Re: Education

2009-10-25 Thread K Simanonok

It's not surprising how many folks have Music as a part of their skill set
who  are also programmers. There's a natural synergy there I think.

Music and mathematics are processed by adjacent regions of right parietal 
cerebral cortex, and programming of course uses the basic skill set of 
mathematics so it's not surprising.  Many quantitative scientists are also good 
musicians. 

~|
Want to reach the ColdFusion community with something they want? Let them know 
on the House of Fusion mailing lists
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327658
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Making a Recently Viewed list

2008-11-26 Thread K Simanonok
Reverse will reverse the whole string, not order of the list.

Do something like this:
cfloop index=i from=#ListLen(Cookie.LastVisited)# to=1 step=-1
 cfset CurId = ListGetAt(Cookie.LastVisited,i)/
 !--- TODO: lookup/output product details. ---
/cfloop

Thank you, that is a very good suggestion but it is not the nut of the problem 
because I am not even there yet.  The bigger obstacle is getting either a 
Structure or Array to actually work.  What makes sense, is logical, and follows 
the examples in the documentation only generates error messages.  How can I get 
the data from the query into a form where I can address them by the actual 
ProductID in the COOKIE.RECENTLYVIEWED? 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315951
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Making a Recently Viewed list

2008-11-25 Thread K Simanonok
I am trying to build a 'Recently Viewed' feature for an ecommerce site to 
display thumbnail images and product names with links on them in the reverse 
order that customers click on them; in other words, the product they last 
viewed should appear at the top of the list.  I am having problems using either 
a Structure or Array to do this, although either should work.  But neither 
seems to work according to the documentation and I am stymied.  Here is how it 
might work, if it did work, using arrays.   

Every time a customer lands on a new Product page the ProductID of the product 
is appended to a list in a cookie named RECENTLYVIEWED, so that 
COOKIE.RECENTLYREVIEWED might have a value something like 
647,73,123,621,733,818,290 from oldest to newest product viewed

All the product data are in a cached query named AllProducts so that numerous 
subqueries like this one RecentlyViewed to get the rest of the data do not 
require another hit to the database:

CFQUERY dbType=Query NAME=RecentlyViewed
   SELECT
  ProductID,
  ProductName,
  ThumbNail
   FROM AllProducts
   WHERE ProductID IN (#COOKIE.RECENTLYVIEWED#)
/CFQUERY

Unfortunately the query doesn't output the records in the same order specified 
in the IN clause or it would be too easy; consequently the data have to be put 
into the correct order somehow.  Logically I would first initialize three 
arrays:

CFSET AryProductID = ArrayNew(1)
CFSET AryProductName = ArrayNew(1)
CFSET AryThumbNail = ArrayNew(1)

Then loop over the output of the RecentlyViewed query to set an array like 
this: (except it doesn't work)

CFLOOP INDEX=hh FROM=1 TO=#RecentlyViewed.RecordCount#

   CFSET AryProductID[RecentlyViewed.ProductID#] = 
#RecentlyViewed.ProductID[hh]#
   CFSET AryProductName[RecentlyViewed.ProductID] = 
#RecentlyViewed.ProductName[hh]#
   CFSET AryThumbNail[RecentlyViewed.ProductID] = 
#RecentlyViewed.ThumbNail[hh]#

/CFLOOP

This SHOULD produce an array with values like so: (except it doesn't work)

AryProductID[647] = 647
AryProductName[647] = 'Lemon Cake'
AryThumbNail[647] = 'LemonCake.jpg'

AryProductID[73] = 73
AryProductName[73] = 'Cranberry Muffins'
AryThumbNail[73] = 'CranMuffins.jpg'

AryProductID[123] = 123
AryProductName[123] = 'Blueberry Muffins'
AryThumbNail[123] = 'BlueMuffins.jpg'

etc.

With arrays coded by the ProductID I should be able to use the 
COOKIE.RECENTLYVIEWED list of ProductIDs to output everything in its proper 
order like so by the use of Reverse(COOKIE.RECENTLYVIEWED): (except it doesn't 
work)

CFOUTPUT

   CFLOOP INDEX=ii LIST=#Reverse(COOKIE.RECENTLYVIEWED)#

  #AryProductID[ii]# (using the ProductID to construct a dynamic URL to the 
product, I know it's redundant and unnecessary in this particular case but it's 
just for illustration)
  #AryProductName[ii]# (to display the product name on the customer's 
Recently Viewed list)
  #AryThumbNail[ii]# (to display the product image with the product name on 
the customer's Recently Viewed list

   /CFLOOP

/CFOUTPUT

I don't care if I have to use Arrays, Structures, or anything else to get the 
data displayed the way I want, this is just an example of one way it might be 
done if ColdFusion actually worked the way it is documented to work.  

