Re: CFLIB question
oi Rafael!! i would assume so. when i submitted a udf i was sent a msg shortly after about how I could optimise the code I submitted and if it was alright to adjust my current code to that -- Critz Certified Adv. ColdFusion Developer Crit[s2k] - CF_ChannelOP Network=Efnet Channel=ColdFusion Tuesday, April 23, 2002, 10:58:37 AM, you wrote: RAB I hope nobody takes offense at this question it is, however, a reasonable RAB question from the bigger perspective of running a company... RAB Does anyone at MM ever check the custom tags posted to the gallery or at RAB MindTool check the UDFs posted to CFLIB for security flaws, hack code, etc? RAB Again, to everyone on the list in general, I've never once had any contact RAB with anyone in the CF community where there was a problem of this nature - RAB it's just that the potential risks are huge for anyone downloading a server RAB level tag to speed up site-deployment. My company has made use of several RAB over the years and we don't always have the technical ability in-house to RAB analyze them before deployment... RAB At 10:53 AM 04/23/2002 -0400, you wrote: a href=javascript:history.back(-2) Where -2 means you move back two pages. Cheers, Brendan At 03:30 PM 4/23/2002 +0100, you wrote: Greetings, I know not purely CF, but Does anyone know how, or a substitute to get the history.back() function to move back to pages, (instead of in increments) jumping back to a page, 2 or more positions in the browser history, i.e. visit page one then visit page two then visit page three then click a history.back() button, but instead of going back to page two, jump directly back to page one, the reason is to access a query object again created at that point, that was not recreated in steps form 2 to 3. Hope this makes sense, Repsectfully, J RAB __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: CFLIB question
At 10:58 AM 4/23/2002 -0400, you wrote: I hope nobody takes offense at this question it is, however, a reasonable question from the bigger perspective of running a company... Does anyone at MM ever check the custom tags posted to the gallery or at MindTool check the UDFs posted to CFLIB for security flaws, hack code, etc? So far as I know, the Developer's exchange is an open forum. Buyer beware. Whatever someone posts get put up there. In contrast, the cflib.org is checked in an attempt to retain high quality of the functions and content. What they actually check for, I can't say. I believe that it is efficiency. There is some text about this on the cflib site. -- Jeffry Houser | mailto:[EMAIL PROTECTED] Need a Web Developer? Contact me! AIM: Reboog711 | Fax / Phone: 860-223-7946 -- My Books: http://www.instantcoldfusion.com My Band: http://www.farcryfly.com __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
I doubt MM would (nor should they be obligated to). However, I think (with the exception of CFX's and encrypted tags) the beauty of open source comes out (believe it or not, there's more to open source than politics and Slashdot MS bashing) - many eyes, so problems are unlikely to go unnoticed. However, to truly answer your question: no. There's no guarantee of the quality, security, or safety of the code. If this is unacceptable per your business needs, then I would abandon using the free code. --- Billy Cravens -Original Message- From: Rafael (Alan Bleiweiss) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 9:59 AM To: CF-Talk Subject: CFLIB question I hope nobody takes offense at this question it is, however, a reasonable question from the bigger perspective of running a company... Does anyone at MM ever check the custom tags posted to the gallery or at MindTool check the UDFs posted to CFLIB for security flaws, hack code, etc? Again, to everyone on the list in general, I've never once had any contact with anyone in the CF community where there was a problem of this nature - it's just that the potential risks are huge for anyone downloading a server level tag to speed up site-deployment. My company has made use of several over the years and we don't always have the technical ability in-house to analyze them before deployment... At 10:53 AM 04/23/2002 -0400, you wrote: a href=javascript:history.back(-2) Where -2 means you move back two pages. Cheers, Brendan At 03:30 PM 4/23/2002 +0100, you wrote: Greetings, I know not purely CF, but Does anyone know how, or a substitute to get the history.back() function to move back to pages, (instead of in increments) jumping back to a page, 2 or more positions in the browser history, i.e. visit page one then visit page two then visit page three then click a history.back() button, but instead of going back to page two, jump directly back to page one, the reason is to access a query object again created at that point, that was not recreated in steps form 2 to 3. Hope this makes sense, Repsectfully, J __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Does anyone at MM ever check the custom tags posted to the gallery or at MindTool check the UDFs posted to CFLIB for security flaws, hack code, etc? I can only speak for cflib.org. First, cflib.org is not run by Mindtool. Mindtool graciously allows us to use their server, so we acknowledge that. Plus, the owner of the company made the design for us. (Neither Rob or I can design anything. ;) As for checking - yes, we do check _every_ udf. Rob and I are _very_ anal about what gets released at that site. That's why it takes so freaking long sometimes for stuff to get out. I'm sorry about that, but, I refuse to release anything without first checking it. The Developers Exchange at Macromedia is different. I'm not saying our DevEx is bad - I'm just saying it's different. The idea at DevEx is to just serve a storing house for any number of custom tags or other resources. Cflib has