Re: [ACFUG Discuss] Hopefully this list still exists
st software is actually running -Cameron On Wed, Aug 31, 2016 at 5:23 PM, Ajas Mohammed <ajash...@gmail.com <mailto:ajash...@gmail.com>> wrote: Thanks for the email. I for one used to enjoy the challenges in this group with people sending their issues. I hope we can bring it back through this group emails or any other means as long as we are actively getting requests. Thanks, On Wednesday, August 31, 2016, Frank Moorman <stretch...@franksdomain.net <mailto:stretch...@franksdomain.net>> wrote: As the subject line states... hopefully this mail list still exists... I came across something interesting today... (and very stressful before I figured it out...) I migrated code from a CF10 server to a CF11 server. And I had a major bug because of it. It seems like the function of ListAppend changed. The Migration docs mentioned how there were changes to the CFScript way of using list functions... but I did not see any mention of changes to the CFML tag functionality. I had this code inside a loop: ListAppend(UpdateString,arguments.DrawIds[loopix])> But it turns out that where CF10 and before would append UpdateString with the additional value and store nonsense in devnull, CF11 changes the way it works. In the above function in now stores the combination in the devnull variable. ListAppend(UpdateString,arguments.DrawIds[loopix])> The above does work in CF11 also which seems to be how to change it to work on a minimal level. Hope everyone is well if this maillist still gets out, Enjoy all, Frank Moorman -- iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter <http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985>
[ACFUG Discuss] Hopefully this list still exists
As the subject line states... hopefully this mail list still exists... I came across something interesting today... (and very stressful before I figured it out...) I migrated code from a CF10 server to a CF11 server. And I had a major bug because of it. It seems like the function of ListAppend changed. The Migration docs mentioned how there were changes to the CFScript way of using list functions... but I did not see any mention of changes to the CFML tag functionality. I had this code inside a loop: ListAppend(UpdateString,arguments.DrawIds[loopix])> But it turns out that where CF10 and before would append UpdateString with the additional value and store nonsense in devnull, CF11 changes the way it works. In the above function in now stores the combination in the devnull variable. ListAppend(UpdateString,arguments.DrawIds[loopix])> The above does work in CF11 also which seems to be how to change it to work on a minimal level. Hope everyone is well if this maillist still gets out, Enjoy all, Frank Moorman
Re: [ACFUG Discuss] Out of Memory?!?
) at jrunx.scheduler.ThreadPool$DownstreamMetrics.invokeRunnable(ThreadPool.java:320) at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428) at jrunx.scheduler.ThreadPool$UpstreamMetrics.invokeRunnable(ThreadPool.java:266) at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66) On 08/09/2013 02:38 PM, Frank Moorman wrote: Thanks all for the insight... And just as Charlie predicted, the event happened again without tripping the alert. One benefit, even though I was not actively watching what happened, I did have the server monitor running. The event happened when the server was only using 440MB, with 1.2GB free in the jvm allocation. So it definitely is not a memory issue. (It also happened in between GC cycles, so that isn't the issue either.) As for the possibility of the CPU, I won't discount this, but I doubt it would be from CF. We do use CFDocument/CFPDF which I know grab resources, but normally those pages are during the morning, and it actually happened twice last night at a time when I would not expect it. I'll have to gather more information. I'm starting to think that the cause may be outside CF. I'm going to try to look at all the system logs and try to piece together exactly what was happening at the time of the event. Another question though... Fusion Reactor monitors the entire system, not just CF right? (i.e. it can track running system processes, not just what CF is doing) If this is true, this may be the next step if my efforts are fruitless. Thanks, Frank On 08/09/2013 12:55 AM, Charlie Arehart wrote: Like you, I would think this is not memory related. I think that's just a really old error message, from the days when even the then Macromedia engineers could only throw up their hands and guess when something was amiss. I recently saw this error message happening for a client where we found (since they were on IIS) that the jrun_iis6_wildcard.logs (in [ColdFusion9]\runtime\lib\wsconfig\nn\LogFiles) had indications of errors also. I realize you're on Apache, and you say you looked at all the logs, but did you check out those logs in that wsconfig dir and its subdirs? It's just a stab in the dark whether any log messages there (around the same time) will be useful. I would focus on something making the CF instance not responsive. I know you said you raised the simult request threads from 10 to 40, and it seemed fine at 10. But maybe you have new load, or a new problem that makes requests hang. As Ajas said, FR (or as you're using it, the CF Server Monitor) can show you any running requests (the CFSM only show them if you turn on start monitoring). If you can be on when it happens you may be surprised what you find. If all 10 (or now 40) are hung, even if only for a while, that could lead to the error---not that CF's down, but the connector thinks it can't be reached. And as you noted in a later message, turning on the alerts will help (in either CFSM, again where start monitoring must be enabled for them to work, or in FR, or SeeFusion), as that will give you info even when you can't be watching the monitors. Since you're using the CFSM, and you say you configured the alerts, did you confirm that you get the email they send? There's no test feature. What I do is set the memory alert to below the current memory used, which should trigger an alert within a few minutes. But then I turn that alert off. I find it useless, since the JVM (since 1.5) can often let used memory climb to the max before deciding to do a major GC, so you can get those memory alerts when there's no real problem, if indeed a GC at that point would have collected a lot of not really used memory. But I do recommend that slow server alert in the CFSM, or the running requests alert in FR. For almost everyone, if you have many requests running at once, that's a canary in the coal mine indicating that problems may be afoot. The question then is whether the alert shows many slow requests. If it just shows many fast ones, then that is just a sign of a lot of traffic, and if it's being handled fast, you need to increase the number of max simult requests, and the alert level in whatever monitor you're using. And be careful about setting the other values in request tuning so low (web services, flash remoting, and remote cfcs). There's never a harm in them being more than you need. But if they are less than you need, that could be where a bottleneck happens. I know you say you don't serve web services, but I've seen shows have their own cf pages calling their own CFCs as web services. And if that request limit was low, then that becomes a single threading bottleneck. Or maybe you DO have code calling CFCs remotely (via ajax). Or about flash remoting, the monitor (and FR) use those, and your own code may (even if unexpectedly). Again, why constrict them? If you don't use them, there's no harm
Re: [ACFUG Discuss] Out of Memory?!?