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f

Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:315923
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Can ColdFusion detect if Flash is available?

2008-05-21 Thread K Simanonok
I'd like to be able to detect if a user's browser will support Flash, and 
ideally be able to tell if the version is up to date enough to handle my Flash 
application.  Is this possible?

TIA 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305847
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Dreamweaver CS3 with ColdFusion and Style Sheets

2008-05-20 Thread K Simanonok
Just a few years ago Dreamweaver was a horrid product with meaningless icons 
scattered all over the place, now I've downloaded the trial for CS3 and find 
that most of the deficiencies have been fixed to make it a proper Windows 
application with normal dropdown text menus and only a few meaningless icons 
scattered here and there that at least show their function in text when moused 
over.  

I want to redesign a website to follow the Zen Garden example 
(http://csszengarden.com) and completely separate content (i.e. in index.cfm) 
from presentation (i.e. in styles.css).  It looks like Dreamweaver could help 
in this effort, if anyone has answers to these questions I'd be grateful:

1) Is there any way to set up Dreamweaver to work so that all drag and drop and 
editing operations will be performed entirely on the style sheet?  (Excepting 
actual text changes of course).  Dreamweaver seems to allow a certain amount of 
drag and drop functionality (it's not clear how it decides to work sometimes 
and sometimes not though) and if drag and drop and other edits could be made to 
work entirely on the style sheet that would be ideal.  

2) Dreamweaver persistently wants to save my index.cfm file as index.cfm.dwt, I 
am guessing dwt stands for 'dreamweaver template' and DW is probably trying to 
be helpful but that is just plain irritating functionality that I would like to 
either shut off or else use in a less intrusive way if possible.  I notice that 
what looks like Dreamweaver-specific code gets inserted into my 
named-by-brute-force-every-time-saved index.cfm using it the way I am, and 
that's probably not the way it's supposed to work.  So, can I tell DW to write 
its .dwt files somewhere where I don't have to screw around with them, and 
allow me to edit the index.cfm file directly?  Or do I have to always work in 
the .dwt file and hope that the proper index.cfm will somehow get written out 
for me properly somewhere?  Naturally the Help functionality explains 
everything about the smallest minutia of the program but omits the central big 
picture stuff necessary for setup and getting started, can anyone advise me how 
to set up Dreamweaver properly to do its own thing out of my way and let me 
edit my files without DW wanting to rename them?

3) I just ordered Mastering CSS with Dreamweaver CS3 by Stephanie Sullivan 
and Greg Rewis, anyone know that book and can comment on its quality?  

Any other suggestions about working with Dreamweaver to separate content from 
presentation would be appreciated.



~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305761
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Server Side Include Injection creates a License Exception

2008-05-12 Thread K Simanonok
Anyone use ScanAlert.com's HackerSafe product?  They scan your website to look 
for security vulnerabilities and let you know when they find any.  Well there's 
something called a Server Side Include Injection vulnerability which apparently 
can sometimes allow a hacker to access data and services they shouldn't, but 
even if they fail at that it is still considered a vulnerability to expose to a 
hacker the files and paths and error messages that may be generated.

So today I got an alert from ScanAlert telling me that a site I manage has a 
vulnerability when this code is passed after the domain/ : 

'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp


ColdFusion sees this in its PATH_INFO but I have been unable to capture the 
information to deal with it appropriately (normally I'd just redirect to the 
homepage and show no error message) with code like CFIF CGI.PATH_INFO CONTAINS 
serverRootUrl.  But even though it's in the PATH_INFO it's not recognized for 
some reason, so I haven't been able to find a way to stop the License Exception 
error that gets thrown and displays all kinds of data to potential hackers.

I thought it would be interesting to show how the same vulnerability can be 
exposed on some of the websites referenced on this list lately, and see if 
anyone has a good solution to not showing so much information about the errors 
generated to hackers.

