RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben Forta

2008-07-25 Thread John Rossi
I also use this to get the new key on inserted records, and have used
cfqueryparam for years to protect against this sort of attack, and for
performance reasons.

Functionality shouldn't be sacrificed just to protect careless developers
from themselves.

John

-Original Message-
From: Dave Francis [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 25, 2008 12:16 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben
Forta

I find it useful on occasion with INSERT then SELECT @IDENTITY

-Original Message-
From: Al Musella, DPM [mailto:[EMAIL PROTECTED]
Sent: Friday, July 25, 2008 12:05 PM
To: CF-Talk
Subject: RE: (ot) URL Hack Attempt Leaves Me Scractching My Head... To Ben
Forta

Ben,
Seeing as how this type of sql injection attack is succeeding so much
(even my favorite fishing website has been down for days due to it (it is a
..cfm site))...
  how about changing cfquery so that by default, only ONE sql statment can
be sent.  Let us override that with a parameter in cfquery or a cfprocessing
driective type of thing in our application.cfm..

I doubt many people use multiple sql statements in one cfquery, and those
that do are probably advanced enough to know to add the parameter for
allowing it..

You can call this enhancement request cf_trainingWheels


How many people out there group together (intentionally) multiple sql
statements in one cfquery?  (Like select email from users where id=1; drop
table users)

Al

  







~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:309699
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


RE: SYS-Con relies on dead technology

2007-10-16 Thread John Rossi
Google is your friend, or enemy depending on how you look at it.

http://people.langeconsulting.com/matt/

-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 16, 2007 11:42 AM
To: CF-Talk
Subject: Re: SYS-Con relies on dead technology


On Tuesday 16 Oct 2007, [EMAIL PROTECTED] wrote:
 http://www2.sys-con.com/globaldelete.cfm?emil=

I wonder who [EMAIL PROTECTED] is.

-- 
Tom Chiverton. Are you a great ColdFusion programmer, who knows Reactor and 
ColdSpring, and has done some Flex work ? Would you like to work for a top
30 
law firm in Manchester, UK ? Are not an agency ? If yes, send email !



This email is sent for and on behalf of Halliwells LLP.

Halliwells LLP is a limited liability partnership registered in England and
Wales under registered number OC307980 whose registered office address is at
St James's Court Brown Street Manchester M2 2JF.  A list of members is
available for inspection at the registered office.  Any reference to a
partner in relation to Halliwells LLP means a member of Halliwells LLP.
Regulated by The Solicitors Regulation Authority.

CONFIDENTIALITY

This email is intended only for the use of the addressee named above and may
be confidential or legally privileged.  If you are not the addressee you
must not read it and must not use any information contained in nor copy it
nor inform any person other than Halliwells LLP or the addressee of its
existence or contents.  If you have received this email in error please
delete it and notify Halliwells LLP IT Department on 0870 365 8008.

For more information about Halliwells LLP visit www.halliwells.com.



~|
Download the latest ColdFusion 8 utilities including Report Builder,
plug-ins for Eclipse and Dreamweaver updates.
http;//www.adobe.com/cfusion/entitlement/index.cfm?e=labs%5adobecf8%5Fbeta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:291220
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


RE: Just a tidbit for those who might not have use iif before

2007-03-22 Thread John Rossi
and about whether Cost is truly a Boolean...

-Original Message-
From: Rob Wilkerson [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 22, 2007 3:15 PM
To: CF-Talk
Subject: Re: Just a tidbit for those who might not have use iif before


Uh oh.  You're probably about to get hammered with responses related to the
performance cost...

On 3/22/07, Peterson, Chris [EMAIL PROTECTED] wrote:

 I have never really used iif before, I was aware it existed but didn't 
 really see a good place for it.  Until today. =)

 Check this out:

 dollarformat(iif(Cost, cost, 0))

 That says, evaluate cost as a Boolean, if its true (anything but 0 or
 null) then return cost, otherwise return 0 (so the dollarFormat does 
 not
 break)  This is great instead of a cfif around the whole thing.

 Kinda cool =)

 Chris

 



~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion?sdid=RVJW

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:273438
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


RE: enctype problem - test page up - totally baffled at this point

2007-03-06 Thread John Rossi
Is it possible there is a problem with the CFIDE mapping, or some little
error in the code.

