CFMX Easter egg (I think)
I certainly can't recommend anyone try this. It didn't hurt my server any, but my head still hurts a little. This is somewhat disturbing Kind of reminds me of some of the SciFi channel's logo spots lately. http://your_cfmx_server/cfide/administrator/settings/_licensedata.cfm?seri alize You'll need the Flash player installed. Best regards, Zac Bedell ~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribeforumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
RE: Cheaper Alternative to SQL Server 2000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 system). Another option is to join the MS Developer Network and get a universal subscription for about $600 (plus tax/shipping). With that, you get all the commerce server, visual studio, office and a whole bunch of other software, including SQL Server. I wanted SQL Server to run on my development box and thought this was a great deal - Office Developer, Win200 and MS SQL (plus all the other stuff) for less than $700. I have to ask... Where on EARTH did you get an MSDN Universal sub for $700? We just paid like $2100 BTW, if anyone needs/wants Visio 2000 Pro (plus a free copy of Visio 2000 Enterprise), I have a still-shrink-wrapped copy I don't need anymore (since it's part of the MSDN subscription) that I'll let go for what I paid - about $350. Do keep in mind that your MSDN copy has extremely limited licensing. If you're using Visio to do anything other than develop Visio applications, then you probably need to hold on to your shrink wrapped copy to be legal. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOpaGqqvhLS1aWPxeEQKBzACgqsEabX9aUOMw+CHIhQRZVTGQdNoAoLgx c3VzUweW1h9p0RFNtObbgbU+ =jgMR -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cheaper Alternative to SQL Server 2000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does anyone have the link to Subscription page for MS Developer Network? I have looked through the site and can't find it. http://msdn.microsoft.com/subscriptions/prodinfo/overview.asp That's the info page about the different levels. There's a Purchase link on that page to get you to the actual order form. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOpaPVavhLS1aWPxeEQKpMQCeN2K7eGeOaP3Q14zNxKyb/uwkQOUAnjdG 2BCYc2XeL7DDpKiIwHp3ipGL =t7Eu -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to choose Name or Scope when locking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I haven't seen anything yet that talks explicitly about when to use the Name attribute and when to use the Scope attribute. There have been a number of threads around whether to single thread updates to a single table. For example, lets say that I read from a table in two programs and write/delete from a third. For this example, lets say I want to single thread all writes. To do this, would you use scope="application" type="readonly" to lock the two read queries and scope="application" type="exclusive" around the write or would replace the scope attribute in both with something like name="databasename.tablename"? First of all... Why in lord's name would you want to single thread your DB access? You use an RDBMS like Access, SQL Server, or whatever because your DB handles all the locking concurrency issues for you. I can think of a few VERY limited cases where you might need to single thread access (perhaps in some sort of status tracking or *something*). If I ever ran into a situation like that, I'd think LONG HARD about how to get around the problem without single threading the DB. That's just ASKING for performance nightmares... In any case, if you did need to lock your DB for one particular table, then you would use a named lock with something like name="database.table" or whatever. Here's the skinny on when to use scope when to use name for CFLOCK: If you're accessing a shared CF variable in the session, application, or server scope, then you should use a scoped lock of the appropriate scope. You *shouldn't* access more than one scope within a single lock, tho I suspect you could access session in an application lock and application session in a server lock without killing the server. I would think that if automatic checking is enabled, it would probably disallow that activity. I certainly wouldn't code anything to use it. For basically everything else, you use named locks. When you're controlling access to anything that falls outside of the three CF shared scopes -- mostly "outside world" type of stuff -- scope doesn't work. Examples: You have a non-thread safe CFX tag. You should use a lock that is the name of the tag around all accesses to it. Your DB example above is another valid example, tho I'm not sure why you'd want to do that. Hopefully that's at least a little clearer than mud... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOpU3x6vhLS1aWPxeEQJrsgCfR5nOE8vtxMj+PZLLim4GUIPI/mYAn2Hk iacc+HOazuS3mA+jxE63BbXa =E//I -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Cheaper Alternative to SQL Server 2000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well, there's always MySQL, but I bet there's a chorus of folks here who'll say it ain't ready for primetime, which is why I'm posting... could anyone expound on this? Especially using mySQL with CF. Ok... I'll bite... Probably the biggest things about MySQL that aren't ready for prime time are these: 1) Its support for transactions is limited (at best!). I know they're working on that and it's getting better, but that's a fairly big limitation for some situations. 2) As far as I know, it still doesn't support any kind of stored procedure. 3) They take shortcuts on things like log-before-write that can cause data loss or corruption if your server loses power or if MySQL goes down hard. Microsoft SQL Server is pretty close to bullet-proof in that regard. If SQL Server tells ODBC that data was written, then indeed it will be written -- either permanently to the DB or at least to the log where it will be recovered if anything unpleasant happens to the server. MySQL doesn't do that, so there's a chance of problems. I've never run into any, but it's mathematically possible 4) MySQL's support for JOINs is fairly dumb in my experience. I find I have to use completely different syntax to do the same things in SQL Server / MS Access then I do for MySQL. That's not to say MySQL doesn't have it's plusses. It *is* free. I've got the MP3 player in the trunk of my car running MySQL and it works just *fine*. I just wouldn't want to sick a thousand paying customers on that server and hope it keeps working through it... That's just my jaded opinion of course, so please take it with the proper grain of salt... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOpVqcKvhLS1aWPxeEQIqvwCg9CPpRT2K4DZyloBKYUDP7JvuTCoAoOxC CippPV+adIoyx7ZEQPHH7zqQ =YGHK -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to choose Name or Scope when locking
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I haven't seen anything yet that talks explicitly about when to
use the Name attribute and when to use the Scope
attribute. There have been a number of threads around
whether to single thread updates to a single table.
For example, lets say that I read from a table in two
programs and write/delete from a third. For this example,
lets say I want to single thread all writes. To do this,
would you use scope="application" type="readonly" to lock
the two read queries and scope="application" type="exclusive"
around the write or would replace the scope attribute in both
with something like name="databasename.tablename"?
First of all... Why in lord's name would you want to single
thread your DB access?
Fairly common example:
You insert something in the database, and immediately
need to access
the ID of that new thing. You want to single thread the
insert and select,
so the table doesn't change.
Example:
Table1 (a fairly static table)
Table2 (A table that changes a lot)
Table1Table2 (an intersection table, because their is
a many to
many relationship between table 1 and table 2)
Insert into table2
select the thing you just inserted into table2 (to get the ID)
Inset into intersection table.
You'll want to the first to SQL statements to be
single-threaded. There are SQL commands to do this, the
commands commit and rollback come to mind. I typically
just use CFTRANSACTION in those
cases, so I don't have the exact SQL syntax memorized.
Are you using MS SQL Server or Access here? SQL Server and any other
halfway decent RDBMS should support something like the following
syntax:
Cfquery name="Thingy" dsn="Whatever"
SET NOCOUNT ON
INSERT INTO Table2 (Whatever) VAUES ('Thingy')
SELECT @@IDENTITY AS ThatSnazzyNewIDNumber
SET NOCOUNT OFF
/cfquery
Cfset Table2ID = Thingy.ThatSnazzyNewIDNumber
Cfquery name="OtherThingy" dsn="Whatever"
INSERT INTO Table1Table2 (Table1ID, Table2ID) VALUES
(#WhateverHadTheTable1ID#, #Table2ID#)
/cfquery
Now you've got the ID without any chance of other updates messing you
up AND you don't need to limit the DB to only one update at a time.
Pretty neat, ne?
I think the remainder of this e-mail says it all about
naming vs scope in a lock, though. ;)
I learned locking at the School Of Hard Knocks, and I've become
somewhat of a locking evangelist... I'll get off my soapbox now...
*grin*
Best regards,
Zac Bedell
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: Please use PGP!
iQA/AwUBOpVsuqvhLS1aWPxeEQLzswCgqz8aORvfImWJFl/9IEXQ/Ov8Q7IAoI5i
aziyM1EUWzwHn5anI/qT8XU0
=JOFP
-END PGP SIGNATURE-
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to choose Name or Scope when locking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zac, Thanks. This was very helpful. One clarification question. Does a Named lock prevent a same-named thread within the session or application(on a single server?)? Well... I'm not quite sure what you're asking. The three scoped locks and any named lock are completely separate beasts. If you have two threads that hit the same named lock, one of them will block until the other is done. If you have session, application, or server locks going on at the same time, that won't effect the named lock in any way, nor will the named lock affect the scoped locks. Basically: * Two named locks with the same name will affect each other. * Two session locks in the same session will affect each other. * Two application locks in the same application will affect each other. * Two server locks will affect each other. * Any other possible combination, and the two locks won't even know the other one exists. Make sense? Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOpV7G6vhLS1aWPxeEQIkRQCfa4VAxeyKKCnxNyQJkoi8NS+YCt4AoKMm riKVynfg396liGRNk69NZ3YS =bHQK -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Win2K and SQL Server 7.0 quest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -Original Message- From: Phoeun Pha [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 12:16 PM To: CF-Talk Subject: RE: Win2K and SQL Server 7.0 quest what are SP's for, and are they free? SP == Service Pack. I.E. a whole bunch of bugfixes what not all rolled into one neat package for installation. They are free, and they're available from Microsoft's site. For Win2k SP's, your best bet is just to use the Windows Update utility. You can also download then from somewhere under http://www.microsoft.com/windows2000/. The current Win2k SP is SP1. For SQL Server 7.0, the current is SP3. That can be downloaded from somewhere under http://www.microsoft.com/sqlserver/. Service Pack releases from Microsoft are always cumulative, so it doesn't matter if you've installed all the service packs in order. If you skipped a couple , that's fine. Just installed the latest service pack that's available at the time, and you'll be sure to have all the latest patches. For Win2k, you can find out what (if any) service pack you have installed by right-clicking on My Computer choosing Properties. For SQL Server, it's a little more tricky. You need to execute "SELECT @@VERSION" against any database. You'll get output something like this: Microsoft SQL Server 7.00 - 7.00.961 (Intel X86) Oct 24 2000 18:39:12 Copyright (c) 1988-1998 Microsoft Corporation Standard Edition on Windows NT 5.0 (Build 2195: ) The version number (7.00.961) reflects the service pack. To the best of my knowledge, the .961 means service pack 3, but I could well be wrong on that. If you look in Microsoft's Knowledge Base, there's an article that lists what build numbers equate to the various service packs. Hope that's helpful... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOo1mdqvhLS1aWPxeEQLQ6wCfYbjyhlpOpcXw7/C2WAapVV/tAqoAn3xJ D8ESTbJZiilEi+ERoaEdw+ok =AcsT -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF Source Code?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Okay... This thread is kinda going south anyways, so perhaps I can add my two cents without anyone thinking I'm outta line... Has anyone ever thought of creating a Windows Scripting Engine that could handle CF code? Basically, that would allow you to execute CFM code in ASP pages on any WinNT/Win2K box without needing ColdFusion installed. Seems like it could be nice if done right, but Any good C++ coders out there with a few months worth of free time they're looking to burn? ;-) Best regards, Zac Bedell -Original Message- From: Billy Cravens [mailto:[EMAIL PROTECTED]] Sent: Friday, February 16, 2001 1:27 PM To: CF-Talk Subject: Re: CF Source Code? I hope your senior project doesn't require uniqueness, otherwise, you may have been beaten to the punch: http://www.cfadvisor.com/api-shl/engine.cfm?ArticleID=34104De partmentID=1 -- Billy Cravens HR Web Development, Sabre [EMAIL PROTECTED] Ruslan Sivak wrote: I'm planning to develop the core of CF in Java for my Senior Project class in college. I know that CF is a commercial product, and finding the source code would be next to impossible, so can anyone suggest what direction I should look to find out the CF internals? Are there any good books on writing interpreters? Are there books that explain the CF internals? Any other comments? Ruslan Sivak Technologist ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Upload module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 How about this: Wrap the CFFILE call in a CFTRY block. Catch the error deal with it if necessary, otherwise the code will just work as it should. Best regards, Zac Bedell -Original Message- From: MJS @ Four Eyes [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 15, 2001 11:24 AM To: CF-Talk Subject: Upload module Hi, I'm trying to create a universal upload moduleso that you can have as many uploads on a form as you want and name them whatever you want. it all works great, unless the person doesn't upload something then I get the: Error processing CFFILE No data was received in the uploaded file '\.' Saving empty (zero-length) files is prohibitted. Please make sure you specified the correct file. this is because when it check the loop and tries to upload off the form field...the field is empty. I cannot seem to check the value of the field in the loop, because at that point it is still a field name, not a field value. The CFFile converts it into a value itself Help please... called via cfmodule template="Mod_Upload_File.cfm" UploadFields="ProductionImage,ProductionClip" Accept="image/jpeg,image/gif,image/pjpeg,image/jpg" nameconflict="Overwrite" SavePath="D:\FOUREYES\WEBDEV\foureyesweb.com\bombo\Uploads\Pro ductions\" dbtype="odbc" DSN="Bombo" Table="Productions" RecordID_Name="ProductionID" RecordID="43" The module is as follows: (including fusedoc!) !--- my fusedoc - Point: 1) mod_upload_file.cfm will then loop through attributes:uploads and run a CFFile Uploading to the attribute SavePath 2) It will then run a query on a Database (DSN) and Table (table) on a RecordID and field Name to insert/update the file name for this upload Attributes IN: Type = is this an Insert, Update (Remeber this is Mod_upload not Mod_delete!!!) This will determine which queryis being used UploadFields = Array for all files to be uploaded This is the form fileds that contain the files sample Uploads="Image1, Image2, Clip3" Accept = what type of file are we allowed to accept for this field sample accept="image/jpeg,image/gif,image/pjpeg,image/jpg" nameconflict = what to do when there is a name conflict accepted values = Error , Skip, Overwrite, MakeUnique SavePath the path for the files to be saved to sample SavePath="D:\FOUREYES\WEBDEV\foureyesweb.com\bombo\Uploads\Pro ductions\" DBTYPE = Type of Database (ex.ODBC) DSN = the DB that the query should use sample DSN = "Bombo" Table = the table the query should use Table="Productions" RecordID_Name = the field name in the table of the primary key record ID RecordID = the Primary key number that the query should update Output: Nothing: this module only writes to a database ! Here we set up the loop to loop through all files that are uploaded !--- we have to set a counter so we can track the loop --- cfset Counter=1 cfloop index="UploadField" list="#Attributes.UploadFields#" !--- Let's Upload some files / but we have to make sure that there is a file there first ! this is where I have my problem --- cfoutput cffile action="UPLOAD" filefield="#UploadField#" destination="#attributes.SavePath#" nameconflict="#attributes.nameconflict#" accept="#attributes.Accept#" ! now the query cfquery name="#UploadField#" datasource="#attributes.DSN#" dbtype="#attributes.dbtype#" UPDATE #attributes.Table# SET #UploadField# = '#file.serverfile#' WHERE #attributes.RecordID_Name# = #attributes.RecordID# /cfquery /cfif /cfoutput !--- The last thing we do is update the counter --- cfset Counter=Counter + 1 /CFLOOP -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOow/lavhLS1aWPxeEQLKnACfeEDpjPcRezFvAmuEE7WgTKFK/ZAAoOG4 2Xyb4aRg7plC6ay5MOHRfWqL =zICR -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: W2K vs. NT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Any advantages/disadvantages with NT 4 vs. Win 2000? Please consider I'm a novice when it come to Windows. I've learned enough NT to keep my CF/Web server knocking_woodrunning almost constantly/knocking_wood. Will I have to learn a bunch of new stuff to keep 2000 going? A little... A lot of the admin stuff is done differently, but you can pick it up pretty quickly. Is 2000 stable? "Like a rock." (Please don't sue me, G.M) I'm doing pretty good with NT sp5 and don't want to bite off more than I can chew. The SQL machine will be for SQL Server only! If you're only using SP5 (as opposed to SP6) for your web server, then you might be using the various FuseBox URL faking techniques. Those don't work on NT4 SP6 or Win2k. That's not an issue if this is just a SQL box, but do keep that fact in mind... The only other software I'd install is some defrag stuff and a client for my Retrospect backup. You won't need to install defrag w/ Win2k -- it comes with it. Tho a SQL only box shouldn't get fragmented -- SQL Server creates big contiguous files works with in them for everything it does. I doubt your drive would get fragmented at all if it's dedicated SQL. On the whole, I'm fairly certain you'll enjoy Win2k. It's performance is stellar for us. We've only got one box left to upgrade, and it's going soon! Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOoGfyKvhLS1aWPxeEQIw1gCeP0VxL8lkF5AColTMfxaCd4nOEfwAni4d STbIz6ubFIVd9OVIbp95Cpek =BpC3 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Windows 2000 Professional and CF Server 4.0.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 4.0.1 works great provided it was there before Win2k. If you do NT4, CF, then upgrade to Win2k, you should be okay. Basically 4.0.1 works fine under 2k, but the installer is brain dead. Rather than patch the installer, Allaire would rather you run out spend on their new version. Big surprise... I've got a machine running 4.0.1 w/ Win2k Server w/ no problems what so ever. Best regards, Zac Bedell -Original Message- From: Jim McAtee [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 31, 2001 12:38 PM To: CF-Talk Subject: Re: Windows 2000 Professional and CF Server 4.0.1 - Original Message - From: "Aidan Whitehall" [EMAIL PROTECTED] To: "CF-Talk" [EMAIL PROTECTED] Sent: Wednesday, January 31, 2001 7:09 AM Subject: RE: Windows 2000 Professional and CF Server 4.0.1 Allaire does not support anything less than cf4.5 on a WIN2K box. OK, thanks. I'd still be interested in whether anyone's got a stable workaround. In general, Allaire support isn't something I use. I'm warming up to Windows 2000 - Windows 2000 Pro on workstations is great - now we're getting ready to take the plunge with our servers. CF 4.5, however, is something I don't need. I've still got it in a shrink-wrapped box from when we had a subscription. Way too many issues for me to want to deal with it. Jim ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL Server Licensing Woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The last time I read the full SQL 7 license agreement, I found a little loophole. They fixed it in the SQL 2000 agreement, but if you're only using 7, maybe this could help you. CF_DisclaimerI am *not* a lawyer. I am a coder. That said, my grasp of the English language is automatically suspect. Before betting the farm on this, you probably ought to have a lawyer check it out.../CF_Disclaimer The way the 7.0 license was stated, it *looks* like you need either the ICL, OR one CAL per concurrent access TO THE SQL SERVER. Since CF is automatically limited to no more concurrent access than it has threads (set in the CF Administrator), you should only need that many CALs. Alternately, I *think* you can limit the number of concurrent DB accesses per data source in the Administrator as well. I know that in the SQL 2000 license, they specifically said you can't do that anymore, but the SQL 7 license seems to allow it. It would probably be wise to grab and ICL if you can get one, but you *may* not need one. Anyone else who's recently read the full SQL 7 license care to confirm/deny this? I may well be on crack... Best regards, Zac Bedell -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Monday, January 29, 2001 8:19 PM To: CF-Talk Subject: RE: SQL Server Licensing Woes Actually if you are using a WebServer to connect to the SQL Server you do not need an Internet Connector License. Internet Connector Licenses are for users from the internet connecting directly to the SQL Server as in many Win32 apps that were developed. Attached is the link to this information. I was advised of this by the Microsoft Licensing Center. You would need a CAL for every WebServer that will connect to the SQL Server and any other device from the internet that would be accessing the resources of the SQL Server. http://www.microsoft.com/SQL/productinfo/70pricing.htm Uh, there are a couple of problems here. First, according to the SQL 7 pricing info in your link, if you allow access to SQL Server through a web server, you would need to either get the Internet Connector License, or purchase a CAL for each concurrent user, depending on whether the users of the application are "internal" or "public": -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOnbjbKvhLS1aWPxeEQIzAwCgvkfOXFTQC5EP5j+z6kORHTwSGZ8AoJiA MHjDVjUcrZMcOQMpENPvvbSC =dzga -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CyberCash built-in at CF 4.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 No such luck. 4.5 doesn't have any built in CyberCash functionality. You still have to use the CFX_CyberCash tag (which does a fine job). It's on Allaire's tag gallery if you don't already have it. Best regards, Zac Bedell -Original Message- From: Cecilia Lam [mailto:[EMAIL PROTECTED]] Sent: Friday, January 26, 2001 11:27 AM To: CF-Talk Subject: CyberCash built-in at CF 4.5 Hi, This is a question regarding CyberCash transaction. We are using Win NT, CF server 4.0 and CyberCash 3.2 for our online transaction. We are upgrading our system to Win 200, CF 4.5 and I was told that CF 4.5 now has the CyberCash function built-in. I had been searching for more information on this issue and could not find any. Have anyone heard of this function? Does anyone know what is the function name? Or how could someone implement that in CF 4.5? Any information is appreciated. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOnG5IKvhLS1aWPxeEQJM7QCgwNSb2m9TxC0QbrKHL0OFHrrb4t0AniDV Z26bIHIrrX6I0ZAdmcno7jIB =cPSj -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: custom CFERROR pages, what's your solution?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Under CF 4.5.x, you can set the CFERROR type to Exception and then execute CF Code in your error pages. Under 4.0, you're SOL... I used to make the CFERROR page a page that did an HTTP meta refresh to another CF page passing all the error parameters in the URL. That way the second CF page can handle the errors in some intelligent mannor. It was a kludge, but it (sorta) worked... Best regards, Zac Bedell -Original Message- From: Mike Amburn [mailto:[EMAIL PROTECTED]] Sent: Friday, January 26, 2001 1:23 PM To: CF-Talk Subject: custom CFERROR pages, what's your solution? using CFERROR, you can create a custom error page. however, you can't perform any CF logic within that page. if you had to include some logic, the only method i can think of is to capture the error data in form inputs and use javascript to submit the form to another page that included the CF. has anyone else thought of a (better) method where you can use CFERROR but also present a page that uses CF logic? -mike ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLOCK for 4.0.1 AND 4.5.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The scope="" is optional as you can use the same locking syntax as in 4.0, ie. named locks (scope and name are mutually exclusive though, so don't try both). I don't think Allaire would cut their own throats by being that backwards incompatible; Actually... There is deep red arterial blood pouring from the Allaire's severred jugular They did indeed do something stupid by making 4.5 locking not work on 4.0 AND making 4.0 locking not work on a 4.5 server w/ full checking or automatic read locking enabled. Vis: On my 4.0 server, this code: cflock scope="session" type="exclusive" timeout="5" cfset Session.Foo = "bar" /cflock dies with: Just in time compilation error An unknown attribute 'scope' has been encountered at document position (1:9) to (1:13) while processing tag CFLOCK. This tag can only take the following attributes: NAME THROWONTIMEOUT TIMEOUT TYPE So a cflock like this: cflock name="foobar" timeout="5" Should work the exact same in CF4.0x and 4.5.x, if it isn't I think I'd contact Allaire on the issue. That will indeed work on 4.5 *IF* the server has no lock checking. It *won't* work if the server has auto read locking or full checking enabled. It sucks, but alas, that's the way it is May Allaire/Macromedia NOT do anything so nasty to us when 5.0 comes out... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOm2XkavhLS1aWPxeEQKgxACg7JxAP5WRP4Q/oj/zjto0Lyuz+sQAnR0g 3pMwirKGGcHAjaXOefT3RnsT =wAuL -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLOCK for 4.0.1 AND 4.5.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't think Allaire would cut their own throats by being that backwards incompatible; Actually... There is deep red arterial blood pouring from the Allaire's severed jugular They did indeed do something stupid by making 4.5 locking not work on 4.0 AND making 4.0 locking not work on a 4.5 server w/ full checking or automatic read locking enabled. So don't turn on full checking or automatic read locking. Patient: "Doc, it hurts when I do this" Doctor: "Then don't to that." Ummm... Okay.. So what would you propose doing if your web host has full checking or auto read locking turned on for their servers? As a host, I require that it be on for all of our servers because if it's NOT, it's really easy for someone to start accessing unlocked shared memory and bring your entire CF server down in a hurry. Not a pretty thought on a multi-homed box, neh? Seriously, it's not anything to get your panties in a wad over. It's the developer's job to be familiar with the tool they are using. If a requirement for the project is that it's got to run on 4.0, then don't use 4.5 only features... I'd say I'm exceptionally familiar with the tool I'm using. The problem is that if I want to create a general purpose CF app that would run on 4.0 or 4.5, either I develop two separate copies or I'm S.O.L. It just seems to me that a more sensible solution could have been developed. Especially since this wasn't even a full version upgrade. If I go from version x.0 of a product to version y.0 of a product, then I'd expect some various little ugly things that would require fixing. But to go from x.0 to x.5 and have show-stopping code incompatibilities is kinda lame IM(NS)HO... And it's especially a pain in the bum when I have to upgrade our web server's CF Version and manually fix all the code on it for the new locking scheme... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOm3/+qvhLS1aWPxeEQJ9RACfXXleBfbMUfPTJ7yGdNj0tZTUDD4AoIal 2HQeOqSJx05Qc27eLoMOkm2x =sLB4 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Netscape 4.04