1) Dave Watts is always on top of things, Dave how should you deal with this?

http://www.figleaf.com/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp

2) The same error style can be seen at 
http://fusion.dominicwatson.co.uk/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp
 
and 
http://flexcf.com/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp
and
http://learncf.com/'+serverRootUrl+'/s7ondemand/misc/email2friend.jsp










~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305091
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


PS: Server Side Include Injection creates a License Exception

2008-05-12 Thread K Simanonok
PS: There is a TechNote about a License Exception at 
http://kb.adobe.com/selfservice/viewContent.do?externalId=kb400595sliceId=1 
although it doesn't say anything about how to trap the error or about dealing 
with it when it's caused by a Server Side Include Injection attack.



~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305092
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Re: SOT: Holy Grail? Hosting?

2008-02-16 Thread K Simanonok
I have a dedicated server at CrystalTech and I think they've been fantastic.  
No they're not going to hold your hand and teach you everything you need to 
know about managing DNS and IIS but you're supposed to be grown up enough to 
RTFM on your own.  I've only ever had a few issues, they were quickly and 
professionally addressed, and I like very much having full control over my own 
first class webserver.  CrystalTech rocks.




~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299191
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?

2008-02-15 Thread K Simanonok
Jochem's tersely abbreviated post at first seemed to read as if the solution 
was to ENABLE Global Script Protection (which didn't make sense), but James you 
made me realize that he meant to point me in that general direction and that 
the real solution was to NOT ENABLE Global Script Protection.  My hosting 
provider implemented the change and everything is fine again.

Take-home lesson:  if you ever find your EMBED and OBJECT tags getting 
mysteriously converted to InvalidTag in a CFFILE WRITE operation, disable 
Global Script Protection in the CF Administrator.


Now if we could just get this houseoffusion.com forum to actually record posts 
the first time instead of nothing nothing nothing and then suddenly three 
copies of the same thing appear...





~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:299053
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?

2008-02-14 Thread K Simanonok
Jochem, can you be a little more specific?  The webserver is not mine, I don't 
have control of the CF Administrator, and any changes are going to affect other 
people so I have to make a strong case to my hosting provider that any change I 
suggest is going to actually solve the problem.

In this case the docs indicate (thanks for the link) that enabling Global 
Script Protection will protect against cross-site scripting attacks, but I 
don't think that there's a cross-site attack going on, but an intra-site attack 
of some kind or security setting somewhere changing my EMBED and OBJECT tags 
to InvalidTag at the moment of a CFFILE WRITE operation.  Could that even 
possibly be done through a cross-site scripting attack?  It's not anybody else 
modifying the .cfm files I write, it's only me which I'm sure of because the 
logs show nobody else has been in messing with them, and it happens instantly 
upon a CFFILE WRITE.  It does not however happen to any .cfm's I upload via 
FTP, and if it was a cross-site scripting attack going on they should be 
affected in that case too.  

So what could be changing my EMBED and OBJECT tags to InvalidTag?



Karl Simanonok wrote:
 The webserver is running Windows 2003 Server and CF is version 
 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 
 6.0.  Anybody have any idea what setting somewhere (no doubt for 
 security) is changing all my EMBED and OBJECT tags to InvalidTag 
 when CFFILE WRITE occurs?

Enable Global Script Protection: 
http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023

Jochem 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298973
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?

2008-02-14 Thread K Simanonok
Jochem, can you be a little more specific?  The webserver is not mine, I don't 
have control of the CF Administrator, and any changes are going to affect other 
people so I have to make a strong case to my hosting provider that any change I 
suggest is going to actually solve the problem.

In this case the docs indicate (thanks for the link) that enabling Global 
Script Protection will protect against cross-site scripting attacks, but I 
don't think that there's a cross-site attack going on, but an intra-site attack 
of some kind or security setting somewhere changing my EMBED and OBJECT tags 
to InvalidTag at the moment of a CFFILE WRITE operation.  Could that even 
possibly be done through a cross-site scripting attack?  It's not anybody else 
modifying the .cfm files I write, it's only me which I'm sure of because the 
logs show nobody else has been in messing with them, and it happens instantly 
upon a CFFILE WRITE.  It does not however happen to any .cfm's I upload via 
FTP, and if it was a cross-site scripting attack going on they should be 
affected in that case too.  

So what could be changing my EMBED and OBJECT tags to InvalidTag?



Karl Simanonok wrote:
 The webserver is running Windows 2003 Server and CF is version 
 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 
 6.0.  Anybody have any idea what setting somewhere (no doubt for 
 security) is changing all my EMBED and OBJECT tags to InvalidTag 
 when CFFILE WRITE occurs?

Enable Global Script Protection: 
http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023

Jochem 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298974
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Huh? EMBED and OBJECT Tags Get Modified During CFFILE WRITE?

2008-02-14 Thread K Simanonok
Jochem, can you be a little more specific?  The webserver is not mine, I don't 
have control of the CF Administrator, and any changes are going to affect other 
people so I have to make a strong case to my hosting provider that any change I 
suggest is going to actually solve the problem.

In this case the docs indicate (thanks for the link) that enabling Global 
Script Protection will protect against cross-site scripting attacks, but I 
don't think that there's a cross-site attack going on, but an intra-site attack 
of some kind or security setting somewhere changing my EMBED and OBJECT tags 
to InvalidTag at the moment of a CFFILE WRITE operation.  Could that even 
possibly be done through a cross-site scripting attack?  It's not anybody else 
modifying the .cfm files I write, it's only me which I'm sure of because the 
logs show nobody else has been in messing with them, and it happens instantly 
upon a CFFILE WRITE.  It does not however happen to any .cfm's I upload via 
FTP, and if it was a cross-site scripting attack going on they should be 
affected in that case too.  

So what could be changing my EMBED and OBJECT tags to InvalidTag?



Karl Simanonok wrote:
 The webserver is running Windows 2003 Server and CF is version 
 7,0,0,91690 (MX 7) Enterprise version, the webserver is IIS 
 6.0.  Anybody have any idea what setting somewhere (no doubt for 
 security) is changing all my EMBED and OBJECT tags to InvalidTag 
 when CFFILE WRITE occurs?

Enable Global Script Protection: 
http://livedocs.adobe.com/coldfusion/8/htmldocs/basiconfig_05.html#1215023

Jochem 

~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298975
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Beyond Captcha

2008-02-09 Thread K Simanonok
Tom Chiverton said the following on 2/8/2008 3:41 AM:
Frankly, I think we users / developers spend way too much time trying to 
one-up the lowlife spammers. Instead, we should quit wasting time, 
re-channel our energies, grab some baseball bats, and start hunting the 
bastards down and beat the livin' crap out of 'em!

I was thinking that castrating a few might set an example for the others to 
decide if they really want to take the continuing risk, as well as throw a 
little chlorine in the gene pool by sterilizing them.



~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to 
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:298618
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Executing Code in a CFINCLUDE within CFMAIL

2007-07-09 Thread K Simanonok
 I am trying to get CF code to run inside a CFMAIL tag where the code 
 is called by a CFINCLUDE.  There are plenty of historical examples 
 here showing how people have done it in the past, but when I reproduce 
 their code all that gets emailed is the bare code, unexecuted.  There 
 must be some secret trick that I don't know about like an arcane 
 setting in the CF Administrator maybe?  I am using CF 5 presently, is 
 there something special needed in CF 5 to enable code to run inside 
 CFMAIL when it is in a CFINCLUDE?

~|
ColdFusion 8 beta – Build next generation applications today.
Free beta download on Labs
http://www.adobe.com/cfusion/entitlement/index.cfm?e=labs_adobecf8_beta

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:283298
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Executing Code in a CFINCLUDE within CFMAIL

2007-06-06 Thread K Simanonok
I am trying to get CF code to run inside a CFMAIL tag where the code is called 
by a CFINCLUDE.  There are plenty of historical examples here showing how 
people have done it in the past, but when I reproduce their code all that gets 
emailed is the bare code, unexecuted.  There must be some secret trick that I 
don't know about like an arcane setting in the CF Administrator maybe?  I am 
using CF 5 presently, is there something special needed in CF 5 to enable code 
to run inside CFMAIL when it is in a CFINCLUDE?


~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280220
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Executing Code in a CFINCLUDE within CFMAIL

2007-06-06 Thread K Simanonok
Are you trying to send a HTML message? If yes, add this attribute cfmail 
type=html

I have tried sending both HTML and plain text, and yes I have tried that cfmail 
type=html attribute in addition to a lot of other things following some of 
the historical examples on this forum, but nothing works.  The actual CF code 
that's in the CFINCLUDEd file always get emailed, it does not get executed.  I 
can't figure it out, it is baffling.  