In the code you have 

script type=text/javascript src=includes/cfform.js/script
script type=text/javascript src=/CFIDE/scripts/cfform.js/script
script type=text/javascript src=/CFIDE/scripts/masks.js/script

https://www.aaintl.com/includes/cfform.js can be downloaded by putting in
the direct url, but Both 
https://www.aaintl.com/CFIDE/scripts/cfform.js and
https://www.aaintl.com/CFIDE/scripts/masks.js give me a 404 error.

Other than that, the forms work for me on Win2000/IE6, and Win2003/IE7



-Original Message-
From: Les Mizzell [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, March 06, 2007 2:43 PM
To: CF-Talk
Subject: Re: enctype problem - test page up - totally baffled at this point


At this point, I'm totally confused! If I define the enctype, Explorer 
errors out.
If I do a cfdump from the two forms, I get interesting results as well.

No ideas from anybody?


 https://www.aaintl.com/test.cfm



FORM ONE - NO ENCTYPE DEFINED

Firefox:
FIELDNAMES  NAME_COVERED,FILEPART,SUBMIT
FILEPARTmyfile.txt
NAME_COVEREDBob Smith
SUBMIT  submit

.but, this will error out of there's an actual processing page with 
the CFFILE tag in it to process the file because of the form default 
enctype:
Invalid content type: application/x-www-form-urlencoded.


Internet Exploror:
FIELDNAMES  NAME_COVERED,FILEPART,SUBMIT
FILEPARTE:\somefolder\myfile.txt
NAME_COVEREDBob Smith
SUBMIT  submit


FORM TWO - ENCTYPE DEFINED AS multipart/form-data

Firefox:
FIELDNAMES   NAME_COVERED,FILEPART,SUBMIT
FILEPART 
/usr/local/coldfusionmx7/runtime/servers/coldfusion/SERVER-INF/temp/wwwroot-
tmp/neotmp72696.tmp
NAME_COVEREDBob Smith
SUBMIT  submit

Internet Exploror:
Cannot find server or DNS Error



~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:271767
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


RE: Form Spam

2006-06-26 Thread John Rossi
I had the same problem on a send this page to a friend page on some of the
sites I work on. I used the code from this post at
http://mkruger.cfwebtools.com/index.cfm?mode=entryentry=7014B27C-90BC-3F1C-
AA33571605423A48 along with the trimFalseEmailHeaders UDF at cflib.org. See
http://www.cflib.org/udf.cfm?id=1362 to not send the message if someone was
tying to spam with it.

John

-Original Message-
From: Steve LaBadie [mailto:[EMAIL PROTECTED] 
Sent: Monday, June 26, 2006 12:18 PM
To: CF-Talk
Subject: Form Spam


Several of my forms are being filled out with spam from levitra  cialis.
What can I do to stop this.



~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:244789
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Coldfusion with Godaddy

2006-05-09 Thread John Rossi
Not to beat a dead horse, but ask them about cfqueryparam and sql server on
their shared hosting. Currently it fails with a security error.

John

-Original Message-
From: Ken Ketsdever [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 09, 2006 12:23 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I paid for cf hosting with GoDaddy about two weeks ago and haven't bothered
to set up the account or site yet.  I just got a call from Jeff at
GoDaddy.com stating that he sees that I have paid for hosting but haven't
set it up yet and wanted to know if there was anything he could do to help.
He is going to call me back in two hours and walk me through the set-up and
all their options.  

If anyone has any questions you'd liked answered I'll ask them when he calls
back and try to get answers for you.  At any rate I thought it was pretty
decent customer service.

Ken 

Confidentiality Notice:  This message including any
attachments is for the sole use of the intended
recipient(s) and may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender and delete any
copies of this message. 





~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239976
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Coldfusion with Godaddy

2006-05-09 Thread John Rossi
Another question might be how they are currently doing client variable
storage. I think it is currently set to the registry. It would be nice to
have the option to set it to your db.

John

-Original Message-
From: Ken Ketsdever [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, May 09, 2006 12:23 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I paid for cf hosting with GoDaddy about two weeks ago and haven't bothered
to set up the account or site yet.  I just got a call from Jeff at
GoDaddy.com stating that he sees that I have paid for hosting but haven't
set it up yet and wanted to know if there was anything he could do to help.
He is going to call me back in two hours and walk me through the set-up and
all their options.  

If anyone has any questions you'd liked answered I'll ask them when he calls
back and try to get answers for you.  At any rate I thought it was pretty
decent customer service.