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry to extend a finished thread, but Does anyone else see the irony of version "four-oh-four" of a browser having unusual bugs? Maybe they should have skipped to 4.05. Kinda like they skip the 13th floor in hotels Again, apologies for the waste of time/bandwidth. Just felt the need to add my two cents... Regards, Zac Bedell -Original Message- From: Robert Orlini [mailto:[EMAIL PROTECTED]] Sent: Monday, January 15, 2001 2:56 PM To: CF-Talk Subject: RE: Netscape 4.04 Hello Adrian, It works great - thank you! Robert O. -Original Message- From: Adrian J. Moreno [mailto:[EMAIL PROTECTED]] Sent: Monday, January 15, 2001 12:48 PM To: CF-Talk Subject: Re: Netscape 4.04 Robert, the Javascript that James Maltby sent is just that - Javascript. It was just generated by DreamWeaver, but useable -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOmSOGqvhLS1aWPxeEQLvxACglyhXQiJEep/uKSAogE5l1JJqcfgAn1EQ ek1PDA3aiXFtlNJTE/bsjHfL =cDF2 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFerror and its
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Check out the docs for CFError. CF code doesn't execute in the page specified for a CFError tag. It's assumed that if you're already in an error situation, running more code might not be the best idea. I dunno how valid that is, but that's what the docs say... There's a limited set of replacement values you can use in the error page. Like I said Read The Fine Manual to find out more... Best regards, Zac Bedell -Original Message- From: Andres [mailto:[EMAIL PROTECTED]] Sent: Friday, January 12, 2001 9:57 AM To: CF-Talk Subject: CFerror and its The problem is that when a validation error occurs, the error page appears fine, but the CF inside the error template is not executed... it shown as if it was a regular html page with all the cf showing. can someone tell me why this is happening and how i can correct the problem?? -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOl8gMKvhLS1aWPxeEQKvDACgmfkauxVTu0bOeQaPMBcg52A1R1QAnRG5 4jEST6vDxLyNgWSHuVx35bpI =1GCC -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Is networksolutions behind with zone changes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We've been trying to get some domain record changes completed through networksolutions and they haven't taken effect over the last couple days. We've sent the request form a couple times. Last batch of changes we made several weeks ago went through same day. Anybody else notice this problem or is it just us? It's not just you. The last week or so, NSI's been slower than molasses in well... January. ;-) Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOl3SV6vhLS1aWPxeEQLgggCeKsrGW4B8Kj+cBR//nvsbj8Eh7LUAoKnm WbhTQR8XP7FIcmr/zAP29ooa =g5pb -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFContent question....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CFContent works fine in sp6a. You can't do the URL faking thing anymore, but that was a bug that was fixed never should have worked in the first place. SP6 broke both CFContent and the URL thing. SP6a fixed CFContent, but not the URL thing. Since the two issues were very closely connected when 6 came out, there was a lot of confusion about what was broken in what release. As long as you don't do the URL fake thing, then SP6a is quite safe to upgrade for CF. FYI: Win2k (any SP) is the same deal -- CFContent is good, fake URLs are bad. Best regards, Zac Bedell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 11, 2001 9:44 AM To: CF-Talk Subject: CFContent question I have searched the archive but can not seem to find the answer to this exact question... Did NT 4.0 SP 6a fix the problem with CFCONTENT? I know 6 broke it... but did 6a actually FIX it? Thanks. Vance Duke Cold Fusion Application Developer i2 Technologies (469) 357-4729 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: image root resolving
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Assuming your webroot is pointing at c:\inetpub\wwwroot\ (IE http://www.yoursite.com/index.cfm is really c:\inetpub\wwwroot\index.cfm), then you don't need to do anything to do what you want. /images will be /images no matter what. Now... images without the slash will get you a relative path, but /images (with the leading slash) will always get files from c:\inetpub\wwwroot\images\. Best regards, Zac Bedell -Original Message- From: Greg Wolfinger [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 11, 2001 10:35 AM To: CF-Talk Subject: image root resolving Hey Guys: I was wondering if there is a way to insert the server path (e.g. c:\inetpub\wwwroot\images) to just be /images. I need it to be able to resolve the image path even if its deep into a directory stucture such as the user is in /blocks/category/index.cfm, the images will resolve up to the /images folder. Understand?? I'm not good at explaining. --=@ greg @=-- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: HTTPS setup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We do have other sites on the same IP, but none of them use SSL. That shouldn't matter, should it? The default site if you go in by IP is a different site, but that's only for port 80, so I guess its irrelevant. Is it possible for you to try making the SSL site the one with no host header requirement? If so, I would be interested to know if that solved it. I think that when you make the request https://www.whatever.com to your site, since the host header gets ignored for https, your server looks for the file on the default site. Follow? I'm kind of speculating here I guess... That's exactly the answer. SSL and host headers don't mix, period... If you have an SSL site, it needs its own IP address. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOl4zfqvhLS1aWPxeEQLZfACgolQEzOghulAn/4Gk3n7g8Ta0UA0AoPGX Rm3JErjwde+ySwpazu8gaLdx =lx1Z -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFHEADER
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just a guess... Try replacing attachment with inline in the CFHEADER value. That might convince the browser to display the PDF instead of saving it, but it would still allow the proper filename to come through if the user did decide to save it by hand. Hope that helps, Zac Bedell -Original Message- From: Peter Benoit [mailto:[EMAIL PROTECTED]] Sent: Monday, January 08, 2001 1:34 PM To: CF-Talk Subject: CFHEADER It seems the following won't work, well in at least IE5.5. CFHEADER NAME="Content-Disposition" VALUE="attachment;filename=#attributes.fname#" CFCONTENT TYPE="application/pdf" FILE="#fnp#" It instead opens the page up for download instead of the file. So lets say I have peter.pdf as my attributes.fname and download.cfm is the page the above code is on. And lets say that it's called from index.cfm. Well index.htm appears in the download file box, not peter.pdf. It seems to work ok in Netscape, so I can't believe I'm the only one having this problem. I've seen similar looking code on the Allaire site, but it's still not working. Can anyone help with this? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFX CyberCash Question....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As someone else mentioned, you need to take the a href=" stuff out of the CCPS_HOST line. Tho I suspect that might have been your mail software doing you a favor by turning that into a link as opposed to you actually doing that yourself... The real problem is that you can't use 'test-mck' and 'key-test-mck' as your CCID Merchant Key values. You need to use actual hashes, otherwise that tag crashes burns. If you go to CyberCash's site, you can sign for a free trial account that will give you valid CCID MK values. Best regards, Zac Bedell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, January 05, 2001 4:27 AM To: CF-Talk Subject: CFX CyberCash Question Ok Basically I am trying to get this darn tag to work, yet I am using the "Test" modes that are supposed to be used with real testing data, yet I still get an error back "faliure-hard" is there anything that I am doing wrong CFX_CYBERCASH VERSION="3.2" CCPS_HOST="http://cr.cybercash.com/cgi-bin/" CYBERCASH_ID="test-mck" MERCHANT_KEY="key-test-mck" MO_ORDER_ID="1234567890" MO_VERSION="3.2.0.2" MO_PRICE="usd 12.34" CPI_CARD_NUMBER="4111" CPI_CARD_EXP="01/99" CPI_CARD_NAME="John Doe" CPI_CARD_ADDRESS="11th Street" CPI_CARD_CITY="Seattle" CPI_CARD_STATE="WA" CPI_CARD_ZIP="98119" CPI_CARD_COUNTRY="USA" OutputPOPQuery="pop" ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLOCATION, CF401, Weird...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You've probably figured this out already, but the cause of this could be a CFHTMLHEAD tag with content greater than 1024 characters, positioned above a CFLOCATION tag. This is a bad combination ... cflocation writes to the http headers, and cfhtmlhead writes to the HTML head, somehow these two are running into each other. How to fix? If you've ever got stuff that needs to go in the HTML head that is long text, don't use CFHTMLHEAD ... and also try to position the logic in your page so that any cflocations are taken care of as soon as possible. Alas... There's no CFHTMLHEAD in this page, and the CFLOCATION should be the first tag on the page that's actually going to emit any output. The rest is all if's, set's, queries, etc. I finally got a chance to mess around w/ a recoding proxy on this issue. I still don't have any answers, and it's even weirder, but... Here's what's up: * CF appears to be doing everything properly. * When I run the CFLOCATION version through the recording proxy, it works properly. * When I connect directly to the server, then the CFLOCATION version fails only on IE (I'm using 5.00.3103.1000). It works fine with Netscape 6. Weird, no? Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOkt8Y6vhLS1aWPxeEQJxTgCgzLgY8cxL4NmU4H19OFwW5fQUFwMAoPSA 9ajnLYRt9pH8ivPZLEVEtG/e =evjg -END PGP SIGNATURE- ~ Paid Sponsorship ~ Get Your Own Dedicated Win2K Server! Instant Activation for $99/month w/Free Setup from SoloServer PIII600 / 128 MB RAM / 20 GB HD / 24/7/365 Tech Support Visit SoloServer, https://secure.irides.com/clientsetup.cfm. Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
CFLOCATION, CF401, Weird...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm having some weirdness with CFLOCATION on CF 4.0.1. I can't see any way that this isn't a bug / limitation in something, but I was wondering if others might have the clue that I lack. If I do this, the page request hangs indefinitely: !--- Lots of processing to produce TheImgURL omitted... --- Cflocation url="#TheImgURL#" addtoken="No" If I do this, it "works": !--- Same processing as above omitted... --- cfoutput htmlheadmeta http-equiv="refresh" content="0;URL=#TheImgURL#"/head body bgcolor="##00"Hang on a sec.../body /html /cfoutput Cfabort Now granted that the URL I'm producing will be rather on the long side, is there any size limitation in CFLOCATION or in the HTTP protocol redirect functionality? I'm out of ideas... This workaround does the job, but it's still kind of obnoxious... Thanks in advance, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOkjpTqvhLS1aWPxeEQKcwQCeNSCwyXGB0S1jFEherQHbNNplB8kAoPFY nTYMA9Hve/CTnOTxfRLQIq4u =z/OQ -END PGP SIGNATURE- ~ Paid Sponsorship ~ Get Your Own Dedicated Win2K Server! Instant Activation for $99/month w/Free Setup from SoloServer PIII600 / 128 MB RAM / 20 GB HD / 24/7/365 Tech Support Visit SoloServer, https://secure.irides.com/clientsetup.cfm. Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Script Kiddies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 i guess you find nothing humorous about watching a highly paid, professional , who is too arrogant of his own abilities to keep up on his knowledge, get his ass handed to him by a 12 year old. :) Socially redeeming value or not, they are the future, not beacuse they have tried to learn to hack, but beacuse they are taking time to learn, that must be worth something. Today's script kiddie is tomorrows professional, that is if you don't have them taken out and shot, as you would plainly like to have them handled :) And as a former script kiddie, now CTO of my company, I think I can second that one... There's more than one kind of hacker, too. You have the antisocial type who just want to destroy; and you have the kind that finds exploits and then NOTIFIES the victim of their vulnerability rather than exploiting the vulnerability to do harm or publicizing it for others to use. We could use a whole lot more of the second kind... Best regards, Zachary Bedell CTO, Adirondack Technologies, Inc. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOkkXvqvhLS1aWPxeEQK1zwCg9YrKY+GtnnkkMHSnmu/meyZLViYAoPpG 6Qcu2loRYkMolPKMfmkkJlz/ =g/Do -END PGP SIGNATURE- ~ Paid Sponsorship ~ Get Your Own Dedicated Win2K Server! Instant Activation for $99/month w/Free Setup from SoloServer PIII600 / 128 MB RAM / 20 GB HD / 24/7/365 Tech Support Visit SoloServer, https://secure.irides.com/clientsetup.cfm. Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Not sure if this has been talked about in detail but with the interest in dynamic html compression I will throw my two cents in. And donations of this sort are *always* appreciated! Thanks! ;-) Why use a cfx tag with coldfusion to compress html output when you can use IIS 5.0's builtin gzip/deflate compressors? We're stuck on WinNT4 for various reasons, so using IIS compression wasn't an option for us. Also, for non-IIS users, this CFX version should still do the trick even if their webserver doesn't support compression. I bet the cfx/cf overhead is much higher and not suitable for high volume situations. It's been running like a champ for us over the last three days on a moderately high volume site. I can't imagine that the CFX overhead would be that much higher than ISAPI overhead. CFX_GZip is a good multi-threaded tag... With IIS 4.0 you need the recource kit which contains the isapi compression filters. A Now this I did not know... I must give this a try... By default, you can set IIS to do a "application" level, not "static" level compression, which would compress dynamic content. Go to the "services" tab of the server in the mmc. However, and by default, the dynamic compression only applies ... Very interesting... I will most certainly try this. Thanks for the pointer! Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOkYVcKvhLS1aWPxeEQLBawCdFX8/Cx8ZLwFJk2h0u8vHZvxn2IIAoNXC /aYrqpaVDexfyCoWzqU8BwOP =9yi3 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could you please explain how this compression works. I keep seeing this as it is being compressed and decompressed at the server, or is it being compressed at the server and decompressed at the client. After CF is done creating all of the various HTML that will be sent out to clients, this tag grabs all the content and GZips it on the server side. The GZipped data is sent to the client where the client automatically GUnzips it and displays it to the user normally. The human at the browser shouldn't even know anything unusual has happened. As far as I know, all of the HTTP/1.1 browsers support gzip encoding. In any case, there's an Accept-Encoding header that browsers send if they're capable of compression. This tag checks to see if gzip is one of the supported compression types. If it is, the tag does its thing. If not, the HTML is sent uncompressed for clients that don't know how to decompress it. Using GZip level 9 compression, it's not unusual to see compression ratios of 5 to 10 times. Note that this does NOT work for any pages that use CFCONTENT with a file attribute. In those cases, the file from CFCONTENT is sent out without any compression, and this tag never even executes (since CF stops executing the page after the CFCONTENT tag is done). The web server based (as opposed to this CF Server based) solution is a little different, tho it accomplishes the same thing. I would imagine that in those cases, CFCONTENT results would also be compressed. I still haven't hand a chance to play with that, but it should be interesting. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOkZBsKvhLS1aWPxeEQKlqgCg5QV9XWloUHiSxAgcdlnT0O4UY0YAoOqS ZB/d+E31i/1KPu2pSgt5gK85 =XB79 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
Ok I understand what has been done the only thing I see as a problem is that the tag is writing a file. Now without locking or without a unique name something bad is bound to happen. And once you put locking on the writing of files there is gonna be a slowdown. The filename for the tempfiles is based on a call to CreateUUID(). If that's not giving you a unique filename, then you have much, MUCH bigger problems to worry about... There are two files created, and it looks a little something like this: !--- I don't have the actual code in front of me to cut paste from, but here's the basic gist... --- cfset TempPath = "c:\temp\compress\" cfset UUID = CreateUUID() cfset RawFile = "#TempPath##UUID#.htm" cfset GZipFile = "#TempPath##UUID#.gz" You can't get too much more unique than that. I don't see this as a good solution for large webservers with a lot of users. Maybe on an extranet where everything is semi controlled or on an intranet, but I don't think on a regular webserver this is a good idea. I've got an 800,000ish user session per month site running it quite nicely for the past three days (almost four days as I write this...). No hiccoughs, no user complaints. In fact... I don't even think the users have noticed anything other than the speed increase (we have had two or three comments on that). Granted... This isn't the type of thing you'd want to run on Microsoft.com, but if you have a moderate load site and enough extra processor to throw at it (we have both), then you can really save some bandwidth, if that's something you need to do. If you've got quad T3's coming out of your server, don't waste your time with this tag. But if bandwidth is getting a little tight lately, this *might* be something to at least give a try. It's easy enough to implement and easy enough to remove if it does cause problems. In our case, we have a sh'load of server to throw at this app, but bandwidth is a bit limited at this point in time. The compression is really helping. AND... The server based add-on that Xing Li mentioned looks even better. If we were running IIS 5, I would have installed that compression option in a heart beat. Now that I know IIS 4 has the same ability w/ a little added software from MS, I'm going to be implementing it next week. Best regards, Zac Bedell ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
The overhead is most likely on the cache file writes and cache reads. You just gave me an idea for a work around that could be better and faster than all the options we have just discussed. With both ISAPI and CFX, the system has to compress each and every single page output as it is a new one. Might as well store the compress data into the db using CFX_GZip and serve it out of the database. This way, not only do we save CPU time we also save I/O overhead. Serving from the database is much more efficient (ram and cpu wise) in the long run than reading from the filesystem. So we only compress it once every so minutes or hours. Hmmm... Very interesting... I was considering decrupting CFCACHE and using this bit of code in there. Using the DB instead... That has some promise... I may have a project to play with Why cache DB queries when you can cache the entire page result that was based on the query, right? My only concern is that CF seems to be very unfriendly to binary data. I wonder if there is any way that you could get the binary GZIP data back out of the DB and serve it to the browser without needing to save it to a temporary file and use CFCONTENT to send it out. If that does indeed pose a problem, then perhaps hacking up CFCACHE might be the only solution. With IIS 4.0 you need the recource kit which contains the isapi compression filters. A Now this I did not know... I must give this a try... Look for compFilt.dll and gzlip.dll and deflate.dll Will do. Thanks! Best regards, Zac Bedell ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: ThisTag.GeneratedContent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is there an equivalent to a custom tag's "ThisTag.GeneratedContent" variable for the base executing page? To the best of my knowledge, there is no way to retrieve this generated content from within the scope of the request itself. Answer Found! Sort of I found a bit of a kludge that accomplishes what I need with a minor amount of hacking... Vis: My basic goal here was to run a custom tag over the entire contents of a page request. I was hoping to do something like: OnRequestEnd.cfm: = !--- This doesn't work... --- cfset Content = ThisPage.GeneratedContent Cfset ThisPage.GeneratedContent = "" cf_GZipPage#Content#/cf_GZipPage Here's what I did find: In the Application.cfm, I put this code: CF_GZipPage Cfinclude template="/RootMapping#CGI.Script_Name#" cfinclude template="OnRequestEnd.cfm" /CF_GZipPage cfabort Note that you could omit the OnRequestEnd line if you don't use that file OR you could put it into a try block if you're not sure they'll be an OnRequestEnd like: cftrycfinclude template="OnRequestEnd.cfm"cfcatch type="MissingInclude"/cfcatch/cftry Also note that the above, if dropped at the end of your application.cfm would ignore any all output that was actually generated by your app.cfm. That's what I wanted in my case. If you're outputting stuff in your app.cfm that you need, then you should do something like: CF_GZipPage !--- All your app.cfm stuff here. --- Cfinclude template="/RootMapping#CGI.Script_Name#" cfinclude template="OnRequestEnd.cfm" /CF_GZipPage cfabort This whole thread of course links into the compression of HTML output thread elsewhere in this list. I've managed to setup a little tag that GZIP's all of our page content for browsers that can handle GZIP encoding. We get anywhere from 2 to 10 times compression, and our customers are already commenting on the speed increase. The system's processors are of course working a little harder now, but that means they're floating at 10% instead of at 4%. Whoopee! Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOkObMKvhLS1aWPxeEQIXSQCcD5tqlYkGzgrNN4EGvMxBZBDG1zIAoMHy nq2e9OSwdbZsF41TNdEhJmDS =ZZbS -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Okay... I think the tag is done. I made a few more changes (see
below).