~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade  see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:280273
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


When Assholes Play Games

2007-05-18 Thread K Simanonok
 On Friday 18 May 2007, Tom Chiverton wrote:
 You didn't ask 'how do I'. You asked 'is it possible'.


If someone abuses the purpose and intent of this forum to amuse themselves by 
trying to be clever, rather than sharing knowledge for those seeking help, what 
does it take to get them booted off the list?





~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278660
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Re: Regular Expression to count links

2007-05-17 Thread K Simanonok
Thanks Charlie, looks like your solution will work, I'll test.

Andy, I appreciate your suggestion even if it won't work.

Tom, you may be well-intentioned, but do you realize your posts were useless?  
A question like Hey buddy, can you tell me where the train station is? is 
never intended to be taken so literally that yes is a worthwhile answer.  


yeah.  can't use multiple character delimiters in CF.  Not with native
CF array/list functions.

if you use split(), you can.

cfset myString = a_!_b_!_c_d!e_f /
cfset myArray = myString.split('_!_') /

cfoutput
   #listLen(myString, '_!_')#
   br /
   #arrayLen(myArray)#
/cfoutput

On 5/16/07, Tom Chiverton [EMAIL PROTECTED] wrote:


~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade  see new features.
http://www.adobe.com/products/coldfusion?sdid=RVJR

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278547
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Regular Expression to count links

2007-05-16 Thread K Simanonok
Is it possible to use a regular expression to count the number of links A 
HREF=http://something.com;like so/A in a given block of text?




~|
ColdFusion MX7 by Adobe®
Dyncamically transform webcontent into Adobe PDF with new ColdFusion MX7. 
Free Trial. http://www.adobe.com/products/coldfusion?sdid=RVJV

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:278257
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: defeating offline form posts

2007-05-11 Thread K Simanonok
 Offsite forms can be submitted to use your email templates as 

Here's the header you'd have to include.

Referer: http://mywebsite.com/

Not too much to that, is there?

Not if they are able to figure it out, which someone determined enough would 
probably eventually do.  Fortunately my hacker-wannabe hasn't.  

What would be a better way to solve this problem?  I don't want to require 
registration and login for someone who simply wants to send me a legitimate 
email, and besides registration and login require forms which themselves could 
be attack vectors.




~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2?sdid=RVJT

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277701
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: defeating offline form posts

2007-05-09 Thread K Simanonok
At 03:10 AM 5/9/2007, Eric wrote:
 Curious question here. If I think about this, if someone takes a form 
of ours for login, for example, and makes a local copy on their 
machineand they set the post action to be the live server 
authenticate filewhat is the best way to detect this and defeat it? 
Noone has ever gained access this way as of yet, but we are studying 
possibilities, and this seems to me to be an attack vector.

 Any thoughts? A check to see if the referrer was the domain 
name/login file name? Or can that be spoofed as well then?

Offsite forms can be submitted to use your email templates as Spam blasters or 
else to send Spam to you, and such submittals can be automated so they'll do 
their dirty work without any human intervention.  I just recently had this 
problem with some creep attacking a site of mine with a robot every couple of 
hours and solved it this way:

CFIF CGI.HTTP_REFERER DOES NOT CONTAIN http://mywebsite.com;

   Error message presented (mine is quite nasty) 

   CFABORT

/CFIF

I'm not sure how someone could spoof a domain name to defeat this, probably by 
screwing around with the headers but they'd have to know or be determined 
enough to figure out what they needed to do.  Certainly you're not going to 
explain to them in your error message that they didn't submit the message from 
the proper page on your site, although they will know that and can experiment 
if they want.  

Did someone say that not all browsers will send HTTP_REFERER information?  That 
could make this method less than ideal.  



..


~|
Create Web Applications With ColdFusion MX7  Flex 2. 
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS 

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277572
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Paymentech Issues

2007-02-20 Thread K Simanonok
Pardon me if this turns into a double posting, but for some reason CF-Talk 
isn't getting my emails.  So I tried the Yahoo interface once but there's text 
there with a link saying it should be done from 
http://www.houseoffusion.com/groups/CF-Talk/reply.cfm.