Ken 

Confidentiality Notice:  This message including any
attachments is for the sole use of the intended
recipient(s) and may contain confidential and privileged information. Any
unauthorized review, use, disclosure or distribution is prohibited. If you
are not the intended recipient, please contact the sender and delete any
copies of this message. 







~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239981
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Coldfusion with Godaddy

2006-05-08 Thread John Rossi
I think they probably never really got the point of my initial support
request. I haven't tried cfstoredproc yet because none of my clients sites
use it, but there is definitely a problem with cfqueryparam, and sql server
on my account at least. but The following query

cfquery name=qryTest datasource=#app_dsn#
SELECT *
FROM tblSites
WHERE intSiteID=cfqueryparam cfsqltype=cf_sql_integer value=6
/cfquery

Fails with the following error

Error Executing Database Query.  
[Macromedia][SQLServer JDBC Driver][SQLServer]EXECUTE permission denied on
object 'sp_prepexec', database 'master', owner 'dbo'.  
  
The error occurred in snip: line 34
 
32 :SELECT *
33 :FROM tblSites
34 :WHERE intSiteID=cfqueryparam cfsqltype=cf_sql_integer value=6
35 : /cfquery
36 : 
 
Its clearly a configuration issue on their end, but I am sure cfstoredproc
will probably also fail. Like I said in an earlier message, I am going to
submit another tech support request about it and reference this thread along
with some of the other blogs about cfqueryparam, and Sean Cornfield's blog
on their ColdFusion hosting in general. 

John


-Original Message-
From: Nathan Strutz [mailto:[EMAIL PROTECTED] 
Sent: Monday, May 08, 2006 1:11 PM
To: CF-Talk
Subject: Re: Coldfusion with Godaddy


They probably meant (or should have said) that GoDaddy don't support
cfstoredproc, which does run sp_prepexec for each result specified. It's
pretty inefficient, but I think there is probably no other way to do
multiple result sets through JDBC. This is the exact reason why I don't like
and don't use cfstoredproc. It also seems like database storage client
variables may do something like that... I don't exactly remember.

-nathan strutz
http://www.dopefly.com/


On 5/5/06, Mark A Kruger [EMAIL PROTECTED] wrote:

 I second that John,

 They are misinformed. I suspect their information came from a 
 misconfigured DSN setting. For example, If I set up a user bob and 
 didn't change default database  for him, then I set up a JDBC 
 connection without specifying the database I wanted to connect to - it 
 would try to connect to
 master (which is the default default database for any new user), but it
 would fail because master doesn't allow direct manipulation of data.
 Instead
 it comes with a set of SP's (sort of a like an API) for making any
 changes.

 I would be very surprised if their information was accurate. More to 
 the point, they are trading down when they deny cfqueryparam - not 
 trading up. A site that doesn't user cfqueryparam is going to be less 
 secure, slower, and
 will not be able to leverage the DB like it should.

 -mark


 -Original Message-
 From: Snake [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 05, 2006 11:57 AM
 To: CF-Talk
 Subject: RE: Coldfusion with Godaddy

 That's interesting, we have no such problem on our SQL servers, 
 CFQUERYPARAM works fine, and every user only has access to their own 
 database.


 -Original Message-
 From: John Rossi [mailto:[EMAIL PROTECTED]
 Sent: 05 May 2006 17:47
 To: CF-Talk
 Subject: RE: Coldfusion with Godaddy

 That's not entirely true. They do not, at least they told me they 
 can't allow me to use cfqueryparam with sql server in shared hosting.

 Here's the final response I got from them.

 After further researching the issue(s) at hand, we have determined the
 following:

 The line EXECUTE permission denied on object 'sp_prepexec', database 
 'master', owner 'dbo'. shows that the database is attempting to work 
 with the master database of the server. Due to this, the cfqueryparam 
 feature will not work within our shared hosting environment SQL 
 (though it should work with a locally controlled Access database). We 
 apologize for any inconvience this may cause in regards to your site 
 deployment. If you have absolute need of this feature, you may wish to 
 consider our Virtual Dedicated or Dedicated server solutions. Bear in 
 mind that these are not managed servers. Previous server 
 administration experience is recommended should you opt to move to one 
 of these solutions.