Standard, as are many tags, including cfdocument, cfpdf, and more. That could cause a low traffic site to still have hung requests. Let us know if any of that helps, or not. But yes, if it remains and you don't solve it, I am available for consulting, and with my satisfaction guarantee, you don't have to pay for time you don't feel is valuable. /charlie *From:*ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Frank Moorman *Sent:* Thursday, August 08, 2013 7:42 PM *To:* discussion@acfug.org *Subject:* [ACFUG Discuss] Out of Memory?!? All, I'm trying to figure out and determine a Jrun Out of Memory error. I get the following in my logs: [Thu Aug 08 14:40:14 2013] [notice] jrApache[2937: 31182] returning error page for JRun too busy or out of memory [Thu Aug 08 15:50:09 2013] [notice] jrApache[1787: 63699] returning error page for JRun too busy or out of memory It doesn't happen often, (maybe once or occasionally twice a business day) but as everyone understands, users aren't happy when it happens to them. This is a linux box, 64bit Centos 6, CF9 Enterprise, 64bit jvm version 1.7. (The jvm was installed separately from CF for security and coldfusion uses it.) I doubt it is actually an out of memory condition (though I could be wrong) The server has 6GB of physical memory and another 6GB of swap. It rarely needs to use swap. (i.e. I have not observed it.) The jvm is given significant memory to use as well. It is using a 64bit jvm with the settings of 1GB min JVM heap, as well as a 3GB max. When I look through the server monitor, it is normal to see 1 to 1.5GB allocated and between 100-750MB used. (I see a normal sawtooth pattern with the memory usage, so it looks like what I would expect from the garbage collection routing. It does spike occasionally but I have never seen it close to the 3GB max. (I've never even seen it hit 2GB used.) The server is set for 40 template requests (I recently upped it from 10 to see if that was the problem and it still occurred with the same frequency.) Flash remoting is set to 2, webservice 1, CFC 1. (These remote settings are only set for the monitor, as the server does not provide any webservices outside the running application) Jrun is set to 50 requests, and 1000 queued. (Enough to cover the CF requests.) I looked at Charlie's blog... I have checked the logs, and other than the apache error log (above) I do not see anything. I've check the system /var/log/messages, I've checked all the CF logs (I also archived everything yesterday, and the cf logs are practically empty even after today's occurrence.) I did not find any jvm abort logs that Charlie mentioned in his blog. (I checked in the CF directory mentioned as well as the system logs and the actual JVM directory) I also checked the Jrun log (in /opt/jrun4/logs/cfusion-event.log ) and was surprised because the only entries were months ago. (Because of the age of the log, I'm curious if I am looking at the right place for it.) Does anyone have any ideas on what might be happening? or something else that I should check? I have searched the web and found different ideas (even the rare add more memory) Another mentions the requests being overloaded, but I honestly do not believe that the 10 simultaneous template requests was low for the traffic for this site. After quadrupling it, with the problem still occurring, it is even less likely. I've seen some mentioning client variable storage, but the server is set to use cookies for that, not a database. While I do not use client storage, I know there are items like the last time visited etc, so I may just turn it off completely. Another one I found interested mentions a bug with MySql drivers with the Maintain Connections setting and suggested to uncheck this box. I search for this and found the bug mentioned, one site even speculated it was still a problem with CF9, but I could not find any details. Does anyone know of this issue, I've seen it mentioned, but a lack of any details other than its bad to have that checked. (The page that mentioned it did say it ate memory.) I'd love more ideas, I know these are not an easy or straight forward error. I may try removing the client storage next, but other ideas are welcome. (i.e. I'm not very convinced that the other things I found on the web will be effective.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info
[ACFUG Discuss] Out of Memory?!?
All, I'm trying to figure out and determine a Jrun Out of Memory error. I get the following in my logs: [Thu Aug 08 14:40:14 2013] [notice] jrApache[2937: 31182] returning error page for JRun too busy or out of memory [Thu Aug 08 15:50:09 2013] [notice] jrApache[1787: 63699] returning error page for JRun too busy or out of memory It doesn't happen often, (maybe once or occasionally twice a business day) but as everyone understands, users aren't happy when it happens to them. This is a linux box, 64bit Centos 6, CF9 Enterprise, 64bit jvm version 1.7. (The jvm was installed separately from CF for security and coldfusion uses it.) I doubt it is actually an out of memory condition (though I could be wrong) The server has 6GB of physical memory and another 6GB of swap. It rarely needs to use swap. (i.e. I have not observed it.) The jvm is given significant memory to use as well. It is using a 64bit jvm with the settings of 1GB min JVM heap, as well as a 3GB max. When I look through the server monitor, it is normal to see 1 to 1.5GB allocated and between 100-750MB used. (I see a normal sawtooth pattern with the memory usage, so it looks like what I would expect from the garbage collection routing. It does spike occasionally but I have never seen it close to the 3GB max. (I've never even seen it hit 2GB used.) The server is set for 40 template requests (I recently upped it from 10 to see if that was the problem and it still occurred with the same frequency.) Flash remoting is set to 2, webservice 1, CFC 1. (These remote settings are only set for the monitor, as the server does not provide any webservices outside the running application) Jrun is set to 50 requests, and 1000 queued. (Enough to cover the CF requests.) I looked at Charlie's blog... I have checked the logs, and other than the apache error log (above) I do not see anything. I've check the system /var/log/messages, I've checked all the CF logs (I also archived everything yesterday, and the cf logs are practically empty even after today's occurrence.) I did not find any jvm abort logs that Charlie mentioned in his blog. (I checked in the CF directory mentioned as well as the system logs and the actual JVM directory) I also checked the Jrun log (in /opt/jrun4/logs/cfusion-event.log ) and was surprised because the only entries were months ago. (Because of the age of the log, I'm curious if I am looking at the right place for it.) Does anyone have any ideas on what might be happening? or something else that I should check? I have searched the web and found different ideas (even the rare add more memory) Another mentions the requests being overloaded, but I honestly do not believe that the 10 simultaneous template requests was low for the traffic for this site. After quadrupling it, with the problem still occurring, it is even less likely. I've seen some mentioning client variable storage, but the server is set to use cookies for that, not a database. While I do not use client storage, I know there are items like the last time visited etc, so I may just turn it off completely. Another one I found interested mentions a bug with MySql drivers with the Maintain Connections setting and suggested to uncheck this box. I search for this and found the bug mentioned, one site even speculated it was still a problem with CF9, but I could not find any details. Does anyone know of this issue, I've seen it mentioned, but a lack of any details other than its bad to have that checked. (The page that mentioned it did say it ate memory.) I'd love more ideas, I know these are not an easy or straight forward error. I may try removing the client storage next, but other ideas are welcome. (i.e. I'm not very convinced that the other things I found on the web will be effective.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Out of Memory?!?