=

Anyone using Paymentech's real-time credit card validation?  I'm having a 
problem with their service because there are circumstances where they'll send 
back two replies.  It's due in part I think to my customers clicking twice on 
the Submit button, so I've got some Javascript preventing that second click, 
but some people's Javascript doesn't work because they've either got it turned 
off or they're using some funky browser.  Large text saying PLEASE JUST CLICK 
ONCE is also sometimes ignored.  You'd think that Paymentech would prevent 
this problem on their end but they're apparently incapable of doing so (trying 
to get them to do the slightest thing to fix anything is impossible, my 
recommendation is not to ever use their services if you're not already, they 
are an incredibly slothful and lazy bureaucracy and don't care about individual 
customers since they've got plenty).  So my site gets two replies back from 
them sometimes -- this should really be no problem because after all I am 
recording in my DB that the first reply was received and I don't accept a 
second if the DB already has a record saying the first one was received.  BUT 
what can happen is that due to the transmission latencies varying, a second 
reply from Paymentech can come in before the first one is finished processing 
and therefore there's no record in my DB yet that the first one has been 
received.  So they both can get processed!  

I'm thinking about solving this problem by creating an Application variable for 
each reply from Paymentech, named after the unique identifier for the 
transaction.  This would be way faster than the DB can get a record stuffed 
into it.  I'd simply check with each reply from Paymentech to see whether or 
not an application variable by the name of the unique identifier already exists 
or not, and process the transaction only if it doesn't.  I'm writing to ask if 
anyone here has dealt with a dependency like this, and is my intended solution 
the best one?  

Thanks,

Karl S.

~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270236
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Regular Expression Help on Email Addresses

2007-02-20 Thread K Simanonok
I would like to use a regular expression to camouflage email addresses in a 
forum I'm building.  I'd like to replace just the domain name (not the .com or 
.net or other extension though) with x's:

FROM THIS:  [EMAIL PROTECTED]
TO THIS:[EMAIL PROTECTED]

Where the number of x's exactly matches the number of characters replaced.  
Make sense?  It should work with kludgy domain names having dashes in them too 
(are there any other characters allowed?  I don't think so) like so:

FROM THIS: [EMAIL PROTECTED]
TO THIS:   [EMAIL PROTECTED]

Can anyone help me out with this?  TIA

Karl S.

~|
Macromedia ColdFusion MX7
Upgrade to MX7  experience time-saving features, more productivity.
http://www.adobe.com/products/coldfusion

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270251
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Regular Expression Help on Email Addresses

2007-02-20 Thread K Simanonok
I would like to use a regular expression to camouflage email addresses in a 
forum I'm building.  I'd like to replace just the domain name (not the .com or 
.net or other extension though) with x's:

FROM THIS:  [EMAIL PROTECTED]
TO THIS:[EMAIL PROTECTED]

Where the number of x's exactly matches the number of characters replaced.  
Make sense?  It should work with kludgy domain names having dashes in them too 
(are there any other characters allowed?  I don't think so) like so:

FROM THIS: [EMAIL PROTECTED]
TO THIS:   [EMAIL PROTECTED]

Can anyone help me out with this?  TIA

Karl S.

~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270252
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Regular Expression Help on Email Addresses

2007-02-20 Thread K Simanonok
I would like to use a regular expression to camouflage email addresses in a 
forum I'm building.  I'd like to replace just the domain name (not the .com or 
.net or other extension though) with x's:

FROM THIS:  [EMAIL PROTECTED]
TO THIS:[EMAIL PROTECTED]

Where the number of x's exactly matches the number of characters replaced.  
Make sense?  It should work with kludgy domain names having dashes in them too 
(are there any other characters allowed?  I don't think so) like so:

FROM THIS: [EMAIL PROTECTED]
TO THIS:   [EMAIL PROTECTED]

Can anyone help me out with this?  TIA

Karl S.

~|
Create robust enterprise, web RIAs.
Upgrade  integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270259
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Re: Is this the best approach?

2007-02-20 Thread K Simanonok
Before you get too far into your sweepstakes coding, I would suggest that you 
have your client check with his attorney, if he hasn't already done so, to be 
sure that the details of what he intends to do are legal.  I'm not any kind of 
expert in this area but I have heard of sweepstakes going very badly with the 
sponsors being financially ruined in the end and being threatened with the 
possibility of prison time in the process.  Plus whatever your client needs to 
do to conduct his sweepstakes legally may very well influence your coding.  