 Should you require further assistance on this or any other issue, 
 don't hesitate to contact us any time of the day or night at (480) 
 505-8877. Or, if you prefer email, you can send your questions or 
 comments to [EMAIL PROTECTED]

 Sincerely,
 Drew C.
 Advanced Hosting Support

 -Original Message-
 From: Brad Wood [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 05, 2006 12:37 PM
 To: CF-Talk
 Subject: RE: Coldfusion with Godaddy


 They guy on the phone just told me that they support all tags out of 
 the box except cfexecute and cfregistry

 He also said that they will not install custom tags for you, but I can 
 still run it in my own directory, right?

 ~Brad

 -Original Message-
 From: Andy Matthews [mailto:[EMAIL PROTECTED]
 Sent: Friday, May 05, 2006 11:31 AM
 To: CF-Talk
 Subject: RE: Coldfusion with Godaddy

 I would think they would

RE: Coldfusion with Godaddy

2006-05-05 Thread John Rossi
That's not entirely true. They do not, at least they told me they can't
allow me to use cfqueryparam with sql server in shared hosting.

Here's the final response I got from them.

After further researching the issue(s) at hand, we have determined the
following:

The line EXECUTE permission denied on object 'sp_prepexec', database
'master', owner 'dbo'. shows that the database is attempting to work with
the master database of the server. Due to this, the cfqueryparam feature
will not work within our shared hosting environment SQL (though it should
work with a locally controlled Access database). We apologize for any
inconvience this may cause in regards to your site deployment. If you have
absolute need of this feature, you may wish to consider our Virtual
Dedicated or Dedicated server solutions. Bear in mind that these are not
managed servers. Previous server administration experience is recommended
should you opt to move to one of these solutions.

Should you require further assistance on this or any other issue, don't
hesitate to contact us any time of the day or night at (480) 505-8877. Or,
if you prefer email, you can send your questions or comments to
[EMAIL PROTECTED]

Sincerely,
Drew C.
Advanced Hosting Support

-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 12:37 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


They guy on the phone just told me that they support all tags out of the box
except cfexecute and cfregistry

He also said that they will not install custom tags for you, but I can still
run it in my own directory, right?

~Brad

-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 11:31 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

I would think they would. They had a help section about Coldfusion when they
first released it. In fact, if you search this list on the website you
should be able to find my post with all of the direct links.

!//--
andy matthews
web developer
certified advanced coldfusion programmer
ICGLink, Inc.
[EMAIL PROTECTED]
615.370.1530 x737
--//-

-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Friday, May 05, 2006 11:23 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I'm on the phone now trying to get a list of restricted tags from them..
Does any one know if they publish that?

~Brad

-Original Message-
From: Brad Wood
Sent: Friday, May 05, 2006 11:04 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

Godaddy does CF now?  That is cool.  I have asked them several times if they
plan on hosting CF sites and they have always told me no.

My personal site is pretty basic and I have been looking around for some
cheap hosting to move it to.  Since my domains are already registered with
godaddy, I might give their hosting a whirl...








~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239648
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Coldfusion with Godaddy

2006-05-05 Thread John Rossi
That's basically what I told them. They will never be taken seriously by
anyone in the ColdFusion community.

I submitted that incident back at the end of March. This was for one of my
clients, who hosts with them. SQL and cfqueryparam works fine on every other
ColdFusion host who actually knows what they are doing. This is the error I
get.

I suggested maybe they might want to contact Macromedia to ask them how to
set things up correctly, but I think that fell on deaf ears. I also
suggested they change the article which states what tags they support since
it was misleading.

[Macromedia][SQLServer JDBC Driver][SQLServer]EXECUTE permission denied on
object 'sp_prepexec', database 'master', owner 'dbo'. 

Also I was the one who posted about getting the issue resolved with cffile,
but that was just a sandbox problem.


John

-Original Message-
From: Mark A Kruger [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 1:23 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I second that John,

They are misinformed. I suspect their information came from a misconfigured
DSN setting. For example, If I set up a user bob and didn't change
default database  for him, then I set up a JDBC connection without
specifying the database I wanted to connect to - it would try to connect to
master (which is the default default database for any new user), but it
would fail because master doesn't allow direct manipulation of data. Instead
it comes with a set of SP's (sort of a like an API) for making any changes. 

I would be very surprised if their information was accurate. More to the
point, they are trading down when they deny cfqueryparam - not trading up. A
site that doesn't user cfqueryparam is going to be less secure, slower, and
will not be able to leverage the DB like it should.

-mark


-Original Message-
From: Snake [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 11:57 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

That's interesting, we have no such problem on our SQL servers, CFQUERYPARAM
works fine, and every user only has access to their own database.
 