FYI... This is what the user gets on their end: Server Error The server encountered an internal error and was unable to complete your request. Application server is busy. Either there are too many concurrent requests or the server is still starting up. Also, I have not received any CF template errors at the times the 503 errors occur, nor any java.outofmemory errors etc. The server is running and available except for the one or two requests. Looking in the apache access log, There is no pattern to the pages that were requested, (but I know that I need to dig deeper and see what pages were requested right before the errors occur.) Thanks in advance for any help, Frank On 08/08/2013 07:41 PM, Frank Moorman wrote: All, I'm trying to figure out and determine a Jrun Out of Memory error. I get the following in my logs: [Thu Aug 08 14:40:14 2013] [notice] jrApache[2937: 31182] returning error page for JRun too busy or out of memory [Thu Aug 08 15:50:09 2013] [notice] jrApache[1787: 63699] returning error page for JRun too busy or out of memory It doesn't happen often, (maybe once or occasionally twice a business day) but as everyone understands, users aren't happy when it happens to them. This is a linux box, 64bit Centos 6, CF9 Enterprise, 64bit jvm version 1.7. (The jvm was installed separately from CF for security and coldfusion uses it.) I doubt it is actually an out of memory condition (though I could be wrong) The server has 6GB of physical memory and another 6GB of swap. It rarely needs to use swap. (i.e. I have not observed it.) The jvm is given significant memory to use as well. It is using a 64bit jvm with the settings of 1GB min JVM heap, as well as a 3GB max. When I look through the server monitor, it is normal to see 1 to 1.5GB allocated and between 100-750MB used. (I see a normal sawtooth pattern with the memory usage, so it looks like what I would expect from the garbage collection routing. It does spike occasionally but I have never seen it close to the 3GB max. (I've never even seen it hit 2GB used.) The server is set for 40 template requests (I recently upped it from 10 to see if that was the problem and it still occurred with the same frequency.) Flash remoting is set to 2, webservice 1, CFC 1. (These remote settings are only set for the monitor, as the server does not provide any webservices outside the running application) Jrun is set to 50 requests, and 1000 queued. (Enough to cover the CF requests.) I looked at Charlie's blog... I have checked the logs, and other than the apache error log (above) I do not see anything. I've check the system /var/log/messages, I've checked all the CF logs (I also archived everything yesterday, and the cf logs are practically empty even after today's occurrence.) I did not find any jvm abort logs that Charlie mentioned in his blog. (I checked in the CF directory mentioned as well as the system logs and the actual JVM directory) I also checked the Jrun log (in /opt/jrun4/logs/cfusion-event.log ) and was surprised because the only entries were months ago. (Because of the age of the log, I'm curious if I am looking at the right place for it.) Does anyone have any ideas on what might be happening? or something else that I should check? I have searched the web and found different ideas (even the rare add more memory) Another mentions the requests being overloaded, but I honestly do not believe that the 10 simultaneous template requests was low for the traffic for this site. After quadrupling it, with the problem still occurring, it is even less likely. I've seen some mentioning client variable storage, but the server is set to use cookies for that, not a database. While I do not use client storage, I know there are items like the last time visited etc, so I may just turn it off completely. Another one I found interested mentions a bug with MySql drivers with the Maintain Connections setting and suggested to uncheck this box. I search for this and found the bug mentioned, one site even speculated it was still a problem with CF9, but I could not find any details. Does anyone know of this issue, I've seen it mentioned, but a lack of any details other than its bad to have that checked. (The page that mentioned it did say it ate memory.) I'd love more ideas, I know these are not an easy or straight forward error. I may try removing the client storage next, but other ideas are welcome. (i.e. I'm not very convinced that the other things I found on the web will be effective.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com
Re: [ACFUG Discuss] Out of Memory?!?
I'm using the built in server monitor. I do not have fusionreactor. However, that will be one of my top suggestions if I can not figure it out. (The other suggestion would probably be to get the site owner to spring for Charlie's time.) Unfortunately, I have not had my eye on the monitor at the time it happens... But I just configured the alerts section to start taking snapshots and email myself based on jvm memory usage or an unresponsive request. On 08/08/2013 11:55 PM, Ajas Mohammed wrote: My first question will be do you have 1. FusionReactor or are you using CF built in monitoring. See what requests were running or are running when this happens. Ajas Mohammed / iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, Aug 8, 2013 at 8:23 PM, Frank Moorman stretch...@franksdomain.net mailto:stretch...@franksdomain.net wrote: FYI... This is what the user gets on their end: Server Error The server encountered an internal error and was unable to complete your request. Application server is busy. Either there are too many concurrent requests or the server is still starting up. Also, I have not received any CF template errors at the times the 503 errors occur, nor any java.outofmemory errors etc. The server is running and available except for the one or two requests. Looking in the apache access log, There is no pattern to the pages that were requested, (but I know that I need to dig deeper and see what pages were requested right before the errors occur.) Thanks in advance for any help, Frank On 08/08/2013 07:41 PM, Frank Moorman wrote: All, I'm trying to figure out and determine a Jrun Out of Memory error. I get the following in my logs: [Thu Aug 08 14:40:14 2013] [notice] jrApache[2937: 31182] returning error page for JRun too busy or out of memory [Thu Aug 08 15:50:09 2013] [notice] jrApache[1787: 63699] returning error page for JRun too busy or out of memory It doesn't happen often, (maybe once or occasionally twice a business day) but as everyone understands, users aren't happy when it happens to them. This is a linux box, 64bit Centos 6, CF9 Enterprise, 64bit jvm version 1.7. (The jvm was installed separately from CF for security and coldfusion uses it.) I doubt it is actually an out of memory condition (though I could be wrong) The server has 6GB of physical memory and another 6GB of swap. It rarely needs to use swap. (i.e. I have not observed it.) The jvm is given significant memory to use as well. It is using a 64bit jvm with the settings of 1GB min JVM heap, as well as a 3GB max. When I look through the server monitor, it is normal to see 1 to 1.5GB allocated and between 100-750MB used. (I see a normal sawtooth pattern with the memory usage, so it looks like what I would expect from the garbage collection routing. It does spike occasionally but I have never seen it close to the 3GB max. (I've never even seen it hit 2GB used.) The server is set for 40 template requests (I recently upped it from 10 to see if that was the problem and it still occurred with the same frequency.) Flash remoting is set to 2, webservice 1, CFC 1. (These remote settings are only set for the monitor, as the server does not provide any webservices outside the running application) Jrun is set to 50 requests, and 1000 queued. (Enough to cover the CF requests.) I looked at Charlie's blog... I have checked the logs, and other than the apache error log (above) I do not see anything. I've check the system /var/log/messages, I've checked all the CF logs (I also archived everything yesterday, and the cf logs are practically empty even after today's occurrence.) I did not find any jvm abort logs that Charlie mentioned in his blog. (I checked in the CF directory mentioned as well as the system logs and the actual JVM directory) I also checked the Jrun log (in /opt/jrun4/logs/cfusion-event.log ) and was surprised because the only entries were months ago. (Because of the age of the log, I'm curious if I am looking at the right place for it.) Does anyone have any ideas on what might be happening? or something else that I should check? I have searched the web and found different ideas (even the rare add more memory) Another mentions the requests being overloaded, but I honestly do not believe that the 10 simultaneous template requests was low for the traffic
[ACFUG Discuss] Meeting tonight?
Did I miss the email notice? Is there a meeting tonight? topic? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Meeting tonight?