a slightly different purpose. Yes, we want to share code, but at the same time, Rob and I do quality checking and organizing. I think this leads to code that is of slightly higher quality than the Devex. This means we have rejected UDFs in the past that... while they work, did not seem appropriate. Another way in which the Devex differs is that it will host commercial code. We only host free code. Bare in mind - both Rob and I make mistakes, so I'm not saying every UDF released at cflib.org is perfect. Plus, I know that some UDF authors in the past have disagreed with our decisions. When that happens, we try to reach a consensus, and if we don't, we simply ask the author to post their UDF to the Devex. Does that help? I'd be more than happy to discuss this with anyone. CFLib is approaching its one year anniversary, and one of the things we have planned is a survey to see what people think about the project in general. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda __ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
So far as I know, the Developer's exchange is an open forum. Buyer beware. Whatever someone posts get put up there. In contrast, the cflib.org is checked in an attempt to retain high quality of the functions and content. What they actually check for, I can't say. I believe that it is efficiency. There is some text about this on the cflib site. Things we check for: 1) Does it already exist? You wouldn't believe how many submissions we get for UDFs that mimic BIFs (built in functions) 2) Is every temp variable var scoped. (Cardinal sin #1 for UDFs is forgetting a var.) 3) Does it make sense? This is very arbitrary. We have a UDF that does Weight Watcher Points. Will anyone use it? Probably not. Ditto for the Dog Years to Human Years UDF. At the same time, though, if a UDF is _extremely_ particular, we might reject it. 4) Is it good code? Again, very arbitrary. I like to think I know a thing or two about good code. So does Rob. So, for example, we would change code like this: structval = evaluate(structname. key) to structval = structname[key] We will also rewrite code that uses loops where it's not necessary. Etc, etc. We always ping the author when we modify their code so that they know what we did and why we did it. Again, we aren't perfect, but we do try our best. ;) === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
I hope nobody takes offense at this question it is, however, a reasonable question from the bigger perspective of running a company... Does anyone at MM ever check the custom tags posted to the gallery or at MindTool check the UDFs posted to CFLIB for security flaws, hack code, etc? Again, to everyone on the list in general, I've never once had any contact with anyone in the CF community where there was a problem of this nature - it's just that the potential risks are huge for anyone downloading a server level tag to speed up site-deployment. My company has made use of several over the years and we don't always have the technical ability in-house to analyze them before deployment... While Ray does look over the UDFs that get posted on cflib.org, as he mentioned, in the end, you're responsible for any code that you run on your server. If it's commercial code, the fact that you're paying for it meets your due diligence test and gives you someone else to blame for security problems, but beyond that there are no guarantees, really. Fortunately, it's really impractical to put hack code in a CFML custom tag or UDF, since they don't run as separate programs that could be invoked by an outside user, and the code is pretty easy to look over, generally. However, I'd guess that there are all kinds of security flaws, in the sense that any unvalidated input might cause harm somewhere in your program, and generally, many CF programmers just aren't that particular about input validation. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Thanks to all the replies regarding Custom Tag and UDF checking... it was something that I'd been curious about and won't necessarily modify my behavior in the future with it, though obviously on client-mission critical sensative sites it only makes sense to check for these things. And Raymond, as far as CFLIB goes, I love the site, I am so utterly grateful for the service, and it's a real reflection of the CF community at large - a really classy developer community! __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
4) Is it good code? Again, very arbitrary. I like to think I know a thing or two about good code. So does Rob. So, for example, we would change code like this: structval = evaluate(structname. key) to structval = structname[key] You know, I didn't even have time to place a bet about whether you'd bring up inappropriate use of Evaluate. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Heh, I wonder if I should do a Ray's Rant presentation at DevCon this year. ;) === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda -Original Message- From: Dave Watts [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 12:07 PM To: CF-Talk Subject: RE: CFLIB question 4) Is it good code? Again, very arbitrary. I like to think I know a thing or two about good code. So does Rob. So, for example, we would change code like this: structval = evaluate(structname. key) to structval = structname[key] You know, I didn't even have time to place a bet about whether you'd bring up inappropriate use of Evaluate. Dave Watts, CTO, Fig Leaf Software __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Or whether I_will_Type_CF_Lock... :-) __ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Oops. As always - listen to what I mean - not what I say... ;) === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda -Original Message- From: Neil Clark - =TMM= [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 12:08 PM To: CF-Talk Subject: RE: CFLIB question Or whether I_will_Type_CF_Lock... :-) __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: CFLIB question