-Original Message-
From: John Rossi [mailto:[EMAIL PROTECTED]
Sent: 05 May 2006 17:47
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

That's not entirely true. They do not, at least they told me they can't
allow me to use cfqueryparam with sql server in shared hosting.

Here's the final response I got from them.

After further researching the issue(s) at hand, we have determined the
following:

The line EXECUTE permission denied on object 'sp_prepexec', database
'master', owner 'dbo'. shows that the database is attempting to work with
the master database of the server. Due to this, the cfqueryparam feature
will not work within our shared hosting environment SQL (though it should
work with a locally controlled Access database). We apologize for any
inconvience this may cause in regards to your site deployment. If you have
absolute need of this feature, you may wish to consider our Virtual
Dedicated or Dedicated server solutions. Bear in mind that these are not
managed servers. Previous server administration experience is recommended
should you opt to move to one of these solutions.

Should you require further assistance on this or any other issue, don't
hesitate to contact us any time of the day or night at (480) 505-8877. Or,
if you prefer email, you can send your questions or comments to
[EMAIL PROTECTED]

Sincerely,
Drew C.
Advanced Hosting Support

-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Friday, May 05, 2006 12:37 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


They guy on the phone just told me that they support all tags out of the box
except cfexecute and cfregistry

He also said that they will not install custom tags for you, but I can still
run it in my own directory, right?

~Brad

-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED]
Sent: Friday, May 05, 2006 11:31 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

I would think they would. They had a help section about Coldfusion when they
first released it. In fact, if you search this list on the website you
should be able to find my post with all of the direct links.

!//--
andy matthews
web developer
certified advanced coldfusion programmer ICGLink, Inc. [EMAIL PROTECTED]
615.370.1530 x737 --//-

-Original Message-
From: Brad Wood [mailto:[EMAIL PROTECTED]
Sent: Friday, May 05, 2006 11:23 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I'm on the phone now trying to get a list of restricted tags from them..
Does any one know if they publish that?

~Brad

-Original Message-
From: Brad Wood
Sent: Friday, May 05, 2006 11:04 AM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

Godaddy does CF now?  That is cool.  I have asked them several times if they
plan on hosting CF sites and they have always told me no.

My personal site is pretty

RE: Coldfusion with Godaddy

2006-05-05 Thread John Rossi
I am going to reopen the incident with your explanation of the issue and see
what happens. I made the mistake of replying to the incident while my blood
was boiling after the tech told me that if I just remove the line of code
causing the error the code would work. So my explanation was probably not
quite as concise as yours.

Thanks, John

-Original Message-
From: Mark A Kruger [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 1:23 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I second that John,

They are misinformed. I suspect their information came from a misconfigured
DSN setting. For example, If I set up a user bob and didn't change
default database  for him, then I set up a JDBC connection without
specifying the database I wanted to connect to - it would try to connect to
master (which is the default default database for any new user), but it
would fail because master doesn't allow direct manipulation of data. Instead
it comes with a set of SP's (sort of a like an API) for making any changes. 

I would be very surprised if their information was accurate. More to the
point, they are trading down when they deny cfqueryparam - not trading up. A
site that doesn't user cfqueryparam is going to be less secure, slower, and
will not be able to leverage the DB like it should.

-mark


~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239669
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Coldfusion with Godaddy

2006-05-05 Thread John Rossi
I'll do that. Good Suggestion.

-Original Message-
From: Mark A Kruger [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 1:59 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


John,

You might also refer them to the following:

Describes the tag and why it's needed.
http://mkruger.cfwebtools.com/index.cfm?mode=aliasalias=cfqueryparam

Describes an SQL Injection Attack - CFQUERYPARAM is the most straightforward
solution
http://mkruger.cfwebtools.com/index.cfm?mode=aliasalias=security.pyramid.co
de 

There are lots of other blogs out there with similar points to make about
this tag. I'm sure you can marshal some resources to prove your point. Good
luck :)

-Mark

-Original Message-
From: John Rossi [mailto:[EMAIL PROTECTED] 
Sent: Friday, May 05, 2006 12:48 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy

I am going to reopen the incident with your explanation of the issue and see
what happens. I made the mistake of replying to the incident while my blood
was boiling after the tech told me that if I just remove the line of code
causing the error the code would work. So my explanation was probably not
quite as concise as yours.