I have a meetup account only for ACFUG... I am never on it except to acknowledge when I am going. I do get emails (I noticed the CFLunch that was cancelled earlier...) but, because I never actually use meetup, I expect a meeting on the first Wednesday, and I did not receive any email about a scheduling delay, I was curious. But thank you John, I'm glad I didn't waste a few gallons of gas... On 06/05/2013 02:46 PM, John Mason wrote: On 6/5/13 2:34 PM, Frank Moorman wrote: Did I miss the email notice? Is there a meeting tonight? topic? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - No, it's next week. You need to be on Meetup.com to get the announcements. John ma...@fusionlink.com - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Reports - layout/design huge resultsets
Ajas, From what I have seen, very few times are people willing to look at 100 records or more. Paging is definitely the way to go. (and I agree the 50-100 records per page is usually the max I would use on a single page.) The syntax to use depends on the database. MySql uses a simple LIMIT statement which allows you to use an offset and max records, Oracle is a bit more archaic needing to use subqueries and filtering out records based on the row number. I have not tried this in SQL Server lately, but the last time I did it was similar to Oracle using subqueries in order to accomplish this. Even though MySQL has easier syntax, Oracle and SQL server both have windowing functions which will allow you to get an overall record count without requiring a second SQL statement. If you can not change the existing SQL/SP returning the entire dataset, I would suggest using CF9+ caching to temporarily hang on the the results and only process the 50/100 needed per page. As for jQuery, the last jQuery paging system I had to use took the entire resultset at once and stored it in javascript. So every time a user landed on the page, the entire query and resultset where returned in the request with all the overhead. (i.e. all 8,000 or 80,000 records were returned and processed into javascript.) The page took a long for the initial load time even though paging was relatively quick afterwards. With large datasets you are ALWAYS better off handling one page of data at a time. If you used jQuery with this dataset, make sure you look for a module that only retrieves 1 page of data at a time. Every situation is different... a few years ago, I had html paging that would request 1 page at a time and clicking on the button would submit form or url variables to get the next page and re-render it. I've also done it with Iframes where buttons on the parent frame cause reloads of data on the iframe, and in Ajax. Whatever you are familiar with can work. I do want to stress again, you really do want the server to handle the paging, not the client. The larger the resultset the more important it is to page. I recently added paging to one area that had 9000 records with about 6 columns of data. Dropping down from 9000 records to 100 per page lead to 95% decrease in server processing and bandwidth time. (This was measured through the dev tools in Chrome, the network tab can will tell you where the time was spent for each resource.) Actual time went from over 6 seconds, to under 1/4 second. It does not sound like much, but these were small records, it did not include any client side time (which of course will vary depending on the system), and when you multiply this out by the number of page views, it does represent a significant amount of server load. With larger records, or 10x the volume, the savings adds up much quicker... (I actually expect to do the same to a different webpage with roughly 5x the number of records in the next week or two.) --Frank On 05/27/2013 11:40 PM, Ajas Mohammed wrote: Hello everyone, Can you share your experience in creating Report Design for HTML reports returning 8000 or more than 8000 records from a DB (query or stored proc). 8000 is just a number I picked. usually our reports return from 10, 100, 1000, 1 or even more records. I came across Datatables (jQuery) but wanted to know if that is good architecture for displaying large resultset returned by DB call with probably 50/100 records per page. Do you use anything(external tools/jQuery etc) like that or just display html tables/divs with pagination? Ajas Mohammed / iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] SQL Server Question
I'll get my rant (and comments) out now... First, if the database is ever used by something other than coldfusion, Stored Procedures(SPs) and Views is your only real choice. Personally, I would implement any type of advanced logic in SP's... SP's are created in a db-specific scripting language that is usually an ideal environment for implementing business logic. On the other hand views can be useful as well however, IMHO, they do not have the flexibility of SP's. I normally use views for two reasons... The first reason is to give someone a limited view of the database. You can redesign a table and eliminate specific fields with the view so that a particular user does not have access to certain fields of a table (e.g. credit cards, or SSN's). This is helpful in web apps as well because restricting areas of your website to a db user with limited rights can enhance the security of the site. The second reason I normally would use views is to reduce the complexity of queries. This happens more frequently with databases that were poorly designed in the first place. As long as the database is normalized, and the joins are simple inner joins on key fields, I see little benefit to using a view. When you start joining tables based on date fields or when the join needs functions like Min(), Max(), or type conversions, I would consider a view. (Yes, I have been subjected to systems with implied type conversions and even string functions required during joins...) As for performance, I would normally expect the SP's to perform better than Views under the logic that the more information the db engine has before hand, the better execution plan it can come up with... In a SP, all the information is there before it is ever executed and the entire execution plan is precompiled; In a view, your code can always add items to the where clause which can vastly alter the actual execution plan. (Of course, every situation can be wildly different, and then there are special views that will actually create temporary tables and return results of the simpler temp table instead. (I *think* these are Materialized Views in Oracle.) In situations where coldfusion will always be used, personally I prefer using CFQUERY instead of SP's or views. Normally, coldfusion will never be as quick as a SP. Coldfusion can send either an SQL String, or a Prepared SQL to the database for execution. A SQL String is sent when you do not use CFQUERYPARAM, and for security this should only happen when there are no variables in the SQL (i.e. all constants and that is rare.) When using CFQUERYPARAM, a prepared SQL is sent to the db server. What this means is that in place of CFQUERYPARAM, a ? is put in the string and sent to the database, followed by each variable individually along with the data type you specified. Unlike the normal SQL String, with a Prepared SQL, the database will cache the execution plan. While the initial execution takes longer, each subsequent call to the database with the same Prepared SQL will be just as quick as a SP. How long a prepared SQL is cached depends on memory, server load, and db settings; it can be cached as long as microseconds, or even days. (Surprisingly, the same place with the horrible joins got Oracle to cache for days.) As far as saying Normally coldfusion will never be as quick, this goes back to a poor MySQL driver I had on one system, for some reason, any SP call would be a minimum of 30 seconds regardless of what kind of call I was making. One other thing to remember, the performance benefit of SPs is due to the execution plan not needing to be compiled on demand. The more complex the query is, the more time it takes for the database to determine. Normally this is just a fraction of the of the overall query performance... (exceptions for complex queries that only return very little data.) The i/o will be the same whether the data is requested through an SP or from CF. One other benefit of SP's is that all the code accessing the database are in the same place. (I noticed that Steve Duys brought up this point while I was writing this book.) This is huge and it promotes the ideals of MVC. If you have a group of professional programmers, you can do the same thing by putting all SQL into a set of CFCs. Do not allow SQL to be embedded on individual pages. This is my personal preference... The programmers have great flexibility with this and are not forced into a different ide just to write some sql. (Of course in a group environment, all it takes is one bad apple to make you rethink this policy.) As for ORM/Hibernate... I am not a fan of this at all. Essentially it allows people that do not know how to design databases the ability to create databases. While this makes it easy overall, I think this ends up as a disaster waiting to happen. As an application grows in complexity or scale, the lack of a structured data design will come back
