degrade server performance considerably (thing fragmentation). Smartermail on the other hand stores emails as they are meant to be - a separate file for each. 3. Did I mention the web interface? Here's a sample for you: http://www.hostmysite.com/smartermaildemo E-mail Address: demo@ hostmysite.com Password: demo If you have any other questions about SmarterMail, let me know I'll be happy to clarify. ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187688 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mail Server Software
That does it. All of your email will now be sent via a printout attached to an alpaca. ~| Special thanks to the CF Community Suite Silver Sponsor - New Atlanta http://www.newatlanta.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187690 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: Mail Server Software
- Sorry about the delay on SmarterMail; I missed this topic when it first came around. Or were you talking about alpacas being cheaper for the future? ;-) If I were you I'd looking to selling your Imail license ASAP and pick up SmarterMail. Trust me it will save you soo much heartache in the long run. - Dave, you should really think about getting back on your meds. I take the Zoloft to keep from killin' ya'll. - Mike Tyson ~| Special thanks to the CF Community Suite Silver Sponsor - CFDynamics http://www.cfdynamics.com Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187694 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFMX + MySQL Query Problem
Jamie Price wrote: SELECT o.UserID, GROUP_CONCAT(o.CardID) FROM mycards t INNER JOIN mycards o ON t.cardid = o.cardid WHEREt.trade = 1 AND o.own = 1 AND t.UserID = cfqueryparam value=#cUserID# cfsqltype=cf_sql_integer GROUP BY o.UserID Jochem I tried replacing my 2nd query with that code (the qGetMatches query) and got the following error: Error Executing Database Query. Syntax error or access violation: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near apos;(o.CardID) FROM mycards t INNER JOIN mycards o ON t. The error occurred in C:\Websites\mtgotradingpos\traders\match3.cfm: line 43 41 : o.own = 1 42 : AND 43 : t.UserID = cfqueryparam value=#cUserID# cfsqltype=cf_sql_integer 44 : GROUP BY o.UserID 45 : /cfquery Keep in mind I'm using MySQL v4.0.18 as my database solution - would your code be compatible with that? ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187687 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Re: CFMX + MySQL Query Problem
I know that this sounds like a pretty wild problem, but I would REALLY appreciate any help you guys could give - I've been putting my head through a wall for about two weeks trying to get this function right. If you need clarification on anything, just let me know. Thanks! ~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187242 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations Support: http://www.houseoffusion.com/tiny.cfm/54
CFMX + MySQL Query Problem
I'm working on a trading card site for an online card game. One of the key
functions of the site will be that a user can login and click on match and
the database will return a 'matching' trader - one that has all the cards the
user needs. I've setup a test version that counts on the user with userID=7
logging in. My page looks like this:
!--- make sure user is logged in ---
cfinclude template=../users/includes/loginCheck.cfm
cfquery name=qCheckUN datasource=#dsn# username=#un# password=#pw#
SELECT userID
FROM users
WHERE username = cfqueryparam value=#getAuthUser()#
cfsqltype=cf_sql_varchar
/cfquery
!--- set userID ---
cfset cUserID = #qCheckUN.userID#
!-- Get all the cards that the current user is looking for --
cfquery name=qGetWantedCards datasource=#dsn# username=#un#
password=#pw#
SELECT userID, cardID
FROM mycards
WHERE userID = #cUserID#
AND trade = 1
/cfquery
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
http://www.w3.org/TR/html4/loose.dtd;
html
head
meta http-equiv=Content-Type content=text/html; charset=iso-8859-1
titleFind Matching Traders/title
/head
body
!--- add page header ---
cfinclude template=../includes/header.cfm
table width=720 border=0 align=center cellpadding=0 cellspacing=0
class=MainOutline
td width=720 height=30 align=center valign=middle
div align=leftspan class=mainstrongMatching
Traders/strong/span/div/td
/tr
cfoutput query=qGetWantedCards group=cardID
cfquery name=qGetMatches datasource=#dsn# username=#un#
password=#pw#
SELECT userID, cardID
FROM mycards
WHERE userID #cUserID#
AND cardID = #qGetWantedCards.cardID#
AND own = 1
/cfquery
tr bgcolor=#IIF(CurrentRow MOD 2, DE('f5f5f5'), DE('ebebe2'))#
td width=720 height=30 align=left valign=middlespan
class=mainstrongUserID/strong:
#ValueList(qGetMatches.userID)#br/span/td
/tr
tr bgcolor=#IIF(CurrentRow MOD 2, DE('f5f5f5'), DE('ebebe2'))#
td width=720 height=30 align=left
valign=middlecfoutputspan class=mainOwes Cards:
#qGetMatches.cardID#/spanbr/cfoutput/td
/tr
/cfoutput
/table
!--- add page footer ---
cfinclude template=../includes/footer.cfm
/body
/html
which outputs this for me:
Quote:
Matching Traders
UserID:
Owes Cards:
UserID:
Owes Cards:
UserID: 9,13,8
Owes Cards: 41001151
UserID: 3,13
Owes Cards: 41001152
UserID:
Owes Cards:
UserID:
Owes Cards:
...which is close, but no cigar. I need to get rid of those 'blank' entries,
plus I need to arrange it so what's left comes out like this:
Quote:
UserID: 3
Owns Cards: 41001152
UserID: 8
Owns Cards: 41001151
UserID: 9
Owns Cards: 41001151
UserID: 13
Owns Cards: 41001151, 41001152
The database is correct - I'm using mySQL v 4.0.18. You can verify this by
looking at the contents of the 'mycards' table:
UserID CardId Own Trade
3 41001152 1 0
7 41001151 0 1
7 41001152 0 1
7 41001102 0 1
7 41001101 0 1
7 41001154 0 1
7 41001153 0 1
8 41001151 1 0
9 41001151 1 0
13 41001151 1 0
13 41001152 1 0
So, what am I missing? Also, before someone mentions it, my original version of
this page contained a subquery, however the version of MySQL that we're running
right now doesn't support subqueries so I have to use something else.
~|
Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net
http://www.cfhosting.net
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:187151
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations Support: http://www.houseoffusion.com/tiny.cfm/54
Trading Card Database Application
rds where mycards.userID = users.userID and mycards.CardID = tblcards.CardID and users.username = #getAuthUser()# and tblcards.SpellTypeID = 110 /cfif cfif isdefined(form.enchantments) and trim(form.enchantments) EQ enchantments union select mycards.userID, mycards.CardID, users.username, tblcards.CardTitle, tblcards.ColorCode, mycards.own, mycards.trade, tblcards.RulesText from mycards, users, tblcards where mycards.userID = users.userID and mycards.CardID = tblcards.CardID and users.username = #getAuthUser()# and tblcards.SpellTypeID = 105 and tblcards.SpellTypeID = 112 /cfif ORDER BY users.username /cfquery cfset current_user = getAuthUser() pCurrently displaying info for user: cfoutput#current_user#/cfoutputbr Color Code:br Black = Bbr White = Wbr Blue = Ubr Green = Gbr Colorless = Abr Multi-Color (Gold) = Z /p table width=100% border=1 tr th scope=colUsername/th th scope=colCard Name/th th scope=colColor/th th scope=colNumber Owned/th th scope=colNumber Looking For/th th scope=colCard Text/th /tr cfoutput query=showmyCards tr tddiv align=center#username#/td/div tddiv align=center#CardTitle#/td/div tddiv align=center#ColorCode#/td/div tddiv align=center#own#/td/div tddiv align=center#trade#/td/div tddiv align=left#RulesText#/td/div /tr /cfoutput /table /body /html BTW, the three tables referenced above are mycards - contains the cards that individual users own tblcards - contains details on each card users - contains user login information Please let me know your thoughts! _____ Jamie Price [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
Re: for those in need of hosting
I'm going to slip in a really small and quick advertisement in here for those of you that lost your webhosting when Doug when MIA.I'm from HostMySite.com, a Delaware-based hosting company that has been around for 7 years - and we don't have any intention of going anywhere! The exact hosting plan you need really depends on what technology you're using, but if it's CF 5.0 or MX, then you could use one of our Dev plans: http://www.hostmysite.com/hosting/developer/ or if you're more interested in Linux webhosting, see http://smarterlinux.com When it comes time to order, use this link: http://hostmysite.com/tophost/index6.hms?id=21 And you'll recieve free setup (normally $19.95) plus two free months of hosting.If you have any questions, you can either email support directly support at hostmysite.com or you can email me jamie at hostmysite.com if only to make me prove I'm not a bot!Ok, enough of the shameless plug.Sorry if I wasted your time! [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