Thanks, John

-Original Message-
From: Mark A Kruger [mailto:[EMAIL PROTECTED]
Sent: Friday, May 05, 2006 1:23 PM
To: CF-Talk
Subject: RE: Coldfusion with Godaddy


I second that John,

They are misinformed. I suspect their information came from a misconfigured
DSN setting. For example, If I set up a user bob and didn't change
default database  for him, then I set up a JDBC connection without
specifying the database I wanted to connect to - it would try to connect to
master (which is the default default database for any new user), but it
would fail because master doesn't allow direct manipulation of data. Instead
it comes with a set of SP's (sort of a like an API) for making any changes. 

I would be very surprised if their information was accurate. More to the
point, they are trading down when they deny cfqueryparam - not trading up. A
site that doesn't user cfqueryparam is going to be less secure, slower, and
will not be able to leverage the DB like it should.

-mark






~|
Message: http://www.houseoffusion.com/lists.cfm/link=i:4:239680
Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4
Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Donations  Support: http://www.houseoffusion.com/tiny.cfm/54


RE: Hiding an Email Address from harvesters

2003-12-18 Thread John Rossi
That's possibly what she is doing considering that was my IP address
she just posted. I went to her domain based on her email address. Did a view
source, and look at one or two of the hidden links. I am definitely not a
spammer.

John Rossi
Webmaster/Network Administrator
Bernier  Associates, Inc.
[EMAIL PROTECTED]

-Original Message-
From: Scott Brady [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 18, 2003 11:57 AM
To: CF-Talk
Subject: Re: Hiding an Email Address from harvesters

Original Message:
 From: Les Mizzell [EMAIL PROTECTED]

 cfmail
 to=[EMAIL PROTECTED]
 from=Some Spammer
 subject=SPAM HARVESTER ALERT
 type=html
 server=MyServerInfoHere
 
 address = #cgi.remote_addr#br
 host = #cgi.remote_host#br
 referer = #cgi.http_referer#br
 agent = #cgi.http_user_agent#br
 page = #cgi.script_name#br
 /cfmail
 
 Here's the information from the email that came to me when the page 
 was hit:
 

Is that e-mail the one you're suggesting is spam?

If so, they're not harvesting your address.It looks like a robot (any
robot, including a search engine indexer) hit that page you put up which
automatically sends an e-mail.(I'm basing that on the test code you
provided)

Scott

---
Scott Brady
http://www.scottbrady.net/
_
 [Todays Threads] 
 [This Message] 
 [Subscription] 
 [Fast Unsubscribe] 
 [User Settings]




RE: OT: SPAM lists?

2001-12-06 Thread John Rossi

I emailed my old ISP last year to complain about their open relay, since I was getting
bounced emails, and they had no idea what an open relay was even when I pointed them to
relevant info. So while incompetent is a strong word it can be appropriate in certain
instances.

John

-Original Message-
From: BILLY CRAVENS [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 06, 2001 1:27 PM
To: CF-Talk
Subject: Re: OT: SPAM lists?


No disrespect intended, but I would say that you should have been aware of
the potential issues.

Lazy and incompetent are strong terms.  Perhaps irresponsibly
negligent is better.

If someone spreads viruses because their virus scanner didn't tell them they
had to update it, that's negligence.  If someone doesn't patch IIS and
spreads CodeRed, Nimda, et al,  to everyone and their dog, that's
negligence.  Negligence and innocence are not synonymous.

You are responsible for the consequences of your configuration.

---
Billy Cravens

- Original Message -
From: Bryan Stevenson [EMAIL PROTECTED]
To: CF-Talk [EMAIL PROTECTED]
Sent: Thursday, December 06, 2001 12:16 PM
Subject: Re: OT: SPAM lists?


 Well Len thanks for calling me lazy and incompetent.  Until I got
 blacklisted I did not know about open relays.  So how does that put me in
 either category?  The mail server I was running had no documentation about
 the possible abuse of or even the existence of open relays.  I'm the first
 to admit that my face was red when I found out that the situation existed
 and I dropped everything else I was doing and fixed it immeadiately.  I
can
 guarantee you that had I received a warning, it would certainly would have
 energized me to deal with the situation.

 Please watch those blanket statements in the future...because I am far
from
 lazy or incompetent...you weenie ;-)

 Bryan Stevenson
 VP  Director of E-Commerce Development
 Electric Edge Systems Group Inc.
 p. 250.920.8830
 e. [EMAIL PROTECTED]



~~
Get the mailserver that powers this list at http://www.coolfusion.com
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists