Re: Education
It's not surprising how many folks have Music as a part of their skill set who are also programmers. There's a natural synergy there I think. Music and mathematics are processed by adjacent regions of right parietal cerebral cortex, and programming of course uses the basic skill set of mathematics so it's not surprising. Many quantitative scientists are also good musicians. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327658 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Making a Recently Viewed list
Reverse will reverse the whole string, not order of the list. Do something like this: cfloop index=i from=#ListLen(Cookie.LastVisited)# to=1 step=-1 cfset CurId = ListGetAt(Cookie.LastVisited,i)/ !--- TODO: lookup/output product details. --- /cfloop Thank you, that is a very good suggestion but it is not the nut of the problem because I am not even there yet. The bigger obstacle is getting either a Structure or Array to actually work. What makes sense, is logical, and follows the examples in the documentation only generates error messages. How can I get the data from the query into a form where I can address them by the actual ProductID in the COOKIE.RECENTLYVIEWED? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315951 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Making a Recently Viewed list
I am trying to build a 'Recently Viewed' feature for an ecommerce site to display thumbnail images and product names with links on them in the reverse order that customers click on them; in other words, the product they last viewed should appear at the top of the list. I am having problems using either a Structure or Array to do this, although either should work. But neither seems to work according to the documentation and I am stymied. Here is how it might work, if it did work, using arrays. Every time a customer lands on a new Product page the ProductID of the product is appended to a list in a cookie named RECENTLYVIEWED, so that COOKIE.RECENTLYREVIEWED might have a value something like 647,73,123,621,733,818,290 from oldest to newest product viewed All the product data are in a cached query named AllProducts so that numerous subqueries like this one RecentlyViewed to get the rest of the data do not require another hit to the database: CFQUERY dbType=Query NAME=RecentlyViewed SELECT ProductID, ProductName, ThumbNail FROM AllProducts WHERE ProductID IN (#COOKIE.RECENTLYVIEWED#) /CFQUERY Unfortunately the query doesn't output the records in the same order specified in the IN clause or it would be too easy; consequently the data have to be put into the correct order somehow. Logically I would first initialize three arrays: CFSET AryProductID = ArrayNew(1) CFSET AryProductName = ArrayNew(1) CFSET AryThumbNail = ArrayNew(1) Then loop over the output of the RecentlyViewed query to set an array like this: (except it doesn't work) CFLOOP INDEX=hh FROM=1 TO=#RecentlyViewed.RecordCount# CFSET AryProductID[RecentlyViewed.ProductID#] = #RecentlyViewed.ProductID[hh]# CFSET AryProductName[RecentlyViewed.ProductID] = #RecentlyViewed.ProductName[hh]# CFSET AryThumbNail[RecentlyViewed.ProductID] = #RecentlyViewed.ThumbNail[hh]# /CFLOOP This SHOULD produce an array with values like so: (except it doesn't work) AryProductID[647] = 647 AryProductName[647] = 'Lemon Cake' AryThumbNail[647] = 'LemonCake.jpg' AryProductID[73] = 73 AryProductName[73] = 'Cranberry Muffins' AryThumbNail[73] = 'CranMuffins.jpg' AryProductID[123] = 123 AryProductName[123] = 'Blueberry Muffins' AryThumbNail[123] = 'BlueMuffins.jpg' etc. With arrays coded by the ProductID I should be able to use the COOKIE.RECENTLYVIEWED list of ProductIDs to output everything in its proper order like so by the use of Reverse(COOKIE.RECENTLYVIEWED): (except it doesn't work) CFOUTPUT CFLOOP INDEX=ii LIST=#Reverse(COOKIE.RECENTLYVIEWED)# #AryProductID[ii]# (using the ProductID to construct a dynamic URL to the product, I know it's redundant and unnecessary in this particular case but it's just for illustration) #AryProductName[ii]# (to display the product name on the customer's Recently Viewed list) #AryThumbNail[ii]# (to display the product image with the product name on the customer's Recently Viewed list /CFLOOP /CFOUTPUT I don't care if I have to use Arrays, Structures, or anything else to get the data displayed the way I want, this is just an example of one way it might be done if ColdFusion actually worked the way it is documented to work. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315923 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Can ColdFusion detect if Flash is available?
I'd like to be able to detect if a user's browser will support Flash, and ideally be able to tell if the version is up to date enough to handle my Flash application. Is this possible? TIA ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305847 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Dreamweaver CS3 with ColdFusion and Style Sheets
Just a few years ago Dreamweaver was a horrid product with meaningless icons scattered all over the place, now I've downloaded the trial for CS3 and find that most of the deficiencies have been fixed to make it a proper Windows application with normal dropdown text menus and only a few meaningless icons scattered here and there that at least show their function in text when moused over. I want to redesign a website to follow the Zen Garden example (http://csszengarden.com) and completely separate content (i.e. in index.cfm) from presentation (i.e. in styles.css). It looks like Dreamweaver could help in this effort, if anyone has answers to these questions I'd be grateful: 1) Is there any way to set up Dreamweaver to work so that all drag and drop and editing operations will be performed entirely on the style sheet? (Excepting actual text changes of course). Dreamweaver seems to allow a certain amount of drag and drop functionality (it's not clear how it decides to work sometimes and sometimes not though) and if drag and drop and other edits could be made to work entirely on the style sheet that would be ideal. 2) Dreamweaver persistently wants to save my index.cfm file as index.cfm.dwt, I am guessing dwt stands for 'dreamweaver template' and DW is probably trying to be helpful but that is just plain irritating functionality that I would like to either shut off or else use in a less intrusive way if possible. I notice that what looks like Dreamweaver-specific code gets inserted into my named-by-brute-force-every-time-saved index.cfm using it the way I am, and that's probably not the way it's supposed to work. So, can I tell DW to write its .dwt files somewhere where I don't have to screw around with them, and allow me to edit the index.cfm file directly? Or do I have to always work in the .dwt file and hope that the proper index.cfm will somehow get written out for me properly somewhere? Naturally the Help functionality explains everything about the smallest minutia of the program but omits the central big picture stuff necessary for setup and getting started, can anyone advise me how to set up Dreamweaver properly to do its own thing out of my way and let me edit my files without DW wanting to rename them? 3) I just ordered Mastering CSS with Dreamweaver CS3 by Stephanie Sullivan and Greg Rewis, anyone know that book and can comment on its quality? Any other suggestions about working with Dreamweaver to separate content from presentation would be appreciated. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305761 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Server Side Include Injection creates a License Exception
Anyone use ScanAlert.com's HackerSafe product? They scan your website to look for security vulnerabilities and let you know when they find any. Well there's something called a Server Side Include Injection vulnerability which apparently can sometimes allow a hacker to access data and services they shouldn't, but even if they fail at that it is still considered a vulnerability to expose to a hacker the files and paths and error messages that may be generated. So today I got an alert from ScanAlert telling me that a site I manage has a vulnerability when this code is passed after the domain/ : '+serverRootUrl+'/s7ondemand/misc/email2friend.jsp ColdFusion sees this in its PATH_INFO but I have been unable to capture the information to deal with it appropriately (normally I'd just redirect to the homepage and show no error message) with code like CFIF CGI.PATH_INFO CONTAINS serverRootUrl. But even though it's in the PATH_INFO it's not recognized for some reason, so I haven't been able to find a way to stop the License Exception error that gets thrown and displays all kinds of data to potential hackers. I thought it would be interesting to show how the same vulnerability can be exposed on some of the websites referenced on this list lately, and see if anyone has a good solution to not showing so much information about the errors generated to hackers. 1) Dave Watts is always on top of things, Dave how should you deal with this? http://www.figleaf.com/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp 2) The same error style can be seen at http://fusion.dominicwatson.co.uk/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp and http://flexcf.com/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp and http://learncf.com/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305091 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
PS: Server Side Include Injection creates a License Exception
PS: There is a TechNote about a License Exception at http://kb.adobe.com/selfservice/viewContent.do?externalId=kb400595sliceId=1 although it doesn't say anything about how to trap the error or about dealing with it when it's caused by a Server Side Include Injection attack. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305092 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: SOT: Holy Grail? Hosting?
I have a dedicated server at CrystalTech and I think they've been fantastic. No they're not going to hold your hand and teach you everything you need to know about managing DNS and IIS but you're supposed to be grown up enough to RTFM on your own. I've only ever had a few issues, they were quickly and professionally addressed, and I like very much having full control over my own first class webserver. CrystalTech rocks. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299191 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem's tersely abbreviated post at first seemed to read as if the solution was to ENABLE Global Script Protection (which didn't make sense), but James you made me realize that he meant to point me in that general direction and that the real solution was to NOT ENABLE Global Script Protection. My hosting provider implemented the change and everything is fine again. Take-home lesson: if you ever find your EMBED and OBJECT tags getting mysteriously converted to InvalidTag in a CFFILE WRITE operation, disable Global Script Protection in the CF Administrator. Now if we could just get this houseoffusion.com forum to actually record posts the first time instead of nothing nothing nothing and then suddenly three copies of the same thing appear... ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299053 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem. In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or security setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298973 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem. In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or security setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298974 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?