I also figured out how to automagically compress all the pages in
your site w/ one little change.
Here's what I did find:
In the Application.cfm, I put this code:
CF_GZipPage
Cfinclude template="/RootMapping#CGI.Script_Name#"
cfinclude template="OnRequestEnd.cfm"
/CF_GZipPage
cfabort
Note that you could omit the OnRequestEnd line if you don't use that
file OR you could put it into a try block if you're not sure
they're'll be an OnRequestEnd like:
cftrycfinclude template="OnRequestEnd.cfm"cfcatch
type="MissingInclude"/cfcatch/cftry
Also note that the above, if dropped at the end of your
application.cfm would ignore any all output that was actually
generated by your app.cfm. That's what I wanted in my case. If
you're outputting stuff in your app.cfm that you need, then you
should do something like:
CF_GZipPage
!--- All your app.cfm stuff here. ---
Cfinclude template="/RootMapping#CGI.Script_Name#"
cfinclude template="OnRequestEnd.cfm"
/CF_GZipPage
cfabort
We get anywhere from 2 to 10 times compression, and our customers are
already commenting on the speed increase. The system's processors
are of course working a little harder now, but that means they're
floating at 10% instead of at 4%. Whoopee!
Here's the tag for people's perusal. If you find any glaring errors
or have general suggestions, please share them with me. If I don't
hear anything, I'll post this in the tag gallery some time next week.
Best regards,
Zac Bedell
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: Please use PGP!
iQA/AwUBOkObpqvhLS1aWPxeEQJAcwCaAlXKaaZrAK4UDYzvMZ/pVaT/wTUAoOuF
sdj1jvSQDab6aH6Q4TV9xQHZ
=3LEC
-END PGP SIGNATURE-
GZipPage.cfm: (This will probably be looped by your mail reader/server.)
=-=-=-=-=-=-=
!--- CF_GZipPage -- Let's call this Version 1.0...
Make sure this tag surrounds the ENTIRE page. It will GZIP the
GeneratedContent using
CFX_GZip and modify the browser headers so that the browser can
decode it.
Anything that falls outside of the start and end tag for this tag
will be ignored and never
seen by the client.
Parameters (All are optional):
Level: The GZip Compression Level, 0 is lowest compression
(biggest size, least processor usage),
9 is highest compression (smallest size, greatest
processor usage)
Directory: The temporary directory to use for compression.
Two files will be created here for each
request. This directory must exist or the tag will
error.
CopyLeft 2000 Zachary Bedell [EMAIL PROTECTED]
Special thanks to:
Orlando Correa [EMAIL PROTECTED] for suggesting
the Directory attribute and for code to check
the Accept-Encoding header.
Peter Stolz [EMAIL PROTECTED] for reminding me that
the Accept-Encoding header exists...
All the folks on CF-Talk who took the time to read these
posts test out the tag.
You may use this code as you wish, no strings attached.
No Warrenty. If it breaks, you get to keep both pieces
-ZSB 18-Dec-2000
---
cfif ThisTag.ExecutionMode EQ "END"
!--- Sane defaults: ---
cfparam name="Attributes.Level" default="9"
cfparam name="Attributes.Directory" default="c:\temp"
cfparam name="Attributes.ShowDebugging" default="false"
cfif ListContainsNoCase(CGI.HTTP_Accept_Encoding, "gzip") AND
Attributes.Level GT 0 AND Attributes.Level LTE 9
!---
If this browser can't handle GZIP encoding, then
there's no point in doing anything...
If the GZIP level is 0 that means no compression, so
let's not waste our time.
Also, if it's greater than 9, we'd have an error, so
just get on with things...
---
cfset Directory = Attributes.Directory
cfif Right(Directory, 1) NEQ "\"cfset Directory =
Directory "\"/cfif
!--- Setup path filename for tempfiles: ---
cfset UniqueFilePath = "#Directory##CreateUUID()#"
cfset RawHTMLFile = "#UniqueFilePath#.htm"
cfset GZippedFile = "#UniqueFilePath#.gz"
!--- Grab the generated content and write it out to a
tempfile. ---
cfset Content = Trim(ThisTag.GeneratedContent)
cfif Attributes.ShowDebugging
cfset DebugText = "#Chr(13)##Chr(1
RE: The +.htr bug strikes again
Someone should probably make an official "checklist" to run through when you setup a CF server. How about these additions to said checklist: In addition to removing the .htr mapping, also remove the mappings for any other extensions that you won't be using on that server. Like: htw -- unless you're using the WebHits highligher ida, idq, htr, idc -- unless you're using old-style Index Server access asp, cer, cdx, asa -- unless you're also hosting ASP apps on that server shtm, shtml, stm -- unless you're using Server Side Include files printer -- WTF is this and why did IIS install it for Win2k? You could probably also yank the dbm extension unless you have REALLY old CF code lying around. Basically your goal is to DISABLE any functionality of your server that you're not currently using. The less junk you have running on the server, the less chance someone will find a bug in part of the server you didn't even know was there. Granted, there's a fine and arcane art to disabling just the right things without breaking any part of your server. You'd be best to play on a production server that you can afford to trash reinstall a few times if need be. Certainly, though, deleting extensions for file types not used in your sites (or your customer's sites for webhosts) is completely safe and a good idea in general. Best regards, Zac Bedell ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Alternatives to Coding Username and Password in Application.c fm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's a trick that "should" make you more or less immune to .htr, ::$DATA or other similar source exploits. Since all of these bugs allow you to access the unprocessed contents of script files within your webroot, the secret is to store your dirty little secrets *outside* of the webroot. Vis: Your webroot is at d:\INetPub\WWWRoot\, and you have application.cfm there. To protect your (for instance) database passwords, make your application.cfm look something like this: Application.cfm: blah blah cfinclude template="/DirtyLittleSecrets/DBPasswords.cfm" cfinclude template="/DirtyLittleSecrets/TheFourDigitNumberYouUsedForEveryPINCode YouEverHad.cfm" cfinclude template="/DirtyLittleSecrets/TheSecretNameOfGodWhichHasThePowerToUnDo Creation.cfm" cfinclude template="/DirtyLittleSecrets/YouGetThePointcfm" blah blah blah Now you need to go into the CF administrator and create a mapping for /DirtyLittleSecrets/ that points to (for example) D:\INetPub\YoullNeverGuessThis\InAMillion\Years\. Now you can store all of your secret little bits outside of the webroot. If another source code vulnerability shows up (they run about once a month, don't they?.), you'll already be safe since all the script kiddies can see is your harmless cfinclude lines. We take this one step further and put ALL of our code outside the webroot. We have a rather large and ever growing code base that's shared among several of our hosted sites. All the sites have access to their own servers' roots for updating various basic HTML stuff, but they are NOT allowed to see the CF code (as they're leasing, not purchasing it). By keeping everything outside the webroot, all of the CFM page become one line: cfinclude template="/CommonCode#CGI.Script_Name#". It makes adding a new site nice easy (just copy the stubs over), and it make updates and enhancements to the codebase a breeze as we only update in one place. We do have to manually copy stubs to all the sites when we add new files to the codebase. One thing I've been trying to find: Some way to remove the need for the stubs. It would be nice if you could get application.cfm to fire even if the cfm page didn't exist, but alas that isn't the case. If anyone has any insights on how to make that happen, I would simple love you for them! ;-) Best regards, Zac Bedell - -Original Message- From: Jeffry Houser [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 21, 2000 8:23 PM To: CF-Talk Subject: Alternatives to Coding Username and Password in Application.cfm With all this talk of the '+.htr' bug... What are alternatives to hard-coding in the username and password in a query? The first alternative is to code them as variables in the application.cfm. Although, if the above '.htr' bug is present, that doesn't make the app any more secure. Can we put them in the datasource? I know I could never get that working with SQL Server 7 and NT 4.0 Workstation. If I hard-coded the username and password it worked, if it was in the datasource it didn't. I have seen it working on other machines in this manner, so presumably I had some config bug in the workstation. This manner seems more secure than the previous one. Are their other alternatives? And if so, what? -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOkLUA6vhLS1aWPxeEQLwUACgx8x8s0hseclqZQQ7l8o6t8wLPCEAoOCx JUYHbGX7IJHwri8TH2iMR34d =Px/2 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks for the reminder on that one! I was going to do that... I
even had RFC 2616 on my desk to look up how to do that, and I
completely forgot...
I've actually got some "real work" to do today (darn clients
always interrupting my fun!), but once I get that taken care of, I'll
integrate the various suggestions on this see if I can turn it into
a real tag
Thanks again to everyone for the tips pointers!
Best regards,
Zac Bedell
-Original Message-
From: Orlando Correa (ITSC) [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, December 20, 2000 5:55 AM
To: CF-Talk
Subject: RE: [Compress HTML output]
Just check the cgi.http_accept_encoding for the existance of
"gzip"
CFDEFAULTCASE
CFIF
listcontainsnocase(cgi.http_accept_encoding,"gzip")!--- AND NOT
dev_server ---
CF_GZipPage LEVEL="7"
CFINCLUDE TEMPLATE="myheavypage.cfm"
/CF_GZipPage
CFELSE
CFINCLUDE TEMPLATE="myheavypage.cfm"
/CFIF
/CFDEFAULTCASE
-Original Message-
From: Peter Stolz [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 8:30 PM
To: CF-Talk
Subject: RE: [Compress HTML output]
This is great!
One question though:
The servlet version checks for the ACCEPT_ENCODING request
header before it
does the actual encoding.
I don't know of a way to do this in CF. Any ideas?
P.
-Original Message-
From: Orlando Correa (ITSC) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 19, 2000 9:58 AM
To: CF-Talk
Subject: RE: [Compress HTML output]
Hey Zach...
After some testing... I implemented your code to test compression
of a particularly large html file with some encouraging results...
The
uncompressed page was 165K and took 391 milliseconds to excute.
The compressed page is 20K with an added server overhead of around
375K milliseconds... The savings in download time for the html, in
this case,
warrent further explortion of compressing certain "heavy" pages
(87.8% compression on level 7). Thanks dude! Pretty slick.
I've hacked on your code a bit to test it in our development
enviornment...
cfif ThisTag.ExecutionMode EQ "Start"
cfset start_time=gettickcount()
/cfif
cfif ThisTag.ExecutionMode EQ "END"
!--- Sane defaults: ---
cfparam name="Attributes.Level" default="9"
cfparam name="Attributes.Unique"
default="#RandRange(1,1000)#"
cfparam name="Attributes.Directory" default="c:\temp"
!--- set temp dir ---
cfset dir_compress = Attributes.Directory
cfif not IsDefined("application.IsDir")
!--- check if the directory exists ---
cfdirectory name="qry_checkdir" directory="#dir_compress#"
action="LIST"
!--- if it doesn't exist, create new directory
#dir_compress# ---
cfif not qry_checkdir.recordcount
cfdirectory action="CREATE" directory="#dir_compress#"
/cfif
!--- set IsDir flag for by-passing directory check ---
cflock scope="application" timeout="10"
cfset application.IsDir = 1
/cflock
/cfif
!--- Setup path filename for tempfiles: ---
cfset RawHTMLFile =
"#dir_compress##listlast(cgi.script_name,"/")#_#Attributes.Uni
que#_#RandRang
e(1,100)#.out"
cfset GZippedFile =
"#dir_compress##listlast(cgi.script_name,"/")#_#Attributes.Uni
que#_#RandRang
e(1,100)#.in"
!--- Grab the generated content and write it out to a
tempfile.---
cfset end_time=gettickcount()
cfset time = end_time-start_time "Milliseconds"
cfset Content = Trim(ThisTag.GeneratedContent) time
cffile action="WRITE" file="#RawHTMLFile#" output="#Content#"
!--- Compress the tempfile to another tempfile ---
cfx_GZip action="GZIP" InFile="#RawHTMLFile#"
OutFile="#GZippedFile#"
level="#Attributes.Level#"
cffile action="delete" file="#RawHTMLFile#"
!--- Setup the headers and write the mess back out to the client
w/CFCONTENT ---
cfset ThisTag.GeneratedContent = ""
cfheader name="Content-Encoding" value="gzip"
cfcontent file="#GZippedFile#" deletefile="Yes"
type="text/html" /cfif
-Original Message-
From: Zachary Bedell [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 18, 2000 2:20 PM
To: CF-Talk
Subject: RE: [Compress HTML output]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
compression is a web server issue NOT CF.
That's true, but it doesn't mean you can't do it in CF...
Below is a custom tag that will do just that, provided you have
CFX_GZip installed (freely downloadable fr
ThisTag.GeneratedContent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This seems like a really dumb question, but I can't seem to find a definitive answer anywhere... Is there an equivalent to a custom tag's "ThisTag.GeneratedContent" variable for the base executing page? I know CF buffers all HTML output until the end of the page execution, and part of this buffer is made available to custom tags through ThisTag.GenerateContent. I need that same functionality in the base template so that I can access the generated HTML in OnRequestEnd.cfm completely independently of any custom tags. Anybody have any ideas? I'll probably kick myself when I see the answer... Thanks in advance, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOj+1t6vhLS1aWPxeEQK0kACfajVDcrDPoDbCpu0oZ68ZcYYpKAgAn2yp aDA+KcgSVIGDq8eU/vcyIUSJ =YWBA -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Purging CDATA and CGLOBAL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As another poster mentioned, CFEXEC is the magic behind CDATA
purging.
Additionally, I wouldn't recommend anyone running the query listed
below to manually change or delete the client data stores. We tried
doing that for a while in a scheme to detect multiple logins, but at
least on CF 4.0.1, the server was destabilized by running those
queries.
With the DELETEs to CDATA in our code, the server had to be restarted
once every few days. Just commenting out that code made the server
completely stable.
I dunno how 4.5.x would react to that code, but 4.0.x didn't like it
at all...
Best regards,
Zac Bedell
- -Original Message-
From: Greg Saunders [mailto:[EMAIL PROTECTED]]
Sent: Sunday, December 17, 2000 8:06 AM
To: CF-Talk
Subject: Re: Purging CDATA and CGLOBAL
This makes sense, but isn't CF supposed to do something like this
automatically if you check the "Purge data for clients that remain
unvisited..." box when you set up the client data source? As far as
we can
tell, this check box has no affect. When should client data actually
be
purged?
Thanks,
Gregory M. Saunders, Ph.D.
Technical Director
Cognitive Arts Corporation (http://www.cognitivearts.com)
1840 Oak Avenue, 4th Floor
Evanston, IL 60201-5914
At 10:33 AM 12/14/2000 +, you wrote:
What would prevent this functionality from working?
If this functionality is not working what would be the safest way
to
remove
the obsolete data? (Older than 1 day.)