[ACFUG Discuss] FYI - Security Advisory for ColdFusion - Active zero day exploit
All, In case you have not heard... Adobe mentioned this last night... https://www.adobe.com/support/security/advisories/apsa13-03.html Essentially, the believe the exploit is already out there and is actively infecting systems. However, it can be prevented through access controls on the CFIDE admin directories. AFFECTED SOFTWARE VERSIONS ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX MITIGATIONS Adobe recommends ColdFusion customers take the following steps to mitigate this vulnerability: * Restrict public access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/gettingstarted directories by following the hardening guidance in theColdFusion 9 Lockdown Guide http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdfandColdFusion 10 Lockdown Guide http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdf * Refer to theColdFusion 9 Lockdown Guide http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/91025512-cf9-lockdownguide-wp-ue.pdfandColdFusion 10 Lockdown Guide http://wwwimages.adobe.com/www.adobe.com/content/dam/Adobe/en/products/coldfusion-enterprise/pdf/CF10%20Lockdown%20Guide.pdffor security best practices and further information on these hardening techniques. This is the first I have heard of the CFIDE/gettingstarted directory, so I am assuming that is only on CF10. Another directory that should be protected but it not mentioned on this exploit(but has been mentioned on others) is the CFIDE/componentutils directory. If needed/desired, I can share some simple .htaccess samples for people that need to protect CF on an apache server... - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] ACFUG meeting tomorrow night (May 1): Solr with James Mccullough
Unfortunately, I wanted to be there, but could not make it to the meeting... Is there a video of the presentation somewhere on the net? (either from last week, or a prior iteration...) On 05/07/2013 08:53 PM, Charlie Arehart wrote: Hey James, thanks for the really great presentation last week. In fact, I had sent a follow-up email to you the next day via the meetup.com site, but I wonder if perhaps you did not get it, or if somehow I did not get your reply. Hope you'll forgive me reaching out here on the list, but can you drop me a note with your address and I'll try to email you directly (rather than through meetup.com)? My address is char...@carehart.org. Thanks. /charlie *From:*ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Charlie Arehart *Sent:* Tuesday, April 30, 2013 2:42 PM *To:* discussion@acfug.org *Subject:* [ACFUG Discuss] ACFUG meeting tomorrow night (May 1): Solr with James Mccullough Just a heads up. We do have an ACFUG meeting tomorrow night (May 1): Solr with James Mccullough For more info, and to RSVP, see: http://www.meetup.com/AtlantaCFUG/events/113809862/ /charlie PS Normally meetings are announced only on the announcement list, which you can sign up for at the old site: http://old.acfug.org/index.cfm?fa=mailinglists.default. Since some may be more recent members who didn't know that, and maybe aren't on that list, and also since we've had relatively light attendance at meetings this past year, I wanted to take a moment and share the news on this one, as it almost slipped under my own radar. :-) - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Choosing a person with adequate CF skills
I agree with Dawn, but I was totally blown away with Jason's response. His answer is definitely the best I have seen on this topic, and we all know this topic comes up regularly. But other than kudos, I would like to add my two cents. First, most of the web based testing and skills evaluation is useless. Similar to one of Jason's issues, web base testing determines if a developer know arcane knowledge that is rarely used. For some reason almost every web test I have taken has had a question on CFPOP. CFPOP is used for reading email, in all honesty how many times is someone going to use this, and even if they did have the need, a reference book (or the internet) is usually close by. Second... There is one problem to having someone write actual code for you... Many developers are not willing to code for free and the more elaborate it is, the less likely they would be willing. The best evaluation I have ever taken was fairly simple. It was a page and a half of code. (medium font size with room to comment.) I was asked to find the deliberate errors in the code and to make comments about what I would do to improve the code. Someone that is familiar with the language should be able find errors in a page of code easily. Don't tell them how many mistakes exist and see what they come up with. My test included a function within a component without proper var scoping. It had an SQL statement without cfqueryparam (also SELECT * which is something that professionals try to avoid.) It had other things like an equal sign in a CFIF. It also lacked proper scoping on some variables. Not all of these would cause a complete failure, but it will allow you to determine the people that know what they are doing from the people that read a book once. Also, remember, a good person may overlook one or two things, most of us use editors with full syntax highlighting and may miss an error because we our out of the normal environment. (When I took it, I actually found an error that they did not realize existed.) With the coding errors, pay attention to how the would improve the code, someone with bright ideas will not only learn from your existing team, but may teach them a few new tricks as well. Above all, the best developers are not a dictionary, they are someone that is always willing to learn. Third, have another developer talk to them... Like Jason's response this will tell if they have the right personality for your team, and another developer will usually be able to tell the difference between someone that understands coding, and someone that speaks bs. On 03/12/2013 02:34 PM, Kevin Bachman wrote: This may be the most accurate and real-world description of candidate selection I have ever read. I agree whole-heartedly. [Printing and filing away for future reference.] Thanks for this! *From:*ad...@acfug.org [mailto:ad...@acfug.org] *On Behalf Of *Jason Vanhoy *Sent:* Tuesday, March 12, 2013 2:12 PM *To:* discussion@acfug.org *Subject:* Re: [ACFUG Discuss] Choosing a person with adequate CF skills My first question would be are you hiring for an entry level, mid-level, or senior position? If you're hiring a senior position, none of the questions you outline is going to be worth a hill of beans for choosing the right candidate in my opinion. I come at this problem from the point of view of having been on many hundreds of interviews, having interviewed people a significant number of times as well, and making hiring decisions based on those interviews a number of times both successfully and unsuccessfully. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CF10 Migration Questions
Charlie, I'm currently on CF9 everywhere (and Railo 4 on one host)... I do not have current plans to migrate to CF10 but I am curious to learn more... (and some of these may be more appropriate for the meeting next week, so feel free to punt until then) You mention that CF10 Rebuilds the folders... If I drop a .htaccess file into the CFIDE directory, will it be copied as well into each virtual host? (.htaccess can be used for permissions on Apache.) During an upgrade/rebuild will CF do anything that may delete this file? That would be bad due because it would require the file to be replaced after each upgrade. (Also remember, that because the filename starts with a period, it will be treated as a hidden file.) About the need for /CFIDE/scripts/ - Exactly what tags need this? I thought that only coldfusion specific form tags (e.g. CFFORM, CFSELECT, CFINPUT, etc) and coldfusion AJAX tags where the only things that needed use of this directory. Is that still correct? (Personally, on unix/linux systems, I prefer changing the directory name in CFAdministrator, and then adding a link to the original folder within the virtual hosts.) Last... During the nasty problems over the holidays, you mentioned that even without the CFIDE directory being available on a website, CFAdministrator could still be accessed by typing the full name ( {domain}/CFIDE/administrator/index.cfm ) Is this still true with CF10? On 03/06/2013 11:19 AM, Charlie Arehart wrote: Sure, Cameron, that's a good question, and there's