Or whether I_will_Type_CF_Lock... :-) I bet Ray's got Repeat after me... If I type session - I type lock. If I type application - I type lock. If I type server - I type lock. and structval = evaluate(structname. key) to structval = structname[key] permanently available via copy/paste... ;oD __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Gotta love snippets! :) -Original Message- From: Stephen Moretti [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 11:40 AM To: CF-Talk Subject: Re: CFLIB question Or whether I_will_Type_CF_Lock... :-) I bet Ray's got Repeat after me... If I type session - I type lock. If I type application - I type lock. If I type server - I type lock. and structval = evaluate(structname. key) to structval = structname[key] permanently available via copy/paste... ;oD __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
If you are talking about cflib.org, Ray cambden is the UDF police g. He will let you know if you are not up to snuff. Mark -Original Message- From: Critz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:13 AM To: CF-Talk Subject: Re: CFLIB question oi Rafael!! i would assume so. when i submitted a udf i was sent a msg shortly after about how I could optimise the code I submitted and if it was alright to adjust my current code to that -- Critz Certified Adv. ColdFusion Developer Crit[s2k] - CF_ChannelOP Network=Efnet Channel=ColdFusion Tuesday, April 23, 2002, 10:58:37 AM, you wrote: RAB I hope nobody takes offense at this question it is, however, a reasonable RAB question from the bigger perspective of running a company... RAB Does anyone at MM ever check the custom tags posted to the gallery or at RAB MindTool check the UDFs posted to CFLIB for security flaws, hack code, etc? RAB Again, to everyone on the list in general, I've never once had any contact RAB with anyone in the CF community where there was a problem of this nature - RAB it's just that the potential risks are huge for anyone downloading a server RAB level tag to speed up site-deployment. My company has made use of several RAB over the years and we don't always have the technical ability in-house to RAB analyze them before deployment... RAB At 10:53 AM 04/23/2002 -0400, you wrote: a href=javascript:history.back(-2) Where -2 means you move back two pages. Cheers, Brendan At 03:30 PM 4/23/2002 +0100, you wrote: Greetings, I know not purely CF, but Does anyone know how, or a substitute to get the history.back() function to move back to pages, (instead of in increments) jumping back to a page, 2 or more positions in the browser history, i.e. visit page one then visit page two then visit page three then click a history.back() button, but instead of going back to page two, jump directly back to page one, the reason is to access a query object again created at that point, that was not recreated in steps form 2 to 3. Hope this makes sense, Repsectfully, J RAB __ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
-ahem- That's Camden to you. ;) As for being the police - I'm just opinionated - it doesn't mean I'm right. ;) I'd like to think that most of the code on cflib (and the code behind it), is 'good' code, and code others can learn from. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda -Original Message- From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 1:41 PM To: CF-Talk Subject: RE: CFLIB question If you are talking about cflib.org, Ray cambden is the UDF police g. He will let you know if you are not up to snuff. Mark -Original Message- From: Critz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:13 AM To: CF-Talk Subject: Re: CFLIB question oi Rafael!! i would assume so. when i submitted a udf i was sent a msg shortly after about how I could optimise the code I submitted and if it was alright to adjust my current code to that __ Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Raymond, I'm happy to say that I've learned a good amount from tapping the CFLIB site - thanks to the quality of the code by the contributors to the site, I've come to learn about CFSCRIIPT and implementing functions much further along than what i'd experienced on my own! of the code on cflib (and the code behind it), is 'good' code, and code others can learn from. __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLIB question
Ray Ray ... it was meant to be a compliment, in spite of my graphdysia uh ldysgraphia. -mk P.S. of course it's good code ;) -Original Message- From: Raymond Camden [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 12:44 PM To: CF-Talk Subject: RE: CFLIB question -ahem- That's Camden to you. ;) As for being the police - I'm just opinionated - it doesn't mean I'm right. ;) I'd like to think that most of the code on cflib (and the code behind it), is 'good' code, and code others can learn from. === Raymond Camden, Principal Spectra Compliance Engineer for Macromedia Email: [EMAIL PROTECTED] Yahoo IM : morpheus My ally is the Force, and a powerful ally it is. - Yoda -Original Message- From: Mark A. Kruger - CFG [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 1:41 PM To: CF-Talk Subject: RE: CFLIB question If you are talking about cflib.org, Ray cambden is the UDF police g. He will let you know if you are not up to snuff. Mark -Original Message- From: Critz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 10:13 AM To: CF-Talk Subject: Re: CFLIB question oi Rafael!! i would assume so. when i submitted a udf i was sent a msg shortly after about how I could optimise the code I submitted and if it was alright to adjust my current code to that __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