I use the following in my Application.cfm which checks and logs out
a user after 15 minutes:
CFIF DateDiff("n", Client.LastVisit, Now()) GTE 15
CFQUERY NAME="delClientVars" DATASOURCE="#dsn#" MAXROWS=1
DBTYPE="ODBC"
DELETE FROM CData
WHERE CFID = '#Cookie.CFID#:#Cookie.CFTOKEN#'
/CFQUERY
cfset logged = False
/CFIF
Will Luke
www.localbounty.com
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
Comment: Please use PGP!
iQA/AwUBOj4wc6vhLS1aWPxeEQI6IgCg6s+dtEe/komMhuOxsa6VS7rMG18AoODw
y2UtrU1aDmlgZTxo6QcqD3sd
=MIlG
-END PGP SIGNATURE-
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: creating an url return string
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In the calling page, before you redirect to the authentication pages, setup returnURL like so: cfset returnURL = Cgi.Script_Name "?" Cgi.Query_String Now returnURL will contain anything that was passed after the question mark. Hope that helps, Zac Bedell - -Original Message- From: Greg Wolfinger [mailto:[EMAIL PROTECTED]] Sent: Monday, December 18, 2000 11:21 AM To: CF-Talk Subject: creating an url return string Hey Guys: I have an application that lets you browse a message board, however if you would like to post a response you need to log-in (in you arn't already). After you log-in, it takes a parameter passed through the url called returnURL and sends the user after the authentication to that url. The problem is that the returnURL has multiple parameters to it sometimes (e.g. returnURL=/message/index.cfm?action=submit-responsemessage_id=fooref URL=/foo/index.cfm) How can I return the user to that page keeping in tact all of the URL parameters? thanx, greg ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: [Compress HTML output]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 compression is a web server issue NOT CF. That's true, but it doesn't mean you can't do it in CF... Below is a custom tag that will do just that, provided you have CFX_GZip installed (freely downloadable from the tag gallery). I'm not sure whether the savings in bandwidth is worth the additional processor power (anyone wanna run tests?), but it's still nifty... One place this would really be a savings: If you already use CFCACHE, you should be able to modify the CFCache tag to also do compression before it saves a file. That way you only need to compress the file once, and you get the processor savings of CFCache AND the bandwidth savings of compression. I'll probably post this tag to the tag gallery once I beat on it for a little longer. In the meantime, enjoy... -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com Comment: Please use PGP! iQA/AwUBOj5/Z6vhLS1aWPxeEQKSRwCg+iRBf/fA8Y72IbopUMF0kM6NEkkAnj+k wwQDQrb5RkIfgaFn1TRaW8Ub =4/Jb -END PGP SIGNATURE- !--- CF_GZipPage Make sure this tag surrounds the ENTIRE page. It will GZIP the GeneratedContent using CFX_GZip and modify the browser headers so that the browser can decode it. Anything that falls outside of the start and end tag for this tag will be ignored and never seen by the client. Parameters (All are optional): Level: The GZip Compression Level, 0 is lowest compression (biggest size, least processor usage), 9 is highest compression (smallest size, greatest processor usage) Unique: If you'd prefer something more unique than a second random number for tempfiles, specify it here Make sure the contents of the variable are all valid in a filename. CopyLeft 2000 Zachary Bedell [EMAIL PROTECTED] You may use this code as you wish provided I retain credit in the comments or elsewhere. No Warrenty. If it breaks, you get to keep both pieces -ZSB 18-Dec-2000 --- cfif ThisTag.ExecutionMode EQ "END" !--- Sane defaults: --- cfparam name="Attributes.Level" default="9" cfparam name="Attributes.Unique" default="#RandRange(1,1000)#" !--- Setup path filename for tempfiles: --- cfset RawHTMLFile = "c:\Temp\Compress\#Cgi.Script_Name#_#Attributes.Unique#_#RandRange(1,100 )#.out" cfset GZippedFile = "c:\Temp\Compress#Cgi.Script_Name#_#Attributes.Unique#_#RandRange(1,100) #.in" !--- Grab the generated content and write it out to a tempfile. --- cfset Content = Trim(ThisTag.GeneratedContent) cffile action="WRITE" file="#RawHTMLFile#" output="#Content#" !--- Compress the tempfile to another tempfile --- cfx_GZip action="GZIP" InFile="#RawHTMLFile#" OutFile="#GZippedFile#" level="#Attributes.Level#" cffile action="delete" file="#RawHTMLFile#" !--- Setup the headers and write the mess back out to the client w/ CFCONTENT --- cfset ThisTag.GeneratedContent = "" cfheader name="Content-Encoding" value="gzip" cfcontent file="#GZippedFile#" deletefile="Yes" type="text/html" /cfif ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF4.5.1 SP2.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am still experiencing huge memory leaks but I notice it is from Inetinfo.exe and NOT CF. There is no doubt in my mind the CF is the culprit, but how in the world does Allaire put out this lousy of a product update? This is reminiscent of Microsoft. If anyone from Allaire, especially their QA team is listening: GET ON THE BALL AND DO YOUR JOBS. If indeed Inetinfo is the leaking process, then chances are it's Allaire's CFML.dll that's the culprit. That runs inprocess w/ IIS and calls out to the CFServer.exe process. I've never quite understood why Allaire felt a need to program their server out of process, but Perhaps the Allaire folks could look into that for you? One other (remote) possibility that might help you: If you can afford to bring your server down for a few minutes, stop IIS and CF. Copy the CFML.dll in c:\cfusion\bin to cfml_451sp2.dll. Then put a copy of CFML.dll from CF version 4.0.1 in there in its place. Even a copy from the demo of 4.0.1 should do if you don't have the full copy around. Restart IIS and CF and see what happens. There's a chance that might not work at all, but I seem to remember reading once that it could help in some cases. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOjk18avhLS1aWPxeEQK86gCgiY9p/cXlsshgJ/YpDf0BfIlS07AAni/7 WX7o5S+kv5P+e9pS08ERvkjk =CI9F -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: cfcrypt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Download the demo of 4.0.1 server from Allaire. In any case, there's no difference between the two programs. They both produce the exact same (easily decrypted) output. Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. -Original Message- From: Joseph Thompson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 13, 2000 4:18 PM To: CF-Talk Subject: cfcrypt I have the copy of cfencode.exe that came with CF 4.5, but I would like a copy of the "original" cfcrypt.exe if that is possible? Any one know where I can get one? -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOjk2OqvhLS1aWPxeEQKRZACg4ka/lxbK2CuEmmreus3SPow1Ql8AnA6A QM9DxDG0EXTQdIHEw607x8SX =KGqz -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Assembler.....
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lately I wuz thinking of picking up an extra language to add to my long list of the ones I currently know ;) As most people know you can develop custom COM, CORBA, CFX other types of add-ons using alot of different languages like C++, VB, Java etc. etc. What I am wondering is if anyone out there knows if I can create COM or CFX extensions through assembly/assembler language. I know its a pretty old language but its also pretty efficient. If anyone has anything to comment about this, please do ;) I will be one extremely greatful person. I wouldn't call assembly an old language... When you think about it, it's THE language. Everything else you write in comes down to assembly in the end (or at least one step below -- the processor's machine code). As for writing COM (or windows apps in general) in assembly... It is most definitely possible. Having two or three consecutive root canals would be a WHOLE lot more fun in my opinion, but it's doable... You'd need to become intimately familiar with the various data structures and calling methods of COM and of the Windows PE EXE format. The folks at Bleem! did it for their Sony PlayStation emulator -- it's an entire Windows application stored in a single 800KB EXE file written in assembler. It's just very difficult. Chance are for your applications, writing your COM in assembly would be a waste of time. The overhead of the COM conventions would still be there. Whether it's written in assembler or VB, you still need to go through all of the motions to support COM. And given that you'll presumably be accessing your nice assembly COM from ColdFusion Let's say that CF isn't the most optimized piece of software out there, so you'd really be wasting your time. Any little bit of speed you might gain from assembler would be overshaddowed from the various lags introduced by an HTTP application server. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOi0i2KvhLS1aWPxeEQIVdgCcDzS5wOXvyLmXO0WS4bqpBilRKMcAnRVB 9X1StCD+vLZxrvo58tSbD8Fk =sTdY -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF SP2 + Win2k/Memory Leaks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could I just add one niggling little detail to this thread? I know it's a small thing, but... If ever someone's having a problem with Microsoft SQL Server 7.0 (and I presume 2000 is the same), asking if they're using ODBC or OLE/DB is rather moot. SQL Server's internal API *is* OLE/DB. Even if you're using ODBC to access it, the ODBC driver just translates your calls to OLE/DB and passes them on to the SQL Server. So... Without a doubt, OLE/DB is preferred over ODBC when using Microsoft SQL Server, and changing to ODBC won't make any appreciable difference *unless* ColdFusion OLE/DB implementation is massively screwed up. And I'll leave that point up for debate... And to think... I was planning on getting up early this morning to run an upgrade to CF 4.5.1 SP2... Glad I slept in instead... Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. -Original Message- From: Nick McClure [mailto:[EMAIL PROTECTED]] Sent: Monday, December 04, 2000 10:05 AM To: CF-Talk Subject: RE: CF SP2 + Win2k/Memory Leaks Have you tried using OLEDB instead of ODBC? At 03:29 PM 12/4/00 +0100, you wrote: I had this issue on an Access 2000/CFserver 4.5.1sp1 machine running MDAC 2.6. Reverting to MDAC 2.5.1 solved the issue for us there. We're having the same problem on a NT4,sp5 SQL7.0 setup. A little experimenting this morning shows that running a query with a large result set moved memory to swap file and just hung there. I'm beginning to suspect that there are memory allocation issues with CF4.51. Perhaps the solution is to turn off all caching. It hardly seems appropriate that one needs to kill key advantages on CF in order to maintain some measure of stability. Amen, brother! Preach it!. *grin* -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOivAxKvhLS1aWPxeEQLpgACbBo2TQ/vtWpH6NUk6HVzSm1KjuMcAnRQZ VKdzQ+89/Jc37avasUI6n7uU =qKwO -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF Does not like MSSQL7 @@ROWCOUNT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, December 03, 2000 1:08 AM To: CF-Talk Subject: Re: CF Does not like MSSQL7 @@ROWCOUNT Except he's not looking for the identity, but the count. Setting nocount on kinda kills that... no. set nocount has no effect on @@ROWCOUNT. And *that* is one of those little annoying details I wish I'd known a *long* time ago Thanks for straightening me out on that, and sorry for any confusion... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOivDBavhLS1aWPxeEQKVYQCfazzIchjbaVR2qJRaVFm1OFBUWKcAnRAA X7vDXZB8Vs0VxFO+zkDrS5wF =rWvS -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: normalization problem?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It returns an "out of memory/resource" error; "Error Diagnostic Information Error occurred for unknown cause." First of all... That error is most likely a sign of larger problems. Perhaps problems w/ memory leaks other such garbage similar to what the folks in the "CF SP2 + Win2k/Memory Leaks" thread are seeing. I wish you luck hammering those problems out... Now for your query... Since you're running MS SQL, you have very easy options: CFQUERY NAME="prize" DATASOURCE="SALES" SELECT TOP 5 prize.value, draw.drawdate, contest.contest_name, contest_type.contest_type, state.state FROM state, prize, draw, contest_type, contest, company WHERE prize.draw_id = draw.draw_id AND draw.contest_id = contest.contest_id AND contest_type.contest_type_id = contest.contest_type_id AND contest.company_id = company.company_id AND company.state_id = state.state_id ORDER BY prize.value DESC /CFQUERY You may need to mess around w/ the fields you're bringing back to make SQL happy, but the TOP keyword should make things quite a bit easier... Check the MS SQL Books Online for more info on the TOP keyword. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOivfn6vhLS1aWPxeEQI0YgCghCcJ/RS4eUfvx+lIt/OFsuGeeoIAn00m FzYObcUQzfnsHi6/XPdm3rLJ =L5EE -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Java and CF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Allaire has annonced that CF 6 will be entirely written in Java on the back end, with CF Tags actually being translated into JSP Code and then passed to a servlet engine, all on the back-end. My only question: What kind of crack is Allaire smoking, and where can the rest of us get some? Good grief! What would possess an otherwise intelligent programmer to write a server in Java? An app server should be small, concise, FAST, and super optimized for the system it's running on. Java misses the boat on all of those criteria. Am I the only remaining programmer who hasn't jumped on the Java bandwagon? I mean... Java's great for certain tasks -- namely those where speed isn't much of an issue but cross platform functionality is. That's certainly not the case for an application server with thousands of concurrent accesses. There is no WAY a Java server can out perform a *well* *written* C++ server. I wish Allaire would spend their time fixing optimizing the C++ codebase instead of scraping it and rewriting in Java. I can say this for sure: If CF ever goes to a Java backend, I'm moving to PHP... Regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOifGG6vhLS1aWPxeEQIxUgCfeNvX00zujxBvXIjNp0wmG59Dx4YAn2Bf rQHpED2YoaBv5q2SXO2+GYxE =TK9q -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: GetTicketCount() - where and when
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 GetTickCount is just a number. It's fairly meaningless on its own. I think it's the number of milliseconds since the server was started or something... It becomes useful when you have two calls to it: cfset StartTime = GetTickCount() !--- Do something long and arduous here... --- cfset EndTime = GetTickCount() cfset TotalTime = EndTime - StartTime cfoutputThat took #TotalTime#ms./cfoutput Is it not nifty? Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: Eric Fickes [mailto:[EMAIL PROTECTED]] Sent: Friday, December 01, 2000 12:26 PM To: CF-Talk Subject: GetTicketCount() - where and when Hello all, I'm trying to trim some fat off my code, and I came across GetTickCount() and had a few questions after reading the definition from my CF book. Definition: Returns a millisecond clock counter that can be used for timing sections of CFML code or any other aspects of page processing. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOifxlKvhLS1aWPxeEQIXxwCbBAXeL+QbR/5uEtJjY3o/NemYnlcAniQe OCfHYYYTxWDbOB57Bfn1HFB3 =pYLx -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CF Does not like MSSQL7 @@ROWCOUNT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Except he's not looking for the identity, but the count. Setting
nocount on kinda kills that...
We ran into this once before and according to Allaire when
CFQUERY evaluates
a multi statement argument it waits for the SQL server to respond
and specifically looks for the text 'X Rows Returned' Once
CFQUERY sees this
statement it stops evaluating any additional information
returned. A work
around would be to use a NOCOUNT and also wrap your queries in SQL
TRANSACTION. So some example syntax would be:
SET NOCOUNT ON (Turns off Record Count Dialog)
BEGIN TRANSACTION (Begins a Transaction)
INSERT INTO SomeTable (SomeField) VALUES ('SomeValue')
SELECT @@IDENTITY AS NewID
COMMIT TRANSACTION (ends a Transaction)
SET NOCOUNT OFF (Important as this is a system state and
would remain set)
The transactions aren't necessary here.
This should be:
SET NOCOUNT ON (Turns off Record Count Dialog)
INSERT INTO SomeTable (SomeField) VALUES ('SomeValue')
SELECT @@IDENTITY AS NewID
SET NOCOUNT OFF (Important as this is a system state and
would
That works to get the identity.
As for getting the count, that's a little nastier...
Maybe something like:
cfquery datasource="#DSNOperaDW#" name="AddInvoices"
SELECT Count(CSVTemp.Inv_ID) as RowsAffected,
CSVTemp.DIR
FROM Images_INVPROJECT_CSVTempTable as CSVTemp
WHERE (Doc_Type = 'I')
SET NOCOUNT ON
INSERT INTO [Images_Invoice_Index]
(Invoice_ID, DirPath)
SELECT CSVTemp.Inv_ID,
CSVTemp.DIR
FROM Images_INVPROJECT_CSVTempTable as CSVTemp
WHERE (Doc_Type = 'I')
SET NOCOUNT OFF
/cfquery
Potential problems there are:
1) You're running the SELECT twice, so that's a performance hit
2) If someone runs another query that changes
Images_INVPROJECT_CSVTempTable in between the two queries, you might
be in trouble. I'm not sure whether wrapping that in a transaction
would help or not, but you could try it...
If your database will be accessed only by ColdFusion pages, then
wrapping all cfquerys that change Images_INVPROJECT_CSVTempTable in a
CFLOCK might help. Just speculating, tho...
Hope that helps
Ditto...
Best regards,
Zac Bedell
- Original Message -
From: "Rif Kiamil" [EMAIL PROTECTED]
To: "CF-Talk" [EMAIL PROTECTED]
Sent: Friday, December 01, 2000 6:31 AM
Subject: CF Does not like MSSQL7 @@ROWCOUNT
Dear All
I have the flowing CF Code
--- START -
cfparam name="AddInvoices.RowsAffected" default="NOTSET"
cfquery datasource="#DSNOperaDW#" name="AddInvoices"
INSERT INTO [Images_Invoice_Index]
(Invoice_ID, DirPath)
SELECT CSVTemp.Inv_ID,
CSVTemp.DIR
FROM Images_INVPROJECT_CSVTempTable as CSVTemp
WHERE (Doc_Type = 'I')
SELECT @@ROWCOUNT as RowsAffected
/cfquery
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
iQA/AwUBOif3GavhLS1aWPxeEQKh9gCfYlpiJiF0+pp2+5HYeupf1uilD/YAoLSK
9BqUFskiw1VfaprSsmjvw0wx
=6oHo
-END PGP SIGNATURE-
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL 7.0 Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 cfquery name="get_auctions" datasource="happytoad" DELETE * from auction_records where auction_id='#id#' and userid='#userid#' /cfquery Here is the error: ODBC Error Code = 37000 (Syntax error or access violation) [Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near '*'. Is * not the correct syntax for All is SQL 7.0? In SQL, a DELETE statement inherently means to delete all columns. The * is redundant since there's no way to specify the columns you want to delete in a DELETE statement. Access probably ignored it; but to the best of my knowledge, that isn't technically correct SQL. SQL Server is kicking it out for that reason. The statement should be: DELETE FROM auction_records WHERE auction_id='#id#' AND userid='#userid#' (Caps of course are not important, but I like all my SQL keywords capped for readability...) Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOiaLNqvhLS1aWPxeEQLKKwCfVxX/QJ39/4OgI79p2wFVIlpTQb8AoLWn jE5qpxzPrhXBcyht8P6yRCl1 =XpCU -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: IP Address blocking
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
You might be able to use the HTTP Referer of the request to determine
whether to show the page or not. We use a similar thing to prevent
direct linking to image content on our site -- we use CF to serve
images via CFCONTENT. The page checks the referer before serving the
image. If the referer is from our server, the user sees the image
and never knows anything is out of the ordinary. If the referer is
missing or is from another site, they get a "You've been bad" kind of
image served to them instead. That image just has text that explains
bandwidth theft and asks the user to report the site they clicked
from to us.
Here's slightly abridged code:
cfsetting enablecfoutputonly="Yes"
!--- RefBuster.cfm
Send a full server path (c:\whatever\asb.gif) and this page will
return the image.
Use img src="RefBuster.cfm?path=c:\whatever\asb.gif"
Remember to give the server's IUSR READ access to the files unless
authentication will
be required.
--ZSB 26-Mar-99
- ---
cfif CGI.HTTP_Referer CONTAINS Application.RefDomain
cfset path=Decrypt(path,Application.PicKey)
cfswitch expression="#Right(path,4)#"
cfcase value=".gif"cfset ContentType =
"image/gif"/cfcase
cfcase value=".jpg"cfset ContentType =
"image/jpeg"/cfcase
cfcase value=".zip"cfset ContentType =
"application/zip"/cfcase
cfdefaultcasecfset ContentType =
"unknown"cfabort/cfdefaultcase
/cfswitch
cfheader name="Content-Disposition" value="inline;
filename=""#GetFileFromPath(path)#"""
cfif IsDefined("path")CFIF FileExists(path)cfcontent
type="#ContentType#" file="#path#"/cfif/cfif
cfelse
cfheader name="Content-Disposition" value="inline;
filename=""BandWidthTheft.gif"""
cfcontent type="image/gif" file="D:\...\images\BandWidthTheft.gif"
/cfif
This should be even easier if you're only serving HTML files from
those links. Something like the following stuck at the top of the
protected pages should suffice:
cfif NOT (CGI.HTTP_Referer CONTAINS "YourDomainNameHere.com")
h1You don't belong here!/h1
cfabort
/cfif
Hope that's helpful.
Best regards,
Zac Bedell
Zachary S. Bedell,
Chief Technology Officer,
Adirondack Technologies, Inc.
Please include original message in any replies -- I get a
lot of email every day, and I have a REALLY bad memory...
So I don't always remember everything that was said.
Thanks!
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 30, 2000 1:28 AM
To: CF-Talk
Subject: IP Address blocking
I have a unique problem. I know how to keep folks from linking to
my pages on my server, but I allow others to also post pages to my
web servers. Their pages contain links to places I don't want
folks going to.