more detail than I shared there. The issue of whether one NEEDS to rebuild the web server connectors on each CF10 update is a subtle one. I hope some of you (interested in CF10 updating) will follow along here and share your thoughts, as I think it's an important point that is not well-understood by most, I sense. As you may know, some of the CF10 updates DO require a rebuild of the connectors, while others do not. (Even more subtle is that for some of the updates it would suffice if one only used the --upgrade argument from the command-line wsconfig tool, which is faster, while other of the updates do require a full remove/re-add of the connector(s), whether using the command-line or GUI wsconfig tool.) To your point, Cameron, I don't think the latest couple have required any tweak of the web server config, but some earlier ones did. And my point below was focused on that: for someone who is migrating to 10 (Bettina's topic), who therefore doesn't have CF10 installed at all, they need to know that if they install it, they then have to do the mandatory update first, and then apply the latest update (8, for now, as they are said to be cumulative). It's because those earlier ones would be included in that, that one would need to do the rebuild of the web server connectors as a last step. Make sense now? In fact, some may notice that the hotfix notices have recently just said on each of update that one should redo the connectors. That's kind of a punt, since as you note, it's not really required for each update. My sense is that they only have space for (or only want to write) a few sentences there, so they are not explaining all these details (that it's technically only needed depending on whether you're including one of the earlier updates that DID require it). For those really interested, I'll add that I think there are pros and cons to this blanket assertion they now make in each update to rebuild the connectors. On the one hand, an argument could be made that it's better that they DO say to rebuild it with each, because otherwise someone who DID do a later one which included those earlier ones (that did require a rebuild), but who DID NOT do that rebuild, might then have problems caused simply by that failure to rebuild. (I've seen it happen a LOT! And often people are moaning about CF10 sucking when it's this very issue. Or they thought did the rebuild, but it didn't really happen for some reason.) On the other hand, there's a potential negative implication to just having everyone do the rebuild on each CF10 update. As you may already have in mind, Cam, it takes time. More specifically, though, the rebuild causes CF to remove and then add back the CFIDE virtual directory (which CF10 now always adds) in the site(s) that were connected to CF with that connector. What's so wrong with that, some may ask? Well, two things. First, if someone had applied the recently popularized security tweaks to secure (in the web server) the subdirectories of that CFIDE folder (like adminapi, administrator, and componentutils), such as adding IP and domain restrictions or requiring additional web server authentication, those tweaks are lost on the rebuild (since the tweaks are at the folder level, and lost when the CFIDE virtual directory is removed and added back by CF). (Fortunately, for those on IIS 7+, using the request filtering
[ACFUG Discuss] Dreamweaver/SVN
All, Sorry this is not a CF specific question, but I am assuming that someone on the list may have an answer. I have an existing SVN setup with a very large project. (roughly 1GB with over 10,000 files in trunk.) Personally, I am not having a problem with it other then the initial checkout which can take a long time. My coworkers are using Dreamweaver/Mac with the same svn repo. However, they are unable to find any type of branching/merging/switch commands in Dreamweaver. * Do these branching commands exist through the Dreamweaver interface? * If they use an external utility to switch branches will Dreamweaver recognize it? (I ask because Dreamweaver requires you to specify the directory on their config screen.) * Last, currently dreamweaver is reporting svn version 1.6.9. Is there an easy way to up it to 1.7? (it is the dreamweaver from CS6) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Dreamweaver/SVN
Ajas, Cameron, Thanks. I did mention earlier that they are using DW-CS6. Your superuser link helped a lot... While it did not definitively answer the question, it did imply that CS5 does not support branching by dreamweaver. Even if you do use an external tool to switch branches, you will need to manual change the DW configuration to the new url. (Sounds really ugly to me... I would hate to see what happens if you switch branches, then commit while in DW.) As for the server, the server is already on version 1.7.8. However, SVN has good support by allowing the client and server to differ by a point release. (e.g. a 1.6 client can work with servers 1.5 through 1.7 and a 1.7 server can work with clients between 1.6 and 1.8 whenever a 1.8 is released.) The big issue isn't support, but 1.6 has a bug when doing binary compares. A 1.6 client can take over an hour using max cpu to do a switch on 5MB+ binary file because of this issue, while a 1.7 client will finish the same compare in seconds. I'll just have to get them to use SublimeText, or possibly disable SVN in dreamweaver and use Cornerstone or a different Mac SVN GUI. On 02/26/2013 03:40 PM, Ajas Mohammed wrote: I will try to answer with my limited knowledge of DW usage of SVN. First of all, what version of DW you your colleagues are using, CS6? The latest versions have some built in functionality for version control but in earlier versions, you would have to buy external plugin for SVN stuff. Do these branching commands exist through the Dreamweaver interface? Perhaps in latest versions, I dont know. http://superuser.com/questions/227721/does-dreamweaver-subversion-support-branching If they use an external utility to switch branches will Dreamweaver recognize it? (I ask because Dreamweaver requires you to specify the directory on their config screen.) I found these 2 links http://www.adobe.com/devnet/dreamweaver/articles/using_subversion_pt2.html and http://superuser.com/questions/227721/does-dreamweaver-subversion-support-branching Last, currently dreamweaver is reporting svn version 1.6.9. Is there an easy way to up it to 1.7? (it is the dreamweaver from CS6) I think you would have to upgrade your repository to latest version first, so in your case you would upgrade the subversion repository to 1.7 and then worry about the client. Ajas Mohammed / iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Tue, Feb 26, 2013 at 3:09 PM, Frank Moorman stretch...@franksdomain.net mailto:stretch...@franksdomain.net wrote: All, Sorry this is not a CF specific question, but I am assuming that someone on the list may have an answer. I have an existing SVN setup with a very large project. (roughly 1GB with over 10,000 files in trunk.) Personally, I am not having a problem with it other then the initial checkout which can take a long time. My coworkers are using Dreamweaver/Mac with the same svn repo. However, they are unable to find any type of branching/merging/switch commands in Dreamweaver. * Do these branching commands exist through the Dreamweaver interface? * If they use an external utility to switch branches will Dreamweaver recognize it? (I ask because Dreamweaver requires you to specify the directory on their config screen.) * Last, currently dreamweaver is reporting svn version 1.6.9. Is there an easy way to up it to 1.7? (it is the dreamweaver from CS6) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Meeting?!?
All, Is there a meeting on Wednesday? I have not seen anything, I even logged into meetup to check, yet no mention of Feb's Meeting. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Meeting?!?
The date on MeetUp is february 14, but that's just a placeholder What?!? Are you sure, after all many geeks do not have plans on valentines' day... On 02/04/2013 02:28 PM, Matt Fuller wrote: Hey Frank, We're trying to schedule a Whirlyball social for the month of February. The date on MeetUp is february 14, but that's just a placeholder until we have the actual date nailed down. :-) Hope to have some updated info soon. Thanks! Matt Fuller .. *m...@coldfusioncocoa.com mailto:m...@coldfusioncocoa.com*/email/ //*@coldfusioncocoa* /twitter/// //*www.linkedin.com/in/ColdFusionCocoa http://www.linkedin.com/in/ColdFusionCocoa* /linkedin/// //*www.meetup.com/AtlantaCFUG http://www.meetup.com/AtlantaCFUG* /Atlanta ColdFusion User Group (ACFUG)/// On Feb 4, 2013, at 2:17 PM, Frank Moorman wrote: All, Is there a meeting on Wednesday? I have not seen anything, I even logged into meetup to check, yet no mention of Feb's Meeting. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] HostMySite observations?