Jochem, can you be a little more specific? The webserver is not mine, I don't have control of the CF Administrator, and any changes are going to affect other people so I have to make a strong case to my hosting provider that any change I suggest is going to actually solve the problem. In this case the docs indicate (thanks for the link) that enabling Global Script Protection will protect against cross-site scripting attacks, but I don't think that there's a cross-site attack going on, but an intra-site attack of some kind or security setting somewhere changing my EMBED and OBJECT tags to InvalidTag at the moment of a CFFILE WRITE operation. Could that even possibly be done through a cross-site scripting attack? It's not anybody else modifying the .cfm files I write, it's only me which I'm sure of because the logs show nobody else has been in messing with them, and it happens instantly upon a CFFILE WRITE. It does not however happen to any .cfm's I upload via FTP, and if it was a cross-site scripting attack going on they should be affected in that case too. So what could be changing my EMBED and OBJECT tags to InvalidTag? Karl Simanonok wrote: The webserver is running Windows 2003 Server and CF is version 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 6.0. Anybody have any idea what setting somewhere (no doubt for security) is changing all my EMBED and OBJECT tags to InvalidTag when CFFILE WRITE occurs? Enable Global Script Protection: http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023 Jochem ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298975 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Beyond Captcha
Tom Chiverton said the following on 2/8/2008 3:41 AM: Frankly, I think we users / developers spend way too much time trying to one-up the lowlife spammers. Instead, we should quit wasting time, re-channel our energies, grab some baseball bats, and start hunting the bastards down and beat the livin' crap out of 'em! I was thinking that castrating a few might set an example for the others to decide if they really want to take the continuing risk, as well as throw a little chlorine in the gene pool by sterilizing them. ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;160198600;22374440;w Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298618 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Executing Code in a CFINCLUDE within CFMAIL
I am trying to get CF code to run inside a CFMAIL tag where the code is called by a CFINCLUDE. There are plenty of historical examples here showing how people have done it in the past, but when I reproduce their code all that gets emailed is the bare code, unexecuted. There must be some secret trick that I don't know about like an arcane setting in the CF Administrator maybe? I am using CF 5 presently, is there something special needed in CF 5 to enable code to run inside CFMAIL when it is in a CFINCLUDE? ~| ColdFusion 8 beta â Build next generation applications today. Free beta download on Labs http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:283298 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Executing Code in a CFINCLUDE within CFMAIL
I am trying to get CF code to run inside a CFMAIL tag where the code is called by a CFINCLUDE. There are plenty of historical examples here showing how people have done it in the past, but when I reproduce their code all that gets emailed is the bare code, unexecuted. There must be some secret trick that I don't know about like an arcane setting in the CF Administrator maybe? I am using CF 5 presently, is there something special needed in CF 5 to enable code to run inside CFMAIL when it is in a CFINCLUDE? ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280220 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Executing Code in a CFINCLUDE within CFMAIL
Are you trying to send a HTML message? If yes, add this attribute cfmail type=html I have tried sending both HTML and plain text, and yes I have tried that cfmail type=html attribute in addition to a lot of other things following some of the historical examples on this forum, but nothing works. The actual CF code that's in the CFINCLUDEd file always get emailed, it does not get executed. I can't figure it out, it is baffling. ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280273 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
When Assholes Play Games
On Friday 18 May 2007, Tom Chiverton wrote: You didn't ask 'how do I'. You asked 'is it possible'. If someone abuses the purpose and intent of this forum to amuse themselves by trying to be clever, rather than sharing knowledge for those seeking help, what does it take to get them booted off the list? ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278660 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Regular Expression to count links
Thanks Charlie, looks like your solution will work, I'll test. Andy, I appreciate your suggestion even if it won't work. Tom, you may be well-intentioned, but do you realize your posts were useless? A question like Hey buddy, can you tell me where the train station is? is never intended to be taken so literally that yes is a worthwhile answer. yeah. can't use multiple character delimiters in CF. Not with native CF array/list functions. if you use split(), you can. cfset myString = a_!_b_!_c_d!e_f / cfset myArray = myString.split('_!_') / cfoutput #listLen(myString, '_!_')# br / #arrayLen(myArray)# /cfoutput On 5/16/07, Tom Chiverton [EMAIL PROTECTED] wrote: ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion?sdid=RVJR Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278547 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Regular Expression to count links
Is it possible to use a regular expression to count the number of links A HREF=http://something.com;like so/A in a given block of text? ~| ColdFusion MX7 by Adobe® Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278257 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: defeating offline form posts
Offsite forms can be submitted to use your email templates as Here's the header you'd have to include. Referer: http://mywebsite.com/ Not too much to that, is there? Not if they are able to figure it out, which someone determined enough would probably eventually do. Fortunately my hacker-wannabe hasn't. What would be a better way to solve this problem? I don't want to require registration and login for someone who simply wants to send me a legitimate email, and besides registration and login require forms which themselves could be attack vectors. ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277701 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: defeating offline form posts