So, I could prevent them from writing their pages on my server, or
I could search out and mangle such links. However, is there yet a
sneakier way to let them do their thing, but I make it
"non-responsive"
when it gets clicked on? Or could I redirect it to some other
site? What is the best way to proceed. /spe
~~
Structure your ColdFusion code with Fusebox. Get the official
book at http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
iQA/AwUBOiaM8avhLS1aWPxeEQKZZQCgu3dwOMTdDSPyfncspXevjsFxT6cAoOYF
zjb25p1JJb3HfbaekyZ+FHFP
=Z64M
-END PGP SIGNATURE-
~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Printing mailing labels in a browser -- Joy... :-O
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I managed something decent for an in-house only project. The labels were UPC stick-ons for inventory. Since the format of the label was fixed, all we needed to do was fill in the blanks with ColdFusion. I used MSWord to design the label, then exported it to RTF. The ColdFusion variables were dumped into the rich text to fill in the blanks. When the user clicks on the 'Print Labels' link, the RTF file opens up in the browser, but the MSWord plugin steps in to render the RTF. Everything is exactly positioned, so the user just hits Print in IE and MSWord does all the dirty work. Very nifty, but it requires that MS Word be installed on all clients. Failing that, PDF is probably your best bet, but that's a lot less programmer-friendly... Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: Adrian Cesana [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 22, 2000 12:25 PM To: CF-Talk Subject: RE: Printing mailing labels in a browser -- Joy... :-O I had the same challenge recently. Printing 4 up labels was not really too bad as long as the label was NOT completely filled edge to edge, you need a little buffer area. Anything more than 4 up was tough. We ended up scrapping the idea for another non-label method which worked well. If I had to do it again I would definitely look into pdf. -Adrian Subject: RE: Printing mailing labels in a browser -- Joy... :-O ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOiLN36vhLS1aWPxeEQJRagCg62/w9W/UCCRKF0pCePVt4/sTmlYAoPAZ 5Ae2D1wHnmXj5X3/wQblALJl =x/mm -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: amusing studio error msg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sounds rather on par for CFStudio... As for the attachment, it's just as well you didn't send it -- CFTalk doesn't support attachments. All we'd see is a BIG mess of MIME garbage at the end of your post. Granted those of us so inclined could de-MIME the post by hand have a peak, but... In general, don't try to send attachments through CFTalk. And good luck with Studio Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: Bruce Heerssen [mailto:[EMAIL PROTECTED]] Sent: Monday, November 20, 2000 6:06 PM To: CF-Talk Subject: amusing studio error msg After using the FTP utility in CF Studio, I received the following error: Remote Server Operation Failure: Success The files uploaded fine. I'm using CF Studio 4.5.2. Anyone out there seen this before? I took a screen shot, but since I don't have any good imaging software on this box the file weighs in at 640k. For that reason I decided not to attach it to this post. Feel free to contact me directly if you'd like to see it. Seems kind of funny that an error message would tell me that everything is fine. Bruce Heerssen Software Engineer Visual Bridge, Inc. http://www.iecommerce.net (713) 350-8321 ext. 8358 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhqwUavhLS1aWPxeEQKBPwCeICezSeFagcp+kgHURyXDivgLGMQAoMMJ XZtAbIQSeGxVMcRoB/15UBfo =8SJg -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
MS SQL 7, CF4.5.x, nvarchar, and LOTS of PCode errors. SQL Guru's please help!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello all! It's recently come to my attention that ColdFusion is not entirely happy about dealing with Unicode characters from MS SQL server. It seems as tho CF 4.0.1 can handle nvarchar's in CFQUERY's, but dies with Unicode in CFSTOREDPROC's. At least according to a CF-Talk post from the archives (not verified by myself). It would also seem that CF 4.5.1 chokes and turns blue on any kind of Unicode anywhere. I had problems converting to 4.5.1 several months ago, and tho Allaire's tech support never mentioned any problem with nvarchar's even after 4 or 5 hours on the phone, there were indeed nvarchar's in the database in question. I have a hunch that might have been the root of my problems. That said, I'm hoping to make another attempt at upgrading to CF 4.5.1 / Win2k. My beloved baby (a *very* stable, *very* profitable server) must unfortunately be moved off-site for better bandwidth, and I'd REALLY like to have Win2k on that box so I can TermServe in if necessary, etc. I'm more than a little apprehensive at trying this again seeing as last time cost us a week of downtime, but It's a necessary evil I'm afraid. Now that I have something to go on regarding fixing the numerous PCode and other completely whacked out errors we received from our last update attempt, I *think* converting all of the ntext nvarchar fields in our databases may allow CF 4.5.whatever to run without (or with fewer) problems. I am however left with a few questions that I hope some kind soul(s) could answer for me. The Burning Questions (as in if I don't get these answered, my boss is gonna burn me at the stake...): 1) Can anyone confirm or deny that CF 4.5.x is unable to handle Unicode text from an MS SQL 7 database? If anyone else has had the same problems we had (ridiculous PCode errors, server hangs, etc.) after moving from CF 4.0.1 to CF 4.5.x against an MS SQL 7 database w/ lots of nvarchar fields, I'd love to hear about your pain. Likewise, if anyone is running a reasonably high volume site on CF 4.5.1 against MS SQL 7 with lots of nvarchar's WITHOUT any problems, I'd love to hear about that too. If anyone would simply like to reply off list to me ([EMAIL PROTECTED]) with their configuration and their success or failure, I'd be happy to summarize the results and post said summary for the list's benefit. 2a) Assuming that my nvarchar's are indeed the source of my trouble (o/~ Nobody knows the troubles I've seen... ~\o), then I'm stuck with several very large, very sensitive, very I'm-dead-if-I-screw-this-up kind of databases on my hands. And of course, said databases have TONs of potentially ColdFusion offending Unicode fields. Going through all of the DB's and changing nvarchar to varchar in Enterprise Manager doesn't sound like my idea of a fun or employment preserving task. Especially since EM (in it's infinite wisdom) attempts to truncate the field length to 50 every time you change from nvarchar to varchar. All I need to do is mess *one* of those up by saving the table without resetting the proper field length, and I'll only *wish* I was a dead man. 2b) So... Are there any utilities, SQL scripts, scrolls of magical spells, etc. out there that can go through a database and change all fields from one datatype to another without changing the field length? Has anyone else in my unfortunate position been compelled to write such a beast? It sounds technically simple (look in sysobjects for all user tables, get their description w/ sp_help, then construct an ALTER TABLE statement to properly change the field types, rejoice and enjoy much cf_beer), but my brain is a little too fried (This is your brain on CF. Any questions?) to produce such a miraculous bit of code at the moment. So can anyone help me out? Your help, suggestions, sympathy, and (at worst case) job offers would be much appreciated! Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhrVwKvhLS1aWPxeEQJ9qwCglHIC1YU1ZSv70Il8AEwB2rxx0E8AoJvO /x3Xkkb4//MNYgtm6vKYj8NI =bcVy -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL Server Licesning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well... Looks like M$ has changed their licensing strategy again, but... Looking at the info from http://www.microsoft.com/sql/productinfo/pricing.htm, you're looking at $5000 per processor for unlimited user licenses. Not bad compared to Oracle Also not bad considering the Internet Connector License (which doesn't appear to exist anymore) used to go for $20,000. For more (accurate...) information, check out the SQL Server website - -- it's very nice. Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: Paul Mone [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 16, 2000 2:45 PM To: CF-Talk Subject: RE: SQL Server Licesning Any idea how much that runs? -Original Message- From: Neil Clark [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 16, 2000 3:12 AM To: CF-Talk Subject: RE: SQL Server Licesning yep you can get an unlimited internet connectivity license. ! --- Neil Clark Senior Web Applications Engineer mcb digital Tel. +44 (0)20 8941 3232 Tel. +44 (0)20 8408 8131 [Direct] http://www.mcbdigital.com --- -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhVTTKvhLS1aWPxeEQIYWACfZYofoZOPMtWZMB1nMsSSbmrELicAoMiS 6PMNmbTTxcr9Zo/Q2WMzNMv6 =Dx55 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL Server Licesning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It seems to me that, for CF users, SQL7 is a much better buy. In CF Administrator, you can limit the number of worker threads (simultaneous connections) to 5, for example. This means at most 5 CF users can use SQL7 at the same time. No Internet Connector License needed, just 5 CALS. Total cost for SQL7 plus 5 CALs is $1000 or so (less on eBay). Not sure if this is available for SQL Server 2000 (although I see CALs are). Um Nice try, but that's illegal. M$'s licensing states that if you are using SQL server for a webserver, you NEED the internet connector license OR an unlimited client license. CF Server is considered multiplexing middleware, and there's a specific section in the licensing about that. You *can't* get around it by limiting the number of worker threads. And besides... Using only 5 workers on any reasonably powered server would be crippling it -- you want between 4 and 6 thread per processor if my memory serves... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhVwQavhLS1aWPxeEQLXfQCgtH/i9pfMclVd9UgL5uLasWfKXzMAoMHl UzURVVWms4vRjNhlJUaYNpVP =AJr0 -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: SQL Server Licesning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, the standard edition is quite fine for most website tasks. For a comparison of the different editions, check out: http://www.microsoft.com/sql/productinfo/sqlcompdata.htm Basically the difference between Enterprise Standard is that Standard can't do clustering, can't do server failover, and a few other heavy features. You'd certainly want them if you were starting the next EBay or Amazon, but for general site hosting, Standard should definately get the job done. I'll definately agree with you that per CPU licensing is a crock, tho... Regards, Zac Bedell That ain't quite correct. I think if you want to do anything beyond limited SQL, you'll end up needing the $20K/cpu Enterprise Edition of SQL, which is comparable to Oracle. Either way, I think $20K/cpu is a miserable ripoff. In our instance, I have a quad-processor SQL box, but the processors are 200mhz. Why should I pay $80K for a license when a single-CPU 1ghz box would perform so much better, and cost only $20K in licensing? Moral? Per-CPU licensing is flawed. Alan McCollough Web Programmer Allaire Certified ColdFusion Developer Alaska Native Medical Center -Original Message- From: Zachary Bedell [SMTP:[EMAIL PROTECTED]] Sent: Friday, November 17, 2000 6:48 AM To: CF-Talk Subject:RE: SQL Server Licesning -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Well... Looks like M$ has changed their licensing strategy again, but... Looking at the info from http://www.microsoft.com/sql/productinfo/pricing.htm, you're looking at $5000 per processor for unlimited user licenses. Not bad compared to Oracle Also not bad considering the Internet Connector License (which doesn't appear to exist anymore) used to go for $20,000. For more (accurate...) information, check out the SQL Server website - -- it's very nice. Best regards, Zac Bedell -Original Message- From: Paul Mone [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 16, 2000 2:45 PM To: CF-Talk Subject: RE: SQL Server Licesning Any idea how much that runs? -Original Message- From: Neil Clark [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 16, 2000 3:12 AM To: CF-Talk Subject: RE: SQL Server Licesning yep you can get an unlimited internet connectivity license. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhVytqvhLS1aWPxeEQLaMgCg7TyexQlBJ22Y9rA778EBjNItudgAnjJt aec4NyL3t3Ujh1AgifMWrJXa =FhWT -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: How to prevent BACK and FORWARD button from clicked?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have created a critical web based application which is not allowed the user to press BACK and FORWARD button in order to prevent data integrity. How do we disable the BACK button using CF, instead of using Javascript history.back() ? Another way is using session struct to record each template ID. Can we implement more efficient way to do it? Thanks in advance. The short answer is that you can't disable the back button and that your code is flawed if it requires you to do so. Basically, disabling or messing with basic browser functionality is a dirty trick that ticks off most websurfers. It's not something I'd even think about doing. If you still feel an overwhelming need to tick off your customers, then have a look at: http://www.4guysfromrolla.com/webtech/111500-1.shtml Honestly, you'd be much better off altering your code so that it's back button friendly. You need to make sure that every page you present to your user CAN be reloaded without causing any problems. The way to do that is to move any processing or data storage off the pages you send to your users. Here's one way: Say you have a series of steps the user has to go through. Let's call them Step1.cfm through Step12.cfm. If you have Step1.cfm submit to Step2.cfm, then there would have to be processing code in Step2.cfm that could be messed up by hitting BACK. If you instead have Step1.cfm submit to Step1Proc.cfm, do all of your processing, then CFLOCATION to Step2.cfm, then all of your processing was handled off the page that the user can see. At that point, your user could sit and reload Step2.cfm all day without any problems. If in addition to all of that, you make sure that any processing on your Proc pages is reentrant (for lack of a better term), your users could backup at any point with no problems. By reentrant, I mean that any actions you do should be able to be repeated without problems. Either update temporary DB entries or use Session variables, then commit the whole mess at the end of the process. THEN if you make Steps 2 through 12 check to see if the temporary table or sessions vars are present, you could even make those pages say something like "Sorry, you can't come back," after the final commit process is completed. Hope that's helpful. Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhV4WavhLS1aWPxeEQJ6ugCgugTyoFomHWg/mLJ1kXoUWroyg3QAnjCe 4enup45j2Dqz6kZxe0zuJln2 =hPAu -END PGP SIGNATURE- ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: BULK INSERT Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The BULK INSERT is not carried out if I CFINCLUDE the following into a template: One idea occurs to me. Try making the CR/LF in ROWTERMINATOR explicit instead of relying on CF to stick one in there. Like so: !--- Read raw data from file --- cfquery name="bulkin" datasource="golfdata" username="" password="" BULK INSERT MarketUpdate FROM 'D:\website\htdocs\stockgolf\htdocs\data\eod.txt' WITH ( FIELDTERMINATOR=',', ROWTERMINATOR='#Chr(13)##Chr(10)#' ) /cfquery But THE SAME Bulk Insert as above works if I do it from Query Analyzer. Any suggestions would be appreciated. Not tested, but I have a hunch that should do the trick. The only other thing I can think of is a permissions thing on the eod.txt file, but I think the CF/LF is the more likely culprit. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhFenqvhLS1aWPxeEQJ0mACgi72VBz1QBebNASilHluMyOouwFEAn1Nq mnJcp+qQ7KzSgXUlwqkGD12X =kEXw -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: BULK INSERT Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "BULK INSERT"; Is that a SQL Server only thing? I could really use that... but I'm using Sybase on Linux which has a command line tool (BCP) but I never heard of a SQL statement to do bulk inserts. It's definately an MS-SQL extension. I dunno what other RDBMS's out there also have it, but it's certainly not ANSI SQL. Good luck finding a functional alternative! Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOhGey6vhLS1aWPxeEQJvWQCgqcDVttCVyghpeb1kQGFghrJW7vIAni3P 95ow1jjf6ll1mpkzko2AWbEW =ewmq -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Best Practices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CF_Rant_Rave_and_Vent... I might hazard a guess as to why the Java engine appears to be running faster than the C++ engine: the C++ engine has been a piece of junk since it was released. I've no doubt that Allaire could get a Java based engine to run faster than the current CF engine. If they took the time to write a well optimized C++ engine, I suspect it would be much, MUCH faster. Compare the speed of something like PHP to CF. On a high level, PHP is doing exactly what CF does : open a file, parse the language to PCode, execute it, then return the results. That's what the Java engine will do as well, parsing to Java bytecode in that case. Yet even tho PHP CF need to accomplish the same basic set of tasks, PHP can do the same thing MUCH faster than CF. The reason? PHP was written by coders who took pride in their work made the best server they possibly knew how. CF was written by coders who may well have possessed the same if not superior abilities but who were being driven by a marketing division that wanted the product out yesterday. The result is a poorly written product that even after 5-odd upgrades, service packs, or whatever Allaire chooses to call them STILL has a huge number of functional flaws and serious speed efficiency issues. My apologies to whoever originally said this (and I believe someone on list either said it or uses it as his email sig, but...) "A product is only late once, but it can suck forever." I wish that Allaire would take those words to heart, as I'm getting tired of working around their bugs AND my bugs to get a site working... /CF_Rant_Rave_and_Vent... Okay... My apologies for the on-list core dump. Am I the only one who's long past fed up w/ Allaire's business practices? Without a doubt they have a great product which makes my job (on the whole) easier. It's just that they seem to consistently rush things out the door without sufficient testing. At this point, I feel like a beta tester even when I'm opening a shrink wrapped final product. As it is, I'm stuck using 4.0.1 because 4.5.x can't remain stable while running my code; and Allaire's tech support hasn't got a clue why... Very frustrating seeing as the same code runs on NT4 / CF4.0.1 with complete perfection and only requires a server reboot once every two months or so... Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: David E. Crawford [mailto:[EMAIL PROTECTED]] Sent: Friday, November 10, 2000 4:42 PM To: CF-Talk Subject: Re: Best Practices That's all great, and I am looking forward to these improvements. However It's hard to believe that a Java engine will be faster than a C++ engine. (The Java interpreter itself is written in C++. C++ is compiled directly to machine code. Think about it) Well, at least in theory, the demonstration during the general assembly seems to prove that the Java-based engine is faster. Keep in mind that this is server side java which has had a great deal of optimization attention paid to it. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOgxx+KvhLS1aWPxeEQKG5QCfYs5mIS6aEa5LDPmVs8E3TCXFYvEAnjt8 huYj0zImvygkz08XYOEJyucQ =8SrH -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: launching executables on client machines
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It's is possible to do this using Java or a ActiveX, but there are many security concerns. Justin MacCarthy Irish CF Head Is there an easy way to launch an executable on the client's computer? What I want to do is have the user click on a link in their browser which will launch ActiveX *can* launch an exe. A Java applet can NOT. A Java application CAN, but an application can't run in a browser -- only applets run in browsers. Not to be high mighty or anything, but If you're looking to launch an exe on a user's computer, then you're either looking at the wrong strategy, OR you're looking at something that really shouldn't be implemented in a web browser... In any case, you could cook up a little ActiveX control in Visual Basic in under an hour if you know VB Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOgrEbavhLS1aWPxeEQIaEwCfXvSzBVKaL0J/ZiyglInYPCL9Ug4AoJ1R HnD2L99gE/Of0ugzlWNZv7P8 =ITYU -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: CFID-CFTOKEN Confusion (newbie)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Actually, it is entirely possible that two (or more) browsers could share the same CFID:CFTOKEN. It *shouldn't* happen, but flaws in the way CF handles these tokens allows it to happen under certain circumstances. CFID:CFTOKEN can be passed in the QueryString, in forms, or via cookies. It's fairly easy for someone to accidently cutpaste a URL to someone else which includes their CFID:CFTOKEN in the URL. Now when the second user goes to the page w/ the CFID:CFTOKEN of the other user, CF will send back a cookie to the second user which permanently places the first user's CFID:CFTOKEN into the second user's cookie store. Now you've got two users using the same CFID:CFTOKEN and essentially sharing one CF Session. When would CFID:CFTOKEN be in the URL to be copied pasted? If you user CFLOCATION anywhere in your site and you didn't put the addtoken="No" parameter in the tag, then every CFLOCATION call will append the CFID:CFTOKEN to the URL. We had that exact problem when one of our admins accidently pasted a URL into our What's New database. Now every member who clicked on the link from the What's New page assumed the session of the admin. And since there were so many people accessing the site under the same session, the session never timed out. We had people accessing our entire site for free with Admin rights. It was a MESS Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: Aidan Whitehall [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 08, 2000 1:13 PM To: CF-Talk Subject: RE: CFID-CFTOKEN Confusion (newbie) is it possible that two (or more) users have the same cfidcftoken ? cfif yes Wich is the best way to identify a (unique) user session ? No. It's safe to assume that every user is assigned (and subsequently returns) a unique CFID and CFTOKEN combination. In fact, if you use session variables, ColdFusion makes exactly that assumption and uses the CFID/CFTOKEN pair sent by the browser to marry up browser requests with session variables previously set on the server. -- Aidan Whitehall [EMAIL PROTECTED] Netshopper UK Ltd Advanced Web Solutions Services http://www.netshopperuk.com/ Telephone +44 (01744) 648650 Fax +44 (01744) 648651 -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOgrGBqvhLS1aWPxeEQKcHQCfXoAfmVbW/nlCyH65s6N5fjQxEWkAniZp qVOPvatye12gQPtglCJGq6NQ =2wBg -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: CF Client Data Corruption Under Load?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Parts of this message quoted from my response to the CFID-CFTOKEN Confusion thread It's probably not client corruption you're looking at. It's probably more than one user sharing the CFTOKEN and CFID values. It's possible that two (or more) browsers could share the same CFID:CFTOKEN. It *shouldn't* happen, but flaws in the way CF handles these tokens allows it to happen under certain circumstances. CFID:CFTOKEN can be passed in the QueryString, in forms, or via cookies. It's fairly easy for someone to accidently cutpaste a URL to someone else which includes their CFID:CFTOKEN in the URL. Now when the second user goes to the page w/ the CFID:CFTOKEN of the other user, CF will send back a cookie to the second user which permanently places the first user's CFID:CFTOKEN into the second user's cookie store. Now you've got two users using the same CFID:CFTOKEN and essentially sharing one CF Session. When would CFID:CFTOKEN be in the URL to be copied pasted? If you use CFLOCATION anywhere in your site and you didn't put the addtoken="No" parameter in the tag, then every CFLOCATION call will append the CFID:CFTOKEN to the URL. We had that exact problem when one of our admins accidently pasted a URL into our What's New database. Now every member who clicked on the link from the What's New page assumed the session of the admin. And since there were so many people accessing the site under the same session, the session never timed out. We had people accessing our entire site for free with Admin rights. It was a MESS We were fortunate in this case in that only one CFID:CFTOKEN had been shared, and we knew what they were. So... To clean things out we added a few lines to our application.cfm that checked for that CFID:CFTOKEN. If it found them, it deleted the user's CFID CFTOKEN cookies and redirected them to the home page w/ no CFID or CFTOKEN in the URL. At that point, the CF server would assign a new CFID:CFTOKEN to the user. We also stopped the CF server and manually deleted everything out of our client store database just to be sure. It took us a *long* time to track that one down, and we still occassionally have people coming back w/ old links to that CFID:CFTOKEN. We went through our entire codebase and made sure that every CFLOCATION now has addtoken="No". We also added code to our news admin pages and any other place where a URL might be entered that strips off any CFID or CFTOKEN from the URL. Best regards, Zac Bedell Zachary S. Bedell, Chief Technology Officer, Adirondack Technologies, Inc. Please include original message in any replies -- I get a lot of email every day, and I have a REALLY bad memory... So I don't always remember everything that was said. Thanks! -Original Message- From: Xing Li [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 02, 2000 6:04 AM To: CF-Talk Subject: CF Client Data Corruption Under Load? Just recently people have been logging in but then inadvertantly with other user's account. Basically, if you attempt to login as "joe" you might instead be recognized as "david" once you have passed the authentication. All user verification are through client variables. I have yet to reproduce this on my own but the reports have been so frequent I can no longer discount this as chance. Has any of you experienced a similar problem? Setup: W2K Advanced Server with CF 4.5.1SP1 and SQL 2000 as the backend. This is a pretty serious problem on my end and I would appreciate any help. Xing -- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOgrHvKvhLS1aWPxeEQLLXgCgpfSbCUyONGvUSQUvLzp1TA7vYP8An3VM W/C+XPsl8TYicBjYtZcfqIui =y9sQ -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Potential problems with CF Express Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yes. This is exactly what I'm talking about. They want to be cheap and use CF Express, and I of course don't want that. I need to convince these folks that CF Express is NOT the way to go for hosting a large ecommerce site. What good (realistic) reasons can I give them to go to the Pro server? Just out of curiosity... How much are these folks paying you, and will you be paid up front or are you actually going to have to bill these tight wads hope to get your money out of them?... My advice would be drop them before it's too late and you have hours of code written nothing to show for it... But as for a solution for them... If they're that adamant about not paying for a server, how about ASP, PHP, or Perl even? CF Express really is a useless product. I find it hard to believe you'll be able to code anything useful for it. In any case, good luck! Believe me, I feel your pain! Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOgl0EqvhLS1aWPxeEQKc2gCffBh7Fpuyw/Ld3pgM5qd/m8HN+XAAmwVj LENXBXxG+rFlVGbyQDPhUcJ/ =89Xe -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Paranoid programming...