While I do know one person who is happy with Hosting.com (previously HostMyCF ). I think he is only happy because he doesn't ever need their pathetic customer support. I personally have one client on hosting.com (VPS) and I find that the support is horrible. Their mail servers have been hacked multiple times over the 6 months leading to the servers being blacklisted and having my client's email rejected as spam. There customer service is horrible, and they went to an automated ticket process that will only let you get support through said system. (i.e. they dropped phone and email support, you need to use their poorly implemented website.) They promised to support CF and we were paying them to install all OS service packs and CF hotfixes. My client was forced (by his clients) to start running regular vulnerability scans. When that happen in October, we subscribed to HackMyCF.com. When the first scans came out, we found out that only one CF Hotfix was ever installed, and I spent an entire weekend bringing the server up to date myself. So hosting.com never delivered on what was promised... For good support Try Fusionlink (with personal ties to ACFUG) or for really cheap hosting try Viviotech. --Frank On 02/01/2013 11:44 AM, Tom McNeer wrote: As far as trend goes, I completely agree with Dusty. I have had two clients who had either a dedicated server or VPS at Hosting.com (as they're now called). Both used a shared database server to save money. Over the last two years, the service and support has become horrendous. Both of the above accounts qualified for Entourage support - which used to mean that you'd get someone who would help with your problem, regardless of what it was. As the shared database server performance began to decline precipitously (I saw drops of several thousand percent in response time, which is ridiculous in my book, even on a shared service), I attempted to find out what was up. The Entourage support team now cannot even see the shared servers. All they could do was switch me to their shared support, who (in essence) told me, It's a shared database server. That's what you get. I've moved both clients, of course. In one case, we asked out of a contract several months back because of the declining service. We were told we could leave if we paid about 90% of the remaining contract cost. -- Thanks, Tom Tom McNeer MediumCool http://www.mediumcool.com 1735 Johnson Road NE Atlanta, GA 30306 404.589.0560 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Strange cfdocument issue. Wondered if anyone might be able to offer advice.
Dusty, Sorry I would have been better off asking for some code first... There are at least two ways to use cfdocument... One is to create a pdf and save it as a file on your website. You then link to this file in order for a user to access it. Another way is to replace the content of the current page with a dynamic pdf. In this case you go to a (*.cfm) page, and instead of html code, there is a cfdocument tag which replaces the all the content with a pdf. (I was assuming you were doing this when you mentioned safari opening it as a cfm file.) If you want to store the data as a separate file (which is you then link to , this is how I do it...) This will create pdf content only for the current user and not store the pdf on the server. (It *may* create a temp file, but I really am not sure) The following is essentially the entire cfm page... In this case, you go to the cfm page, Coldfusion creates the content, notifies the browser that it is content type pdf and gives it a filename ending in pdf. cfcontent type=application/pdf reset=true cfheader name=Content-Disposition value=attachment; filename=1099report.pdf cfinvoke component=#Request.CFCLocation#.report method=Inspector1099Report returnvariable=ReportHTML cfinvokeargument name=StartDate value=#form.StartDate# cfinvokeargument name=EndDate value=#form.EndDate# cfinvokeargument name=MinEarnings value=#form.Earned# cfinvokeargument name=SortCol value=#form.SortColumn# /cfinvoke cfdocument format=PDF pagetype=letter margintop=1.5 marginbottom=1.1 marginright=.35 marginleft=.35 orientation=landscape unit=in backgroundvisible=yes overwrite=no fontembed=no permissions=AllowPrinting,AllowCopy,AllowScreenReaders cfdocumentitem type=header cfoutput#HeaderContent#/cfoutput /cfdocumentitem cfoutput#ReportHTML#/cfoutput /cfdocument As for the second way, I use this example... (The footer document item is not required, but it was in my code so I figured I would include it.) In this case #PDFFileName# is a full system path. (e.g. C:\asdsa\asda\name.pdf in windows; /var/www/html/somedir/filename.pdf in Unix.) On a different page, I would then link or redirect the user to the new file. (I suppose it can be done at the end of the same page assuming that processing is completed before the user starts downloading the content. cfdocument filename=#PdfFileName# format=PDF localUrl=yes orientation=portrait margintop=0.25 marginbottom=0.6 overwrite=yes fontembed=no cfdocumentitem type=footer stylecfinclude template=../style/InspectionForm.css/style p class=legalezeSome Footer Text/p /cfdocumentitem cfoutput#HTMLOutput#/cfoutput /cfdocument Essentially, if I am creating a one time dynamic pdf then I use the first method. (There is nothing to clean up later.) The second way is useful for creating files which can then be emailed as attachments or accessed by multiple people. (monthly reports, etc...) Just remember that you will need to delete these files when they are no longer needed. I hope this helps, if not feel free to ask other questions and I will attempt to help as best as I can... --Frank On 01/29/2013 02:19 PM, Dusty Hale wrote: Thanks Frank. I tried that but got some unexpected results in Safari and other browsers. I'm sure it's me haha. What is happening now is that yes it downloads the PDF (even in Safari) but the PDF now produces an error message that it can't be opened because it's empty. If you have time feel free to let me know what I'm doing wrong here :-) and I greatly greatly appreciate it. You can see where I commented out my old code that works everywhere except Safari and replaced code you suggested. Thanks again. --- Here's my code adjustments: cfset tmpFileName = downloads\xyProfile-#url.donorid#-for-#variables.user_accountid#.pdf cfdocument format=PDF filename=#tmpFileName# overwrite=Yes #myOutput# /cfdocument !--- cfheader name=Content-Disposition value=attachment;filename=#tmpFileName# cfcontent type=application/octet-stream file=#expandPath('.')#\#tmpFileName# deletefile=Yes --- cfcontent type=application/pdf reset=true cfheader name=Content-Disposition value=attachment;filename=#tmpFileName# On Tue, Jan 29, 2013 at 12:48 PM, Frank Moorman stretch...@franksdomain.net mailto:stretch...@franksdomain.net wrote: Dusty, Try this on your page (at the top of page where you would have headers...) cfcontent type=application/pdf reset=true cfheader name=Content-Disposition value=attachment; filename=newfilename#ordynamicfilename#.pdf I think that those two lines solve your issues. --Frank On 01/29/2013 12:54 PM, Dusty Hale wrote: I'm having a strange issue with cfdocument in the Safari browser only. Everywhere else it works just as expected. I've used cfdocument
Re: [ACFUG Discuss] cf9 purchase availability?