At 03:10 AM 5/9/2007, Eric wrote: Curious question here. If I think about this, if someone takes a form of ours for login, for example, and makes a local copy on their machineand they set the post action to be the live server authenticate filewhat is the best way to detect this and defeat it? Noone has ever gained access this way as of yet, but we are studying possibilities, and this seems to me to be an attack vector. Any thoughts? A check to see if the referrer was the domain name/login file name? Or can that be spoofed as well then? Offsite forms can be submitted to use your email templates as Spam blasters or else to send Spam to you, and such submittals can be automated so they'll do their dirty work without any human intervention. I just recently had this problem with some creep attacking a site of mine with a robot every couple of hours and solved it this way: CFIF CGI.HTTP_REFERER DOES NOT CONTAIN http://mywebsite.com; Error message presented (mine is quite nasty) CFABORT /CFIF I'm not sure how someone could spoof a domain name to defeat this, probably by screwing around with the headers but they'd have to know or be determined enough to figure out what they needed to do. Certainly you're not going to explain to them in your error message that they didn't submit the message from the proper page on your site, although they will know that and can experiment if they want. Did someone say that not all browsers will send HTTP_REFERER information? That could make this method less than ideal. .. ~| Create Web Applications With ColdFusion MX7 Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277572 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Paymentech Issues
Pardon me if this turns into a double posting, but for some reason CF-Talk isn't getting my emails. So I tried the Yahoo interface once but there's text there with a link saying it should be done from http://www.houseoffusion.com/groups/CF-Talk/reply.cfm. = Anyone using Paymentech's real-time credit card validation? I'm having a problem with their service because there are circumstances where they'll send back two replies. It's due in part I think to my customers clicking twice on the Submit button, so I've got some Javascript preventing that second click, but some people's Javascript doesn't work because they've either got it turned off or they're using some funky browser. Large text saying PLEASE JUST CLICK ONCE is also sometimes ignored. You'd think that Paymentech would prevent this problem on their end but they're apparently incapable of doing so (trying to get them to do the slightest thing to fix anything is impossible, my recommendation is not to ever use their services if you're not already, they are an incredibly slothful and lazy bureaucracy and don't care about individual customers since they've got plenty). So my site gets two replies back from them sometimes -- this should really be no problem because after all I am recording in my DB that the first reply was received and I don't accept a second if the DB already has a record saying the first one was received. BUT what can happen is that due to the transmission latencies varying, a second reply from Paymentech can come in before the first one is finished processing and therefore there's no record in my DB yet that the first one has been received. So they both can get processed! I'm thinking about solving this problem by creating an Application variable for each reply from Paymentech, named after the unique identifier for the transaction. This would be way faster than the DB can get a record stuffed into it. I'd simply check with each reply from Paymentech to see whether or not an application variable by the name of the unique identifier already exists or not, and process the transaction only if it doesn't. I'm writing to ask if anyone here has dealt with a dependency like this, and is my intended solution the best one? Thanks, Karl S. ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270236 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Regular Expression Help on Email Addresses
I would like to use a regular expression to camouflage email addresses in a forum I'm building. I'd like to replace just the domain name (not the .com or .net or other extension though) with x's: FROM THIS: [EMAIL PROTECTED] TO THIS:[EMAIL PROTECTED] Where the number of x's exactly matches the number of characters replaced. Make sense? It should work with kludgy domain names having dashes in them too (are there any other characters allowed? I don't think so) like so: FROM THIS: [EMAIL PROTECTED] TO THIS: [EMAIL PROTECTED] Can anyone help me out with this? TIA Karl S. ~| Macromedia ColdFusion MX7 Upgrade to MX7 experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270251 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Regular Expression Help on Email Addresses
I would like to use a regular expression to camouflage email addresses in a forum I'm building. I'd like to replace just the domain name (not the .com or .net or other extension though) with x's: FROM THIS: [EMAIL PROTECTED] TO THIS:[EMAIL PROTECTED] Where the number of x's exactly matches the number of characters replaced. Make sense? It should work with kludgy domain names having dashes in them too (are there any other characters allowed? I don't think so) like so: FROM THIS: [EMAIL PROTECTED] TO THIS: [EMAIL PROTECTED] Can anyone help me out with this? TIA Karl S. ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270252 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Regular Expression Help on Email Addresses
I would like to use a regular expression to camouflage email addresses in a forum I'm building. I'd like to replace just the domain name (not the .com or .net or other extension though) with x's: FROM THIS: [EMAIL PROTECTED] TO THIS:[EMAIL PROTECTED] Where the number of x's exactly matches the number of characters replaced. Make sense? It should work with kludgy domain names having dashes in them too (are there any other characters allowed? I don't think so) like so: FROM THIS: [EMAIL PROTECTED] TO THIS: [EMAIL PROTECTED] Can anyone help me out with this? TIA Karl S. ~| Create robust enterprise, web RIAs. Upgrade integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270259 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Is this the best approach?