some level at which you trust your software hardware. If you can't trust your own code, It's not a matter of trusting code - it's a matter of not trusting hostile programmers... Then... I hate to say it, friend, but you really are screwed If there are individuals who meet the following: 1) They have access to your source. 2) They have access to execute their own code on the same server. 3) The have any desire to see what's in the database in question. It is impossible for you to prevent them from getting in given your situation. There's just no way. You can certainly obfuscate to your heart's content make it more difficult, but there is literally nothing you can do to prevent them from getting at your data. Even scenarios that store the DB password off server won't work -- your hostile programmers can get the code that retrieves that password, they can execute that code for themselves, and they now have the password. If the security of the data in question is indeed that important to you and/or your clients, bosses, etc., then you need another computer. Setup another CF machine that access the database and to which your hostile programmers will have no access. There's literally nothing else that will work. If you're into false senses of security, then you can certainly make things look nice secure, but you can't do a thing to stop your programmers from getting at whatever they want to get at. I mentioned trusting software hardware above, but I did forget to mention the one thing you REALLY need to be able to trust -- your programmers. If you can't trust the people that write your code, then you certainly can't trust the code they write, ya know? Sorry to bear bad tidings, but... Reality has a way of asserting itself at times. Best regards, Zac Bedell Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Paranoid programming...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The database itself is sensitive enough that the owner does not want the userid and password put into the ColdFusion admin area either... I'm curious, why do you consider the ColdFusion admin area insecure? Is there a way the password can be discovered once its put there? Any DB passwords entered in the CF Admin pages are stored encrypted in the registry (or the CF registry file in the case of UN*X). It's technically possible to decrypt that password once it's stored there if you know the password that CF uses to encrypt it in the first place. BUT since that section of your registry or the registry file should be secured to admin access only, then only admins (which shall be presumed to already know the password) could access the encrypted password in the first place. To respond to the original poster's questions: I'm afraid you're being a little too paranoid for your own good. No matter how you structure things, at some point, the CF Server must have an unencrypted copy of the DB password to send off to the DB Server. It's gotta be stored somewhere. You can certainly encrypt it when you store it, but the CF code has to be able to decrypt that password in order to use it. There really isn't any way to get around the fact that the password must be in cleartext at some point for CF to use it. Now... You mentioned: However, because of the gateway issue, hard coding the userid and password into the cfm files is out - the cfm files are in general accessible by someone browsing the directories. I'm not sure who you're worried about browsing your directories. General web users can't see your CF source code (assuming your server is configured correctly. And if it's not, then you've got way bigger issues to worry about, no?...). The only folks that can see your CF source are those that have direct telnet, ftp, or physical access to the box. And of those, only users that have been granted access to the web directory can actually see the files in question. Assuming you've set your file system security settings properly (IE root, your backup user, and the account that the webserver runs as should be the only ones w/ access to those files), then no one important can see that source anyways. I gather that the security of your data is quite important to you, and that's certainly understandable. Unfortunately, there has to be some level at which you trust your software hardware. If you can't trust your own code, then there's really nothing you can do to make yourself feel secure. There are certainly an unlimited ways to obfuscate things and make it more difficult for a would-be hacker to get at your data, but it's not likely that you'll be able to stop a dedicated attacker who has access to your source code. That said, here's what I'd do given your situation: 1) Create a CF virtual root in the CF Administrator that points to somewhere outside of the webserver's root (I'm assuming UN*X CF can still do this). Example: If your webserver root is /home/www/, then make a directory like /home/ReallySecretStuff/ (you might not want to use *that* file name... ;-) and store the password files in there. If you've called that CF root "DBPass", then you can gain access to files in there within CF template by using cfinclude template="/DBPass/Whatever.cfm" The benefit of using a virtual CF root is that if someone gains source access to CFM's in your webroot through some sort of server software exploit (::$DATA, +.htr, etc., etc), they can't get at the files outside of your webroot (at least not with any exploits I've seen to date). That way they might see the name of the file with your passwords, but chances are really slim they'd be able to get to them. 2) Your password file itself is nothing more than a little CF template w/ a couple of CFSets. Something like: !--- DBPassSomeRandomJunkNoOneWillGuess.cfm --- cfset DBUser = "MeWho" cfset DBPass = "ExactlyWhat" You could certainly employ some basic encryption here, but it would just be obfuscation. You might slow down an attacker, but chances are you won't stop them. I would use CFENCODE to encrypt that CF template. Again, that's not terribly secure, but it will prevent a casual browser of your server from accidentally seeing your passwords. 3) In your actual CFM's, do: Cfinclude template="/DBPass/DBPassSomeRandomJunkNoOneWillGuess.cfm" Cfquery name="Whatever" datasource="Whatever" username="#DBUser#" password="#DBPass#" SELECT ... /cfquery That's about it I'll stress just one more time that this is NOT 100% secure, and that someone who REALLY wants your data WILL GET your data no matter what you do. This does provide what I think is a reasonable measure of security difficulty so that your average luser with nothing better to do will likely take a hike before he gets into your data. If you'd care to get any other details on any part of that, feel free to ask. And
RE: File Vs Database?????????
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am making a small web application where in a candidate will be able to write his test on the web once he applies for a post.So i am making an on-line test paper. Since no huge data storage is required, so i want to develop this application purely file based..i mean i dont want to use database n i have designed the application also using files in such a way that it is scalable.I am using CFHTtP tag to convert the data in the files into query variables. But now what i want to know 1 Is this the better way? Not a chance 2 Will this improve the speed as no database connection is required? Also, not a chance... 3 how much the performance will be effected postive or negative way? Given the number of problems that various folks have had with CFHTTP, and also given the overhead complexity in having the CFServer make another HTTP request to itself, wait for data to be received, parsing the text into a query, and sending it back to calling CFM as a query.. I don't think there's any way in heaven, heck, or earth that you will gain any performance. It would certainly *work*, but there's no way it would scale as well as using a database -- even MS Access! Is there any particular reason you *don't* want to use a database? Other than any perceived performance hit, I can't think of any reasons; and using CFHTTP as you described certainly wouldn't improve performance over using a database. Well i hope the experienced developers here will share their experiences. Actually i want to know which is better ,database or file system? for developing a small application. Plz share ur views with me on advantges n disadvantages of using of each one of them. There really aren't a whole lot of advantages to using the file system as you described instead of a database. The only possible situation where the file system would be better is if your host absolutely prohibits you from using a database OR if you don't have MS Access, but that's fairly reasonably priced software IMHO. If you can afford CFServer, then MS Access should be pocket change Granted, Access has a learning curve, but you should be able to pick up the basics in a couple of days if you don't already know how to use it. Negatives for using the file system include: * MUCH slower * Not scaleable * Much more storage required -- depending on the file system, each "entry" could use anywhere from 8-32K of storage even if the data stored is only one byte! In short, use a database. They're really not all that bad... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOf7biKvhLS1aWPxeEQLMbACgyUFUGQt6ZYXNvwf42C787Z6w17AAoNdX vCIsqbBPltLpWW/xOGBnFFfh =a0yo -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: File Vs Database?????????
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Though I didn't originate this, thanks for the advice. I was going to pose the question today regarding using text in a database versus just having CF include a .htm file of the text by way of referencing the file name in the db. If I could pose a slightly different question (I assume you're somewhat familiar with Access 2K), how significant is the storage overhead for a memo field storing text versus that text in a .htm file? Assuming the size of the text is roughly that of a newsletter or magazine article. Well. That depends (depends on what?...) I'd need to know a bit more about the site to make a judgment call on this one, but here's what I'd keep in mind: If you're not already using a database, and you have no need for one elsewhere on the site, then files might be better. It all depends on the quantity of articles you're looking at tho. If you're already using a DB, then I'd say you might as well go ahead use it. As far as how much overhead a memo field entails... For the most part, a DB hit is a DB hit, performance-wise. If you hit the DB bring back two characters, it's really not a whole lot less load that hitting the DB and bringing back a few K. The overhead of setting up the DB connection, firing off the query, and waiting for the response is where all of your lag comes in. The actual transfer of data from OLEDB/ODBC is a fairly minor part of the time involved. Since you plan to store filenames in the database anyways, I think you'll find faster access just getting the content from the DB. You've already paid the price of a database lookup, so you might as well get *all* of the data and not bother with a second trip to the disk to get the content from a separate file. And that's not to mention wasted disk space from all those HTML files. Now... Depending on how your news will be obtained and/or modified, there could be some good arguments for a file based solution. If humans need to cull the news and potentially edit it, then individual files might be easier -- especially if your HTML folks like FrontPage or similar file based editors. If you're just going to grab the news from another site dump it into the DB site unseen, then I don't see much benefit to using individual files. Another benefit of using the DB: If you have a bunch of RAM available and/or you don't have too many articles that would be in your active set, then you could cache the DB queries that retrieve the articles. That way, once an article is retrieved once, it should be held in memory served out fairly quickly for the rest of the viewers. Again, tho... Everything depends on the quantities of articles, viewers, and general server resources. If you're expecting a fair number of users and have a moderate to small number of articles, then I think storing the text in the DB using query caching will result in the best performance. YMMV, of course... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOf7wAqvhLS1aWPxeEQLVBwCgyFAao2/hIrZ80USKGy05X217xvwAmgM+ FndtiV7tATjyFOAzodaVXuQ2 =XvMN -END PGP SIGNATURE- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: locking with IsDefined
That's wrong alright... Reads AND writes both need to be locked. CF uses
advisory locking only, so unless you TELL CFAS that you're about to read a
particular scope, it has no way of knowing whether to allow or deny write
locks on said scope. ALWAYS, ALWAYS, A-L-W-A-Y-S!!! lock all READS AND
WRITES to session, application, and server scopes.
The only exception to that is if you've set your 4.5.1+ server to do
automatic read locking. ONLY THEN can you afford to NOT lock reads because
CFAS will do it automagically for you.
Best regards,
Zac Bedell
-Original Message-
From: John McKown [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 17, 2000 6:47 PM
To: CF-Talk
Subject: RE: locking with IsDefined
I may be wrong, but my understanding is that reads do not need a lock,
only writes.
John McKown, VP Business Services
Delaware.Net, Inc.
30 Old Rudnick Lane, Suite 200 Dover, DE 19901
email: [EMAIL PROTECTED]
phone: 302-736-5515
fax: 302-736-5945
icq: 1495432
-Original Message-
From: sebastian palmigiani [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 17, 2000 5:45 PM
To: CF-Talk
Subject: locking with IsDefined
When testing for the existence of a session variable such as:
IsDefined("Session.Login")
do you need to use a lock around it?
-
Sebastian
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf
_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a
message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message
with 'unsubscribe' in the body to [EMAIL PROTECTED]
RE: Possible ip address conflict btwn CF and Lyris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Check to make sure that none of your virtual servers in IIS have their IP address set as "All Unassigned." That would make port 80 on the default IP of the box unavailable for Lyris. CF itself shouldn't bind to any incoming ports. Best regards, Zac Bedell -Original Message- From: Cameron Childress [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 12, 2000 1:17 PM To: CF-Talk Subject: RE: Possible ip address conflict btwn CF and Lyris We are wondering if CF somehow gets bound to the default ip address of the box in such a way that it disallows other requests to that address on port 80. It's much more likely that IIS is causing the conflict, not CF. If you can switch to a non-standard port for Lyris (like :8080), your problem will probably go away. -Cameron Cameron Childress ElliptIQ Inc. p.770.460.7277.232 f.770.460.0963 -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_tal k or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOeYGxgraVoMWBwRBEQKutQCg14rDjGqjjWtHP6/UVPnijUz+gicAn1uu Ez2OhzHgmvl0lTxQiOcSIWrv =wwbF -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Client Variables Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 NONONONONONONO!! DON'T DO THAT!!! If you mess w/ ColdFusion's client variable database, ColdFusion gets VERY ticked off at you. It will start leaking memory, crashing, and doing all sort of other anti-social things to get even with you. (At least it did when I tried something like this on our 4.0.1 server.) The client variable store is CF's sacred property. Don't mess with it! If you're willing to use cookies as the storage location (which has its drawbacks, but...), you could just use COOKIE.VariableName instead of Client.VariableName. When you set your cookies, just send them w/ a 2 hour expiration time in CFCOOKIE. Just keep in mind that you're going to be sending the entire contents of any cookies you set back forth w/ each HTTP request. Keep them nice short. Even better, use a DB to store your client variables. Then you can use Client.LastVisit to decide whether to use or to reset the client variables before you use them. You should also set a short client variable expiration time in the CF Administrator to clean any old data out of your DB every day or so. Best regards, Zac Bedell -Original Message- From: Doyle, Mike [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 12, 2000 2:44 PM To: CF-Talk Subject: RE: Client Variables Question If you save your client variables in a db, then I surmise you could create a scheduled task w/in Administrator to sweep out 'old' client variables... Just a quick thought. Is there a way to set an experation on client variabes in the application.cfm file similar to a session timeout. What would I do if I only want the client variables to persist for say 2 hours using cookies as the clientstorage. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOeYKLAraVoMWBwRBEQLkLgCgoOW3ZUWW1+DruoEyP1Oo8h1RhtIAmgOt bDu0akWbF8or7MATLfZkdhy/ =iGCh -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Kinda OT : Java based file uploader
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I want a (nearly) free java applet that I can put on a page that will pop up a file requester when a button is clicked and upload the file chosen (with progress bar/something) to a (not necesarily) CF template on site. Preferably the applet would invoke some javascript function with appropriate attributes when the upload is complete so that page content (say an image) could be updated right before the users eyes. I looked into writing this myself, and indeed had a prototype (which didn't actually transfer stuff) running in applet viewer before I realised that to get it working everywhere I would have to fork out to get a certificate to sign the classes so that a file requester could be opened in a browser. Anybody know if such a beast exists ? To the best of my knowledge, a Java *applet* can not read or write any files on the client's hard disk. That's a security thing, otherwise... Well I'm sure you can see the nasty security implications of a webpage being able to read or write users' files A Java application could do what you seek, but that can't be embedded in a browser. We ran into the same problem going in the oposite direction -- our users want to batch download files from our site. We've started implmenting it as an ActiveX component in VB. It's not cross platform, or course, but as far as I know, it's the only way to access users' file systems. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOd3hNQraVoMWBwRBEQKlngCdE7Yd6L/0o8NCkAR3GhS55EFqQC0AoJK2 sWto7DinuxAlhPTLtWm6Uujx =DZPY -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Query assignment... copy or reference?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
To the best of my memory, it's by reference.
And I'll second your comment about the CFDOCs. It would be nice if
they'd document whether things were byref or bycopy rather than
leaving it up to the programmer to guess...
Best regards,
Zac Bedell
-Original Message-
From: Peter Theobald [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 06, 2000 12:51 PM
To: CF-Talk
Subject: Query assignment... copy or reference?
When I assign a query variable to another query variable,
does it make a copy or use a reference (pointer)?
Specifically I have the following in a module:
I take the name of a query as an argument, and I want to use
that query:
cfset defquery=evaluate("caller.#attributes.defquery#")
Is this making a copy of all the data, or just a reference to
the original?
(BTW, why is it that none of the CF books discuss queries as
a data type? It is a perfectly valid data type to use as you
need even if it has nothing to do with a database. It has
it's own strengths and weaknesses distinct from structures.)
--
-
Peter Theobald, Chief Technology Officer
LiquidStreaming http://www.liquidstreaming.com
[EMAIL PROTECTED]
Phone 1.212.545.1232 x204 Fax 1.212.545.0938
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list
s/cf_talk or send a message to
[EMAIL PROTECTED] with 'unsubscribe' in the body.