~|
Upgrade to Adobe ColdFusion MX7
The most significant release in over 10 years. Upgrade  see new features.
http://www.adobe.com/products/coldfusion

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270283
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Is this the best approach?

2007-02-20 Thread K Simanonok
Before you get too far into your sweepstakes coding, I would suggest that you 
have your client check with his attorney, if he hasn't already done so, to be 
sure that the details of what he intends to do are legal.  I'm not any kind of 
expert in this area but I have heard of sweepstakes going very badly with the 
sponsors being financially ruined in the end and being threatened with the 
possibility of prison time in the process.  Plus whatever your client needs to 
do to conduct his sweepstakes legally may very well influence your coding.  

~|
Upgrade to Adobe ColdFusion MX7
Experience Flex 2  MX7 integration  create powerful cross-platform RIAs
http://www.adobe.com/products/coldfusion/flex2/

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270284
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: 
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4


Re: Is this the best approach?

2007-02-20 Thread K Simanonok
Ryan's right, and I'll go so far as to say what he's described to you is a 
*much* better way to create new sweepstakes.  Think about it: once you start 
creating a bunch of subdirectories and copying .cfm templates into them, at 
some point in the future you may find yourself maintaining them all too and 
eventually wishing that you hadn't created such a mess of redundancy for 
yourself to wade through and try to keep straight.  So you'll almost certainly 
be much better off using one code set for all your sweepstakes, providing that 
the sweepstakes are going to resemble each other in their functioning which it 
sounds like you are planning to do.  There are a number of ways to do it too, 
not necessarily with .htaccess mods either.  I would think about using a single 
/sweepstakes/ subdirectory containing a custom .cfm landing page for each 
individual sweepstakes event (which your client is going to want anyway) so 
that each landing page could contain a unique Sweepstakes_ID in a hidden form 
field that gets passed from one page to the next.  Less cleanly you could pass 
a URL.Sweepstakes_ID between pages, or better, you might even want to set a 
cookie with a Sweepstakes_ID that doesn't get deleted until the user finishes 
the questions.  There are a lot of ways to skin this cat.

The only reason to NOT do it with one code set might be if you planned to use 
your Admin functionality to actually write out static files so that your users 
working their way through the questions wouldn't be hitting the database at all 
or hardly at all (you could accumulate all their answers in hidden form fields 
or in a cookie without hitting the database until the very end, just once).  
You could get away with using a not-very-powerful server and database doing it 
that way if you had to (MS Access on a 500Mhz shared server for example) but if 
you have a fast dedicated web server and any version of MSSQL running on a 
second machine then you ought to keep it all dynamic, the way CF was meant to 
be.  


~|
Deploy Web Applications Quickly across the enterprise with ColdFusion MX7  
Flex 2. 
Free Trial 
http://www.adobe.com/products/coldfusion/flex2/

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270285
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4


Re: Is this the best approach?

2007-02-20 Thread K Simanonok
A couple of other thoughts:

1) Separate landing pages for each sweepstakes gives you the opportunity to 
name them with keywords to benefit your clients' SEO.  So 
http://mysite.com/sweepstakes/win-a-2008-mustang.cfm is significantly better in 
Google's eyes than http://mysite.com/sweepstakes/index.cfm, for example.  

2) It sounds like the functionality you're intending to build to construct and 
operate your sweepstakes is very similar to the functionality needed to build 
surveys, and there's code already out there for surveys.  I remember looking at 
the survey engine at http://www.activefeedback.com/af/ow/order1.cfm a few years 
ago and being quite impressed with the Admin functionality that lets you very 
easily create questions and choose response types (probably the $495 Survey 
Engine 2.0 Enterprise without the library of forms would work well for you).  
Unfortunately it looks like you can no longer download a trial version to see 
for yourself, but they've got some pretty good demos so you can see the end 
result anyway, I couldn't find a demo for the Admin functionality which is even 
better.  The point is you may not have to start from scratch if you do your 
homework, there may even be free code available for CF surveys that would save 
you lots of coding time.  


~|
ColdFusion MX7 and Flex 2 
Build sales  marketing dashboard RIA’s for your business. Upgrade now
http://www.adobe.com/products/coldfusion/flex2

Archive: 
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:270286
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4