Before you get too far into your sweepstakes coding, I would suggest that you have your client check with his attorney, if he hasn't already done so, to be sure that the details of what he intends to do are legal. I'm not any kind of expert in this area but I have heard of sweepstakes going very badly with the sponsors being financially ruined in the end and being threatened with the possibility of prison time in the process. Plus whatever your client needs to do to conduct his sweepstakes legally may very well influence your coding. ~| Upgrade to Adobe ColdFusion MX7 The most significant release in over 10 years. Upgrade see new features. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270283 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Is this the best approach?
Before you get too far into your sweepstakes coding, I would suggest that you have your client check with his attorney, if he hasn't already done so, to be sure that the details of what he intends to do are legal. I'm not any kind of expert in this area but I have heard of sweepstakes going very badly with the sponsors being financially ruined in the end and being threatened with the possibility of prison time in the process. Plus whatever your client needs to do to conduct his sweepstakes legally may very well influence your coding. ~| Upgrade to Adobe ColdFusion MX7 Experience Flex 2 MX7 integration create powerful cross-platform RIAs http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270284 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Is this the best approach?
Ryan's right, and I'll go so far as to say what he's described to you is a *much* better way to create new sweepstakes. Think about it: once you start creating a bunch of subdirectories and copying .cfm templates into them, at some point in the future you may find yourself maintaining them all too and eventually wishing that you hadn't created such a mess of redundancy for yourself to wade through and try to keep straight. So you'll almost certainly be much better off using one code set for all your sweepstakes, providing that the sweepstakes are going to resemble each other in their functioning which it sounds like you are planning to do. There are a number of ways to do it too, not necessarily with .htaccess mods either. I would think about using a single /sweepstakes/ subdirectory containing a custom .cfm landing page for each individual sweepstakes event (which your client is going to want anyway) so that each landing page could contain a unique Sweepstakes_ID in a hidden form field that gets passed from one page to the next. Less cleanly you could pass a URL.Sweepstakes_ID between pages, or better, you might even want to set a cookie with a Sweepstakes_ID that doesn't get deleted until the user finishes the questions. There are a lot of ways to skin this cat. The only reason to NOT do it with one code set might be if you planned to use your Admin functionality to actually write out static files so that your users working their way through the questions wouldn't be hitting the database at all or hardly at all (you could accumulate all their answers in hidden form fields or in a cookie without hitting the database until the very end, just once). You could get away with using a not-very-powerful server and database doing it that way if you had to (MS Access on a 500Mhz shared server for example) but if you have a fast dedicated web server and any version of MSSQL running on a second machine then you ought to keep it all dynamic, the way CF was meant to be. ~| Deploy Web Applications Quickly across the enterprise with ColdFusion MX7 Flex 2. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270285 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: Is this the best approach?
A couple of other thoughts: 1) Separate landing pages for each sweepstakes gives you the opportunity to name them with keywords to benefit your clients' SEO. So http://mysite.com/sweepstakes/win-a-2008-mustang.cfm is significantly better in Google's eyes than http://mysite.com/sweepstakes/index.cfm, for example. 2) It sounds like the functionality you're intending to build to construct and operate your sweepstakes is very similar to the functionality needed to build surveys, and there's code already out there for surveys. I remember looking at the survey engine at http://www.activefeedback.com/af/ow/order1.cfm a few years ago and being quite impressed with the Admin functionality that lets you very easily create questions and choose response types (probably the $495 Survey Engine 2.0 Enterprise without the library of forms would work well for you). Unfortunately it looks like you can no longer download a trial version to see for yourself, but they've got some pretty good demos so you can see the end result anyway, I couldn't find a demo for the Admin functionality which is even better. The point is you may not have to start from scratch if you do your homework, there may even be free code available for CF surveys that would save you lots of coding time. ~| ColdFusion MX7 and Flex 2 Build sales marketing dashboard RIAâs for your business. Upgrade now http://www.adobe.com/products/coldfusion/flex2 Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270286 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4