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
iQA/AwUBOd4HMwraVoMWBwRBEQIazQCgqTHSYuEIiTeKUPnpv3E2iaO0beQAn378
ujDLd6wLharXRa7/TYb6Fzd4
=US20
-END PGP SIGNATURE-
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Slightly Off-Topic: Credit Card Wackyness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alright, so I got the SSL working, and I'm pleased with that, now my head is spinning with the possibility of credit card usage on my little higher-educational website (I'm tired of doing job boards, admissions applications). I have no idea what I need in order to do this. Do I need some credit card hardware? Some sort of networkable swiper box? Can I do it with just cold fusion and an I.P. address? Babe in the woods, here, people. Oh boy... Here's a question w/ no easy answer... There's about a million one ways you can do credit card processing. First question: Do you have a merchant account with a bank, or do you think you can get one easily (IE: established company w/ good credit rating in good standing w/ the bank)? If the answer to that is NO, then you'll need to user one of the various services that provide full credit card billing w/o the user needing a merchant account. I'm not sure whether you're selling site access (or other intangibles) or if you're selling a product, but that would affect your choice of processors. This type of processor will charge you a mint for their services, but they might be your only choice if you can't get a merchant account. They also usually add additional fraud detection systems which are EXCEEDINGLY useful for membership-type sales. Some places to start looking: www.ibill.com, www.ccbill.com, and a sh'load of others I can't think of off the top of my head. IBILL has been our best bet for a while now. We DO have a merchant account, but the reduction in fraud w/ IBILL's fraud detection and negative database has MORE than made up for the 15% cut they take for their service. If you do have or can get a merchant account, you'll likely want to look at processing the cards through your own account. That way, you'll probably end up paying minimal fees (3-5%) and perhaps a small per-transaction fee ($.10 - $.35 per charge). Now... Simply having a merchant account doesn't magically get you Internet CC billing (bummer...). You'll need some software to pull it off... CyberCash seems to be a popular choice. Depending on your bank, the CyberCash transactions fees might be covered for you, leaving you only the 3-5% bank cut. Our bank covers the CyberCash fees for us. That said, I haven't been too thrilled w/ CyberCash personally. I'm especially displeased w/ the ColdFusion options for accessing the CyberCash servers. On CyberCash's side, Address Verification Services (AVS) are frequently unavailable even for cards that I *know* support AVS. That makes it tougher to control fraud. As for the ColdFusion software, it's kind of a mess... CyberCash doesn't actually supply CF tags or anything of the sort. They give you a COM object, but the amount of supporting code to drive the COM is pretty heavy. That code is available in Perl, C, or ASP, but not CF. Porting it would NOT be fun... There are a number of CyberCash tags available from third parties. Allaire ONCR both make tags. Allaire's only does authorizations, not batch settlements, and it's not thread safe (CFLOCK is a MUST!). Version 3 of the ONCR tag seems to leak memory during auths, but it does handle batch decently. It WILL occasionally crash however. That leaves your batch in an unknown state requires much manual intervention cursing to straighten things up. That happens perhaps once every two months or so. ONCR does have a version 4 available of their tag which they claim is much better. I'd give it a try if not for the $ticker $hock Even with all those caveats against CyberCash, I feel it's the best solution available if you have a merchant account. I'd certainly be interested in others' experiences with other processor software, tho! Hope that was at least helpful. I can provide more detailed information about either IBILL or CyberCash when you decide which route you're going to take. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdySegraVoMWBwRBEQIllgCg2B+4utyhed9PcotSMtd/Vc1jJSMAn2CQ VsZNko+pMHbaMUetIiGNiTeG =5Pfl -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Slightly Off-Topic: Credit Card Wackyness
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Your college definately has a merchant account then. One more question for you: Do you need to take live online authorizations, or could you simply get the card numbers forward them to the accounting office for manual entry? I suspect that sending the numbers to the accounting office would make everything far simpler easier. If you're expecting a thousand payments a day, then that's probably not the route to go, but It would be a ton easier than setting up dealing w/ CyberCash. You will need to check w/ your bank to make sure they'd allow that. You'd also need to make sure everything is stored encrypted accessable only by appropriate people. Hope that's helpful. Best regards, Zac Bedell -Original Message- From: Willy Ray [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 05, 2000 11:31 AM To: CF-Talk Subject: RE: Slightly Off-Topic: Credit Card Wackyness Well, I'm at a small college. I'd like the students to be able to pay tuition, fees, etc. w/ their creditcards over the website. The accounting office has a swiper unit that they use at the cashiers window. Would that be a "Merchant Account?" Do I need to figure out with them how that works, then talk to the people that they have that through? [EMAIL PROTECTED] 10/5/00 8:38:50 AM *** PGP Signature Status: good *** Signer: Zachary S. Bedell [EMAIL PROTECTED] *** Signed: 10/5/2000 10:38:50 AM *** Verified: 10/5/2000 12:03:45 PM *** BEGIN PGP VERIFIED MESSAGE *** Alright, so I got the SSL working, and I'm pleased with that, now my head is spinning with the possibility of credit card usage on my little higher-educational website (I'm tired of doing job boards, admissions applications). I have no idea what I need in order to do this. Do I need some credit card hardware? Some sort of networkable swiper box? Can I do it with just cold fusion and an I.P. address? Babe in the woods, here, people. Oh boy... Here's a question w/ no easy answer... There's about a million one ways you can do credit card processing. First question: Do you have a merchant account with a bank, or do you think you can get one easily (IE: established company w/ good credit rating in good standing w/ the bank)? If the answer to that is NO, then you'll need to user one of the various services that provide full credit card billing w/o the user needing a merchant account. I'm not sure whether you're selling site access (or other intangibles) or if you're selling a product, but that would affect your choice of processors. This type of processor will charge you a mint for their services, but they might be your only choice if you can't get a merchant account. They also usually add additional fraud detection systems which are EXCEEDINGLY useful for membership-type sales. Some places to start looking: www.ibill.com, www.ccbill.com, and a sh'load of others I can't think of off the top of my head. IBILL has been our best bet for a while now. We DO have a merchant account, but the reduction in fraud w/ IBILL's fraud detection and negative database has MORE than made up for the 15% cut they take for their service. If you do have or can get a merchant account, you'll likely want to look at processing the cards through your own account. That way, you'll probably end up paying minimal fees (3-5%) and perhaps a small per-transaction fee ($.10 - $.35 per charge). Now... Simply having a merchant account doesn't magically get you Internet CC billing (bummer...). You'll need some software to pull it off... CyberCash seems to be a popular choice. Depending on your bank, the CyberCash transactions fees might be covered for you, leaving you only the 3-5% bank cut. Our bank covers the CyberCash fees for us. That said, I haven't been too thrilled w/ CyberCash personally. I'm especially displeased w/ the ColdFusion options for accessing the CyberCash servers. On CyberCash's side, Address Verification Services (AVS) are frequently unavailable even for cards that I *know* support AVS. That makes it tougher to control fraud. As for the ColdFusion software, it's kind of a mess... CyberCash doesn't actually supply CF tags or anything of the sort. They give you a COM object, but the amount of supporting code to drive the COM is pretty heavy. That code is available in Perl, C, or ASP, but not CF. Porting it would NOT be fun... There are a number of CyberCash tags available from third parties. Allaire ONCR both make tags. Allaire's only does authorizations, not batch settlements, and it's not thread safe (CFLOCK is a MUST!). Version 3 of the ONCR tag seems to leak memory during auths, but it does handle batch decently. It WILL occasionally crash however. That leaves your batch in an unknown state requires much manual intervention cursing to straighten things up. That happens perhaps
RE: TO ALL: Request for ColdFusion SP2 Input
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 -Original Message- From: Peter Theobald [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 05, 2000 1:36 PM To: CF-Talk Subject: RE: TO ALL: Request for ColdFusion SP2 Input Here's one: I'd like positional parameters to modules. It would make calling a module so much more concise. And I'd like that to extend to CF's built in tags too. For example: cfinclude "mytag.cfm" instead of cfinclude template="mytag.cfm" And while we're at it, I often have dozens of one variable outputs that are made too wordy by the syntax: cfoutput#var#/cfoutput. I'd like to see an alternate That sounds like a nifty idea, but I suspect it would be rather unpleasant to implement and somewhat confusing to call (just what order SHOULD the params be passed in?). Perhaps an alternate method to get essentially the same functionality would be to expose ALL of the functionality currently handled by tags as functions. That would make Cfscript blocks far more powerful as well. And while we're talking about Cfoutput... How about just aliasing cfoutput and /cfoutput to ? and ? respectively. Sure it looks like PHP, but it's easier to deal with... Not that I would expect any of *that* to happen in a service pack release. They're features I'd like to have (especially the functionalized tags), but I'd rather the coders concentrate on squishing the bugs in SP2 rather than adding tons of new features... Regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdzMjQraVoMWBwRBEQIb6ACeONxuqAiVCFqDbNJUUfEvmERhZCYAoMp9 S/hg0dvcG8aQpn59dDd9YwYC =NAga -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: cfhtmlhead
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Something like this: html head blahblah /head body blahblah cfhtmlhead text="titleWhatever/title" /body /html You could potentially figure out the title for the page from a DB query or other operation and add it into the heading after you've sent out the htmlhead.../head bit. A pratical example: You're displaying pages results and you want the title to be something like: titleYourSiteHere -- Displaying X to y of Z results/title Chances are you might have to send out your page header before you know the counts of items, so CFHTMLHEAD saves you there: cfhtmlhead text="titleYourSiteHere -- Displaying #FirstRecord# to #LastRecord of #TotalRecords# results/title" It's also useful for sticking JavaScript into the head section after the fact. Best regards, Zac Bedell -Original Message- From: wpdd [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 05, 2000 1:40 PM To: CF-Talk Subject: cfhtmlhead Does anyone examples of good uses for this tag ? -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdzNyAraVoMWBwRBEQKOdgCg9Dt0i8BEIFA6R7HAhF/aGiDefCoAoIT5 HD6WCiOhxtTfDEqx1dDqB//U =WfKG -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: SQL Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 text. Max storage per field is in the gigabytes. Tho you might get away w/ varchar fields as the max varchar is 8000 chars vs. Access' meager 255 chars. Varchar is easier to deal with for various reasons, so if you're under 8k, use the varchar instead of text. Best regards, Zac Bedell -Original Message- From: Andy Peterson [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 05, 2000 2:16 PM To: CF-Talk Subject: OT: SQL Server Hi, Can anyone tell me what the equivalent of a MS Access "memo" field is in SQL Server 7.0? TIA, Andy -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdzkkAraVoMWBwRBEQJPhgCgxPQxa+emGMnsvbWsJYnn7kxzi/8AoIZt GZY3wt2NZdSTyeDGpYNQjiM9 =mEZE -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: ColdFusion SP2 -install issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't remember if SP1 worked this way or not, but my biggest request would be for EVERY new version of CF - be able to be installed without having installed a previous version. CF_Gripe Can I say AMEN to that?! It seems like some versions of CFAS are happy if you just have a previous serial number, but others wanted to see a full application installed. Proof of ownership by providing a serial number seems quite sufficient. Given the incompatibilities introduced by installing certain versions of CFAS, I think it's unreasonable that you need to install an older version and increase your potential for problems. ESPECIALLY when you consider that certain versions of CFAS are know to mess up the MDAC installations on Win2k. It's really inexcusable... I didn't pay for a software subscription to beat my head against the wall every time I try to install the software... /CF_Gripe Sorry... I feel better now... Regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdNe6QraVoMWBwRBEQLkaACfXZy+LmLMLEz7rfgFACrYGd4/P7cAoNiE RPL9nymRnlc0EqhY0lJuGnAG =zDPe -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Post form data in (to) CF
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
One thing that immediately jumps out at me is your POST line. HTTP
spec doesn't include the entire URL in the POST, only the path info.
So this:
POST http://xyz.xyz.com/1.cfm HTTP/1.0
should actually be:
POST /1.cfm HTTP/1.0
Host: xyz.xyz.com
You can include the hostname in a host header if need be (depending
on how your server is setup, that might be required). The POST
should only include the path, tho.
Other possible gotchas:
There's no Content-Type header in your request. Try adding:
Content-type: application/x-www-form-urlencoded
Your POST data isn't URL encoded. For the body of your HTTP request,
try:
date_id=2000%2D09%2D21
I think among those three things, you should be able to get a
successful POST. CF is a far more picky beast than Perl is,
unfortunately...
Best regards, and good luck!
Zac Bedell
-Original Message-
From: Benji Spencer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 26, 2000 10:27 AM
To: CF-Talk
Subject: Post form data in (to) CF
I am working on a project where I need to construct the actual HTTP
request. I have run into a roadblock with CFM form pages though.
Does anyone know how CF handles form data in a post? CF seems to
be
expecting/seeing things different then a CGI script.
here are a couple of examples as to what I am doing as well as
there unexplainable results.
1.1) my test PERL script (just displays the post data)
[/opt/cgi-bin]% cat 2.pl
#!/usr/local/bin/perl
use CGI;
$query=new CGI;
print $query-header;
print $query-param('date_id');
1.2) The request to that script
[~]$ telnet xyz 80
Trying xxx.xxx.xxx.xxx...
Connected to xyz.xyz.com.
Escape character is '^]'.
POST http://xyz.xyz.com/cgi-bin/2.pl HTTP/1.0
Content-Length: 18
date_id=2000-09-21
HTTP/1.1 200 OK
Date: Tue, 26 Sep 2000 14:08:58 GMT
Server: xx
Last-Modified: Tue, 26 Sep 2000 13:45:57 GMT
Cache-Control: no-cache
Connection: close
Content-Type: text/html
2000-09-21Connection closed by foreign host.
2.1) the CFM page
cfoutput #form.date_id#/cfoutput
2.2) The request to the CF page
[~]$ telnet xyz 80
Trying xxx.xxx.xxx.xxx...
Connected to xyz.xyz.com.
Escape character is '^]'.
POST http://xyz.xyz.com/1.cfm HTTP/1.0
Content-Length: 18
date_id=2000-09-21
HTTP/1.1 200 OK
Date: Tue, 26 Sep 2000 14:21:53 GMT
Server:
Page-Completion-Status: Normal
Page-Completion-Status: Abnormal
Connection: close
Content-Type: text/html
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
iQA/AwUBOdC1QQraVoMWBwRBEQJyUQCffLlooluOzEFL801WYHDdSMcTqfoAn36E
fRXJTakEeCjMqP8NJx/pj+OQ
=gPFG
-END PGP SIGNATURE-
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Cheap CF Hosting FOUND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.v-domains.com/ 9.95 per month includes CF. Did you notice that if you want a database at all you have to go up to $19.95 a month though. Ugh! Says who? Just use direct OLEDB access, and you don't need them to setup a DSN at all. Just upload your Access DB and use a CFQuery line like this: cfset DBPath = "D:\InetPub\wwwRoot\YourSite.com\file.mdb" Cfquery name="QueryName" datasource="#DBPath#" dbtype="OLEDB" provider="Microsoft.Jet.OLEDB.4.0" providerdsn="#DBPath#" username="Admin" password="" SQL... /cfquery I know this might be a little off the edge of the list charter, and I hate to blow my own horn, but... We host for $29.95 a month if anyone's interested. That includes FTP access, 5 email accounts, unlimited email forwarding, MS FrontPage 2k support, ASP, CFM, your own IP address (none of that host header garbage I've seen a lot of other hosts using lately), and some assorted other goodies. We don't charge extra for DB access unless you need a DSN or SQL server or something. AND, if you email me, I get back to you within the day if at all possible. And you can even call me on the telephone get a live person (namely me) if you need it. I won't post contact info on the list, but if you wanted to email directly, I can give info to anyone who's interested. My apologies in advance if anyone's offended by the more or less blatant commercial plug, but... It seems relevant to this thread. Best regards, Zac Bedell [EMAIL PROTECTED] http://www.adirondack.net -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdDA8QraVoMWBwRBEQLyjQCfRtmEWbCqxmSe3ocN9vYP5z8dF2sAnjN9 UC4zhlx5Mug12Ht6Du0alg/Z =Agzq -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Post form data in (to) CF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 One thing that immediately jumps out at me is your POST line. HTTP spec doesn't include the entire URL in the POST, only the path info. So this: POST http://xyz.xyz.com/1.cfm HTTP/1.0 should actually be: POST /1.cfm HTTP/1.0 Host: xyz.xyz.com do you know of a resource for something like this? I would like to verify my GET requests also Try RFC 2616. That's the HTTP/1.1 spec, so you can't get much more definitive than that. It's a bit of a tome (200ish pages), but if you're writing even a simple HTTP agent, it's really required reading. It also points out more information on assorted other resources like MIME URL encoding. That RFC can be found at http://www.ietf.org/rfc/rfc2616.txt. There's no Content-Type header in your request. Try adding: Content-type: application/x-www-form-urlencoded bingo. I added that (even with all my other oops), and it worked. thanks :) You're quite welcome! Your POST data isn't URL encoded. For the body of your HTTP request, try: date_id=2000%2D09%2D21 I will actually be receiving the data encoded already. Thanks for pointing this out though.. OK. That's definitely one thing that will give CF indigestion... (*burp!*) I think among those three things, you should be able to get a successful POST. CF is a far more picky beast than Perl is, unfortunately... I am much more use to PERL (and PHP now) when CF. At least I know what is going on in them :) *nods* In general, CF is just picky. As long as you follow the RFC, you should be okay. BE AWARE, however that CF disregards the RFC itself in a few spots. Namely it doesn't use CR/LF to delimit all of its headers as it should. Tags like CFContent, CFHeader, or anything else that manipulate the returned headers sometimes use an LF only; even tho the RFC specifies that CF/LF is REQUIRED. That's something to be aware of if you'll be parsing returns from CF. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOdDC1wraVoMWBwRBEQK0lACg9shhG9aSMw+NJY8bOUZn3fHFc14An3rf sOg86DMHQ1qA8RM5E5QGCtFg =xDxF -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Decrypt cold fusion files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I do love the head-in-sand solution to the CFDecrypter problem... It's not like it's tough to find. Any developer who uses CF's encryption and expects his code to be secure is REALLY delusional... An on-line tool, windows, and linux binaries are available at http://shroom.dv8.org/cfd/. There... The secret's out. Decrypting CF Files is pathetically easy. If you want secure, CFCRYPT/CFENCODE is *not* the answer... Best regards, Zac Bedell -Original Message- From: Mark Warrick [mailto:[EMAIL PROTECTED]] Sent: Friday, September 22, 2000 8:06 PM To: CF-Talk Subject: RE: Decrypt cold fusion files N NOO!! I think it would generally be illegal to decrypt templates unless of course it's your own work, in which case you can have Allaire decrypt them for you. Or you can find the CFDECRYPT program. Sorry no hints available for that solution. -- Mark Warrick Phone: (714) 547-5386 Efax.com Fax: (801) 730-7289 Personal Email: [EMAIL PROTECTED] Personal URL: http://www.warrick.net Business Email: [EMAIL PROTECTED] Business URL: http://www.fusioneers.com ICQ: 346566 -- -Original Message- From: Sree@bigbuzz [mailto:[EMAIL PROTECTED]] Sent: Friday, September 22, 2000 2:42 PM To: CF-Talk Subject: Decrypt cold fusion files This is a multi-part message in MIME format. --=_NextPart_000_0011_01C024B4.0006E920 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable HI, Is there a way to decrypt coldfusion files. THanks Sree --=_NextPart_000_0011_01C024B4.0006E920 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEAD META content=3D"text/html; charset=3Diso-8859-1" = http-equiv=3DContent-Type META content=3D"MSHTML 5.00.2314.1000" name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT face=3DArial size=3D2HI,/FONT/DIV DIVFONT face=3DArial size=3D2Is there a way to decrypt coldfusion=20 files./FONT/DIV DIVnbsp;/DIV DIVnbsp;/DIV DIVFONT face=3DArial size=3D2THanks/FONT/DIV DIVFONT face=3DArial size=3D2Sree/FONT/DIV/BODY/HTML --=_NextPart_000_0011_01C024B4.0006E920-- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf _talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOc+iOwraVoMWBwRBEQKjfQCgzJ7MZVYklDEkgvhz1OALpBLlUsEAoI6b T51VEGF+655n+5Be867MC1Zb =eGiH -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: ASP or Coldfusion?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quite honestly, for a few thousand hits a week, you could code it in QBasic and still have speed to spare I've had good bad luck scaling applications with both CF and ASP. Alot seems to depend on how the server software was put together (IE was versions of various things how they were installed). The rest depends on how the code is written. If you write good robust code, it really doesn't matter whether you use ASP or ColdFusion. If you know one or the other, use it. Another deciding factor is cost -- if you don't already own CF Server, then ASP will be your cheapest route. I've got a million hit a month site running fine on ColdFusion (4.0.1, NT4 SP6, dual P2-400, 384MB, SQL Server 7), and I've got a couple thousand hit a month site running like crap on ColdFusion. The million hit site was coded personally by me, and I know for certain that ALL locking and other stability issues were handled correctly. The other site was coded by hired trained-monkies, and it needs to be rebooted once a day... I've got similar success failure stories on ASP. Basically, the quality of the coding is more important than whether it's ASP or CF. Now on the other hand, CF 4.5.1 KILLED both of the aforementioned CF sites, so the CF version might have something to do with things Version 4.0.1 seems good for us. 4.5 4.5.1 completely choked. I haven't had the guts to try 4.5.1 SP1 yet Hope that was helpful. Best regards, Zac Bedell -Original Message- From: Dean Alexandrou [mailto:[EMAIL PROTECTED]] Sent: Friday, September 22, 2000 10:01 AM To: CF-Talk Subject: ASP or Coldfusion? I am not sure what tool to use to develop quite a major site. I have heard that while coldfusion is good for small sites, ASP is more robust, and would cope better with a large site that has to deal with a few thousand hits a week. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOctoLAraVoMWBwRBEQJNAQCg+vWhFmb5WvIlYLhyUfcEJ9unjwYAoIX3 Jvwa5uUVLu24z5fLbghp27xd =AcJy -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: SQL Max Size
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What is the max size of text that I can insert into an SQL database and is there a way to make an unlimited size available? What I am trying to do is insert word document converted to html(2000 so they are huge) to make a database of procedures here at work. They can be pretty huge, so the database has to be able to handle anything. I assume you mean MS SQL Server 7.0? If so, making the field type 'text' should give you something like several gigs per field. If you make them 'varchar', you're limited to 8000 chars. If I recall right, CF needs to be gently tweaked to enable large text retrieval. Out-of-box, I think it's limited to 65536 chars. Don't quote me on that, tho... In any case, making the field type 'text' will give you essentially unlimited storage (up to available drive space). If it's an issue, and you need to know the exact size limit, I can look it up for you. I'm just too lazy to go get the book off the shelf look right now... Suffice to say it's a LOT. Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOctpWAraVoMWBwRBEQKs1gCfd1nA+uOjhyFIJIH0e1x7Z74cAaIAn390 VsCvR6QBr5LFJ5viEZdb8L6p =VKOJ -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: ASP or Coldfusion?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It takes much longer to develop a site with ASP than CF That depends on the site... I'm a procedural programmer of many years, so ASP comes faster to me than CF does. I can still code anything in either language, but I'm more comfortable with ASP's approch than w/ CF's. Speed is really a matter of personal skill preference. I don't think you can label one or the other as faster to develop in. It depends on the coder... and you cannnot port your site from NT to UNIX whereas you can with CF if neccessary Sure you can! Try ChilisoftASP. It runs on AIX, HP-UX, Linux, OS/390, and Solaris. And it's cheaper than CF Server... (www.chilisoft.com) In conclusion they are both good tools - I came from an ASP background but my preference lies slightly towards CF for most tasks - it really is a superb tool. Amen to that! Use what works best for you... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOctq8AraVoMWBwRBEQLgUwCgyVF2I3/fDGM9aP3Qf7KM3nryBeUAoOkd VEPWw2MAttTrUm9G2vuip+0b =/Sdg -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Crazy idea?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oh my GAWD! I'd LOVE open source CF. Wouldn't surprise me if Allaire has half a dozen software patents on various parts of it, tho... At least with an open source solution, bugs might get fixed in less than six months time And it's not like Allaire support is worth a darn anyways... Granted, it's a bit out of my league to code it. Maybe it could be done as a language plugin for the Zend engine? (See Zend.com) It might be a crazy idea, but it's also a very good one... Regards, Zac Bedell -Original Message- From: Juan Andres Alvarez Valenzuela [mailto:[EMAIL PROTECTED]] Sent: Friday, September 22, 2000 11:46 AM To: CF-Talk Subject: Crazy idea? any topic about a Coldfusion Open source ? what about CFML especs ? any ideas ? is it a crazy idea to have a GNU Coldfusion servers ? -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOcuFnAraVoMWBwRBEQKu7gCfc1HQMzPO03vbogqp06EndqJ5n+8AoM47 n0DcZJrVB9QJLhlgrOcd+3bf =6Ja7 -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So if I think this out logically, the ONLY way to ensure absolute security is if the user has their cookies turned on. Well... That's not 100% secure either. It *is* possible for a malicious user to share his cookies with others. A malicious user could ALSO manually add ?CFID=XXXCFTOKEN=XXX to any URL on their site assume someone else's session. And someone mentioned that using Session variables was secure before. That's not true either. Session variables are "keyed" to the CFID CFTOKEN values in the cookies or the URLToken. If your user manipulates his cookies or the URLToken, he has effectively become the other session. So even if you're using session variables, your user can get all of those session variables by changing his CFID CFTOKEN. That's exactly what happened to us. Now... That's not to say that cookies aren't better than URLTokens. They are from a security standpoint. While a user could accidently pass on a URL that had a URL token to someone else, he'd have to go out of his way to share his cookie data. Cookies basically keep honest people honest... And speaking of cookies... I am inclined to wonder what the big deal about cookies is. All of our CF sites require cookies, and I've yet to get any complaints about them. We have the following as part of our privacy policy page: 6) How do we use Cookies? All of our sites use cookies to identify your account to improve your browsing experience. On our membership sites, cookies are required to login access members' services. The cookies we use contain only an anonymous user ID number which our servers use to verify that you are a valid, logged in member. If you do not accept the cookies we send to your browser, you will not be able to access any part of our members services. Our merchandise sites use cookies to track the contents of your shopping cart and to identify you once you login to complete a purchase. As with our membership sites, the cookies we send contain only an anonymous user ID number. If you do not accept the cookies we send to your browser, you will not be able to make purchases from our sites. For the technically minded, here are the exact cookies we use: CFID -- A random number CFTOKEN -- Another random number That's all we send! That seems to be enough to make everyone happy... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOcohpwraVoMWBwRBEQJkKQCg3bwo6KbDx/jcwJqyyIWtKpLAfA0Anj8n pdSPsNLPITgGXLg0InbPYE+6 =Cu+w -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Single Quotes - Double Quotes ARGH!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Unless I'm completely mistaken, CF handles single quotes automatically, without PreserveSingleQuotes. An example: cfset String = "That's a single quote..." cfquery name="Whatever" datasource="Whatever" debug INSERT INTO TABLE (ID, String) VALUES (42, '#String#') /cfquery Your debugging output for that should show an sql string of: INSERT INTO TABLE (ID, String) VALUES (42, 'That''s a single quote...') Your single quotes have been automatically escaped as two single quotes (as they should be), and they'll go into the database exactly as they should -- as one single quote. If you put PreserveSingleQuotes around the string in the CFQUERY, then the SQL String would look like: INSERT INTO TABLE (ID, String) VALUES (42, 'That's a single quote...') That would cause an error since your string ends after That, and you have a random bunch of text hanging out after it. Am I completely missing your question? Best regards, Zac Bedell -Original Message- From: Jake Hileman [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 21, 2000 11:59 AM To: CF-Talk Subject: Re: Single Quotes - Double Quotes ARGH! I'm still waiting for an answer to this question also! :) Don't forget when you select, you'll have to use it also. :) Jake - Original Message - From: "Peter Theobald" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, July 26, 2000 4:03 PM Subject: Single Quotes - Double Quotes ARGH! --=_14561452==_.ALT Content-Type: text/plain; charset="us-ascii" In several CFQUERYs on many pages I am updating several tables. Very often these text fields have apostrophes or double-quotes in them. If I surround the fields with single quotes, then CF escapes them by doubling them. They actually go into the database doubled. If I surround the fields with double quotes, then CF cuts them off when it sees the first double-quote. I cant believe my only option is to surround every single field in every single update on every single page with PreserveSingleQuotes(). That would be several hundred PreserveSingleQuotes()... What is the common practice for handling this? The apostrophe is a common character in English text... -- - Peter Theobald, Chief Technology Officer LiquidStreaming http://www.liquidstreaming.com [EMAIL PROTECTED] Phone 1.212.545.1232 Fax 1.212.679.8032 --=_14561452==_.ALT Content-Type: text/html; charset="us-ascii" html font size=3In several CFQUERYs on many pages I am updating several tables. Very often these text fields have apostrophes or double-quotes in them. If I surround the fields with single quotes, then CF escapes them by doubling them. They actually go into the database doubled. If I surround the fields with double quotes, then CF cuts them off when it sees the first double-quote.br br I cant believe my only option is to surround every single field in every single update on every single page with PreserveSingleQuotes(). That would be several hundred PreserveSingleQuotes()...br br What is the common practice for handling this? The apostrophe is a common character in English text...br br /fontbr font size=2bbr -- -br Peter Theobald, /bChief Technology Officerbr /fontfont size=3 color="#FF"bLiquidStreaming /b/fonta href="http://www.liquidstreaming.com/" eudora="autourl"font size=2 color="#FF"uhttp://www.liquidstreaming.com/abr /u/fontfont size=2[EMAIL PROTECTED]br bPhone/b 1.212.545.1232 bFax/b 1.212.679.8032br /font/html --=_14561452==_.ALT-- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. - -- - Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_tal k or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOco3/graVoMWBwRBEQJEtgCgjjzpKoUC/+H6KMeM0tYJvOSfPoMAoME4 xMOYrAMqeL9+tXey15fBMLu3 =cBmI -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk
RE: Cocatenation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
cfset someString = StartDate "AND" EndDate
Regards,
Zac Bedell
-Original Message-
From: Christopher S Martin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 21, 2000 4:34 PM
To: CF-Talk
Subject: Cocatenation
How do I concatenate three strings?
I want to cocatenate two variable name, with AND. I tried :
cfset someString = Evaluate("StartDate" AND "EndDate")
as well as:
Evaluate("StartDate" DE(AND "EndDate")
BUt niether of the worked. I would like to use someString as
a where clause
in a query, so it should output the values stored in some
string. WHat
should I do?
Thanks,
Chris Martin
[EMAIL PROTECTED]
www.fsenablers.com
www.fslink.com
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list
s/cf_talk or send a message to [EMAIL PROTECTED] with
'unsubscribe' in the body.
-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com
iQA/AwUBOcp3wgraVoMWBwRBEQLUbwCgu//Plkos2uOM1bDZV3CIZRwrZSQAoLDw
MhWdoORuciyM4/VPSHZRfqcZ
=p1aN
-END PGP SIGNATURE-
--
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Any Security Concerns Here? Passing Token in URL [CF-Talk]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Encryption won't help. The problem isn't the user having the information that's in the URLToken. It's having users (perhaps inadvertently) giving that info to someone else in the form of a link. Encrypting the data doesn't make any difference in that case since it's always going to be decrypted by the server anyways. Here's a real world example of where passing URLTokens in the URL can be dangerous: (Note: We don't use URLTokens in the URL. The reason they were in the URL in the following case was because CFLOCATION will add the URLToken by default unless you set addtoken="no") We have a What's New page on our site that allows our site admins to paste in a URL to go with the news item. When our admins want to announce a new section of the site, they find the page in their browser, copy the URL, and paste it into the What's New form to be added to the database. Once, one of our admins copied a URL that had her URLToken in it (from a CFLOCATION call). When users clicked on that URL, they assumed the admin's CFTOKEN CFID. CFAS was kind enough to automatically set a permanent cookie in their browser for that identity. So from that date forward, every user who had clicked on that link was using the same CFID CFTOKEN values. So what you ask? Whenever our admin logged into the site, ALL OF THE USERS who had ever clicked on that link automatically assumed all of her session variables. The net result was that anyone who clicked that link was able to access the site without logging in AND as an administrative account. Since sessions only timeout after 20 minutes of no-activity for that URLToken, the constant site traffic on that URLToken was enough to keep the session active pretty much all the time. It took us quite a while to notice that, and it wasn't fun to clean up. We had to manually purge our CFTOKENS database store, reboot, and then go to the admin's house to clear the cookies on all of her browsers so she got a new URLToken. We've since gone through the site to make sure every CFLOCATION has addtoken="no". We've also educated all of our admins so they'll manually trim the URLToken off before pasting a URL. So back to your question... If you use the URLToken in the URL, be aware that any time a user bookmarks the URL, shares it w/ a friend via cut paste, etc. you run the risk of inadvertent session sharing. Hope that was informative... Best regards, Zac Bedell -Original Message- From: Chris Montgomery [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 20, 2000 4:55 PM To: Cf-Talk Subject: Any Security Concerns Here? Passing Token in URL [CF-Talk] Howdy, When passing a URLtoken (e.g., #session.URLtoken#) in the URL to maintain state on public sites, are there any real security concerns? I've seen reference to this in a couple of places, but never an explicit explanation on what the real security implications might be. Would encrypting the URLtoken be better? -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOcktPAraVoMWBwRBEQJlLwCcDaiZuKUqk2eyP/ByiOrLEBP2o+YAn3US FF8nWlDlpRTN7UYBa7kbRf6J =kR68 -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: [CF-Talk] using the embed tag in a CF page.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nope. CF process the entire page spits it out the the browser. Since the embed tag is processed on the client side, the CF server's thread will be released immediately after the HTML is sent out. After that, the browser will make a second request to download the media file. Best regards, Zac Bedell -Original Message- From: Mueller, Ben [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 19, 2000 1:40 PM To: '[EMAIL PROTECTED]' Subject: [CF-Talk] using the embed tag in a CF page. If I have an embed tag in a .cfm page, and that embed tag calls a sizeable media file, will a CF thread be tied up until that entire media file is downloaded? Any knowledge on the subject is greatly appreciated. Thanks -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOceqYwraVoMWBwRBEQK25wCgqohedAtIgrlO1DSQRF5YvOdggwkAoKbj PuomTVcHNzSCOChCmo0XhCAb =lzje -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: [CF-Talk] CFCOOKIE problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CFCOOKIE doesn't work if there's a CFLOCATION on the same page. -Original Message- From: Gina Shillitani [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 19, 2000 2:31 PM To: '[EMAIL PROTECTED]' Subject: [CF-Talk] CFCOOKIE problems I am attempting to use this: CFCOOKIE NAME="profID" VALUE="#profID#" EXPIRES="NEVER" to set a cookie on a page. It is not setting the cookie. I'm not sure what I'm doing wrong but it is aggravating me to no end. Here is the block of code the above tag is in: cfelse cfset profID = 0 cfmodule template="../getProfID.cfm" geckoKey="#geckoKey#" profile_id="#checkCode.profile_id#" cfset SaveMe=Form.SaveMe CFIF SaveMe IS 1 CFCOOKIE NAME="profID" VALUE="#profID#" EXPIRES="NEVER" /CFIF cflocation url="/index.cfm?profID=#profID#flogin=1" /cfif Gina Shillitani [EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOce9kQraVoMWBwRBEQLewQCgmyIIxnTpHDN6Jk4A3QtjqBnyCTMAnRjy ppEaLPRkDaRuTfJkMmEYpf3V =oK6x -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: What's the dillio?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I know I've seen this topic before but can someone give me a heads-up on this error. That would be ColdFusion's generic "S**t happened, and we don't have a clue why" error Generally, it means some chunk of server RAM got corrupted by something or other. Check your locking everywhere on the site AND on any other sites that might be hosted on the same CF Server. If you're in a shared environment, then you're probably SOL... Other possible causes are bad DB drivers -- if you've installed anything that might mess with MDAC, therein could be your problem. Basically, you need to find anything that changed on that server back track. And again, if you're on shared hosting, you're going to have a heck of a time unknown exception condition PCodeRuntimeContextImp::executeSQLTagCFQuery::endTag The error occurred while processing an element with a general identifier of (CFQUERY), occupying document position (1187:2) to (1187:98). This is going to ruin my weekend :-( You're 100% right there Sorry you had to get this one... Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOcKC3QraVoMWBwRBEQI3TACbBaxAvoapL7G+UgAfFA+J5ATrxwUAoNjq x3IAnxEZ9Yf8LV26RHT2INA6 =SjbU -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Encrypting CF files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 1- How do I encrypt templates? I cannot find anything in the help. I suspect it is an exe or something. Depending on your version, it's either cfcrypt.exe or cfencode.exe in the c:\CFusion\Bin directory. Both apps do the same thing, so I'm not really sure why they changed the name. It only comes w/ CFServer, not Studio for some odd reason 2- I am also told that there is a DECRYPT exe floating around as well. Is it widely available, or is it one of those tools nobody admits to having? It is indeed one of those tools few people admit to having, but I suspect most folks who do any serious amount of CF coding have probably obtained a copy by now... Maybe an anonymous poll of the list is in order? ;-) Best regards, Zac Bedell -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBOb59lAraVoMWBwRBEQJUCQCgoLiBMTI3vknYw2jpd2kHPF8idi4An1Yj S16I3xqMePWvzNFlegd0NrPx =SDzm -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Trouble with CFLOOP output
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe because it's not in CFOUTPUT's? -Original Message- From: Jon Tillman [mailto:[EMAIL PROTECTED]] Sent: Friday, September 08, 2000 12:20 PM To: [EMAIL PROTECTED] Subject: Trouble with CFLOOP output Anyone care to help figure out why the a href line just after the start of the cfloop isnot getting parsed? cfquery name="categories" datasource="#application.dsn#" SELECT * FROMtblCategory WHERE categoryTopcategoryID=2 /cfquery cfloop query="categories" a href="aroma_prod_all.cfm?categoryId=#categoryID#"#categoryCat egory#/a cfquery name="products" datasource="#application.dsn#" SELECT * FROM tblProduct WHERE productCategoryID = #categoryID# /cfquery ul cfoutput query="products" liba href="aroma_prod.cfm?productId=#productId#"#productName#/a/b/l i /cfoutput /ul /cfloop -- *** Jon Tillman LINUX USER: #141163 ICQ: 4015362 http://www.eruditum.org [EMAIL PROTECTED] *** Help Jon build a network! Looking for giveaway computers parts Current Need: Tape Drive PI/PII processors Email me to find out how you can help *** -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_tal k or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBObke/AraVoMWBwRBEQLZMgCeNSPuoXffYQZ+emUkszgcDJQVdjEAoJGG NTZo+RsqRhMLy2tT/2NmrcoM =CkFN -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Access Field Names with Blanks in them
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 At least with the example you gave, you've got two issues to deal with -- the embedded space the leading digit in the field name. Neither of those are kosher in CF. Try something like: Cfquery ... SELECT '6 AM' as SixAm FROM /cfquery If you use the SQL query to alias all of your 'bad' field names to something CF can deal with, then you should be okay. Although... In all honesty, you *should* rename the fields Hope that helps! Best regards, Zac Bedell I was just trying to avoid having to explain why I had to rename them when "it was working just fine using ASP." Since you are redoing the front end, what would it hurt to go into access and just rename the database field to something without spaces? I'm not that familiar with Access, so I don't know if it will let you do it, but I've done this on more than one occasion with Sybase with no problems. Todd Ashworth CEO, Janty Corporation www.janty.com - We put the 'u' in music! | | | I am re-writing a scheduling program that was written in ASP/VB to work in Cold | Fusion. The scheduling program uses an Access Database as its backend. | | This is just a small program and we are trying to keep the backend the same and | just re-write the front end. However, the person that wrote this access | database made the field names contain spaces. For example, one field name is 6 | AM | | I didn't think you could have spaces in a field name. But even so, how do you | tell Cold Fusion the field name? I didn't think you could use #6 AM#. | | I have just started re-writing it and I am going to try referencing the field | name as #6 AM#, but I wanted to get feedback. | | Is this the right way to do it? I would like not to have to re-write the back | end just yet. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBObkzHwraVoMWBwRBEQJ3BwCg8s6ZzROYyxzpxXDYPOYKhlP3/k8AoMRb PnOTmryOLQxehBs5zpYcwJgm =ZnQj -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: fusebox stats
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Umm Inserts shouldn't cause DB locking issues unless there were updates or selects going on at the same time. If the table is just used for logging, then locks should only be an issue when someone's actually generating a report from the tables. And even then inserts shouldn't clash with selects. I don't think adding another layer would help matters any -- what's the difference between calling OLEDB to do an insert vs. calling a COM object to call OLEDB to do the insert? All that does is add another layer that every page request has to wait on. It eats more server RAM (*especially* the EJB), and just adds to the confusion. Not that writing to the DB on every single page access is such a *great* thing, but it shouldn't be *that* bad. If you are indeed logging all request to the DB, you might try disabling the webserver's logging capabilities to gain back some of what you're losing to the DB. Best regards, Zac Bedell It sounds simple, but under tremendous load, your insert operations will probably cause locking issues and could drown the server. An EJB or COM object in the middle tier to receive this would probably be safer. The easiest thing to do is have a db with a table called logs, with the page name as the ID and increment this each time this page is called before the cflocation/cfinclude its that simple:-) I think fusebox is cool, but I've gotten myself in some hot water here... I created a nice application for a customer using fusebox. Now, they would like to get stat reports on it... well... because you're always going to the same page and including the others all of the stats come back as hits against the main index.cfm page, not the actual page that was hit. How on earth do I track these pages individually? How can I tell how many people looked at the contact page, or the support page or whatever?? Thanks for any ideas... -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com iQA/AwUBObk0lQraVoMWBwRBEQLD+QCgn5CvxldbYvfAmCAhIUm3HD6EzKoAnR4X BnnTBWXCbfKbBeM9soA+9r2r =HQTG -END PGP SIGNATURE- -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