/*I know kung fu*/, a famous quote by Neo from Matrix. :-) If only it were that easy A new version of CF appears and we just pop a cd or flash drive into the back of our head. Or even better, new browser version... pop in the drive and instantly know what standards it supports and which it bastardizes (I'm looking at you IE...) --Frank On 01/23/2013 01:54 PM, Ajas Mohammed wrote: Yeap thats correct, and just to clarify, its called subscription license, which is free for one year. You might want to check with FR folks though. And yes, I cant agree more, FusionReactor is awesome. After using FusionReactor, I started saying, I KNOW TROUBLESHOOTING as in /*I know kung fu*/, a famous quote by Neo from Matrix. :-) Ajas Mohammed / iUseDropbox(http://db.tt/63Lvone9) http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Wed, Jan 23, 2013 at 1:42 PM, Cameron Childress camer...@gmail.com mailto:camer...@gmail.com wrote: On Wed, Jan 23, 2013 at 12:47 PM, Ajas Mohammed ajash...@gmail.com mailto:ajash...@gmail.com wrote: 2)http://www.fusion-reactor.com/adobe/ I dont remember now, but I spoke to either David Tattersall or someone from Integral and they had a great offer for me wherein I can get CF 9 CF 10 license so when I upgrade to CF 10, it would work just fine. You can mention my name. If you buy from Integral I believe you get a copy of FusionReactor for free as well (for a year anyway). This deal may be available through other resellers, but FR is totally worth it. -Cameron -- Cameron Childress -- p: 678.637.5072 tel:678.637.5072 im: cameroncf facebook http://www.facebook.com/cameroncf | twitter http://twitter.com/cameronc | google+ https://profiles.google.com/u/0/117829379451708140985 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] New CF Vulnerability - Check your servers
Ajas, The PostParametersLimit is actually due to a different issue. (I was also hit with this one.) A brief note about it is here: http://arstechnica.com/business/2011/12/huge-portions-of-web-vulnerable-to-hashing-denial-of-service-attack/ Essentially, there is a dos attack possible by posting many parameters to a web page. Whenever you post multiple form elements to a webserver (with either POST or GET) It generates a hash in order to refer to them. /If the language does not provide a randomized hash function or the application server does not recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of CPU time using a single HTTP request./ I have read that when properly executed, this attack can cause a single page request to take over 1/2hour on a server without any other traffic. So in order to circumvent the problem, many platforms decided the easy way to stop the problem would be to not process any page that returns more than 100 form (or URL) parameters. Of course anyone that has a legitimate reason to have that many form fields needs to increase the maximum. In addition to Coldfusion, I know apache also has a default limit of 100 on any patched server. --Frank On 01/21/2013 03:42 PM, Ajas Mohammed wrote: Thanks Charlie for the detailed email. Yes, we are on 9.0 and we didnt upgrade to 9.0.1. We used hotfix jar for 9.0 as advised on the adobe page. It makes sense to protect those CFIDE folders you mentioned. One thing we did notice is that after the applying security hotfix, we started to get this error *coldfusion.filter.FormScope$PostParametersLimitExceededException: POST parameters exceeds the maximum limit specified in the server*. Quick google search led http://www.cutterscrossing.com/index.cfm/2012/3/27/ColdFusion-Security-Hotfix-and-Big-Formsme to this post http://www.cutterscrossing.com/index.cfm/2012/3/27/ColdFusion-Security-Hotfix-and-Big-Forms. I ended up adding var name='postParametersLimit'number500.0/number/var to the {ColdFusion-Home}/lib/neo-runtime.xml for Server installation. I am guessing that we might have missed an earlier patch/hotfix in which Adobe introduced this postParametersLimit setting. We were surprised by error message in the beginning but since we had recently appliedthe security fix, we knew it had to do with fix. Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Fri, Jan 18, 2013 at 7:07 PM, Charlie Arehart char...@carehart.org mailto:char...@carehart.org wrote: :-) Thanks. I will note that they did just yesterday kindly add me to the acknowledgements section of the security advisory, a first for me. :-) Various issues caused the delay. Nothing nefarious. I got a call from someone on PSIRT explaining the situation. I was just happy to get the mention. The good news is that I’ve gotten “payment” by a burst of new business from people needing help with this. Of course, I posted the first two entries making no mention of my services. That really wasn’t my motivation. But come, the work has. And some of those have then realized I could help with other things, which has led to still more work, so it’s been all the more beneficial. Of course, it’s a bit like being a roofer after a tornado blows through. You don’t want to say you’re “glad for the work”, as you feel for people who were affected. I have a part 4/post mortem in the works, but sadly too busy to get time to write it up. Perhaps over the weekend. /charlie *From:*ad...@acfug.org mailto:ad...@acfug.org [mailto:ad...@acfug.org mailto:ad...@acfug.org] *On Behalf Of *Steve Ross *Sent:* Friday, January 18, 2013 10:17 AM *To:* ACFUG ColdFusion Discussion *Subject:* Re: [ACFUG Discuss] New CF Vulnerability - Check your servers Adobe should be paying you Charlie... On Wed, Jan 16, 2013 at 9:39 AM, Ajas Mohammed ajash...@gmail.com mailto:ajash...@gmail.com wrote: Thanks Charlie, Cameron for keeping us updated with the latest. Charlie, thanks for those blog entries. Really appreciate all your help. Ajas Mohammed / - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @
Re: [ACFUG Discuss] New CF Vulnerability - Check your servers
All, I received a new HackMyCF report on one of my sites earlier... It had a brand new CRITICAL error that I never saw before... ComponentUtils Exposed to the Public The /CFIDE/componentutils/ directory is open to the public it should be locked down to prevent exploit. I went and immediately locked it down like my existing administrator and and adminapi directories... Is this related to all the compromised servers in the past month? Ok, I did some searching and I found out that yes, this directory is listed by adobe in their latest security bulletin. (and I assume is related to the recent hacks...) However, I think that it is important to share with the group... On 01/03/2013 08:50 AM, Cameron Childress wrote: FYI - worth reading up on this. http://www.carehart.org/blog/client/index.cfm/2013/1/2/serious_security_threat http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook http://www.facebook.com/cameroncf | twitter http://twitter.com/cameronc | google+ https://profiles.google.com/u/0/117829379451708140985 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] AWDG Holiday Party
Are we having any holiday party? I remember at the last meeting that we did not have the funds for ACFUG to pay Whirlyball, but we can go if there is a willingness for the people going to pay... On 12/05/2012 09:25 AM, Cameron Childress wrote: This has been mentioned a few times at meetings (I think), but I wanted to shoot out a reminder for anyone who's interested. The Atlanta Web Design Group is a confab, multi technology, multidiscipline group of webbies, and is quite a hot and popular group that typically meets around the intown Atlanta area. Remember the days of routine ACFUG meetings with 50+ people at them? I do. That's what this group is like at most of their meetings, and they very much focus on the social/networking aspects of their group. It's a good group to attend. Good people and good energy. They are having their annual holiday party on Thursday Dec 20th at Fado in Buckhead. It's $20 to attend (open bar) and they have 100+ RSVPs. http://www.awdg.org/events/88671972/?eventId=88671972 -Cameron -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook http://www.facebook.com/cameroncf | twitter http://twitter.com/cameronc | google+ https://profiles.google.com/u/0/117829379451708140985 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Adobe products... Educational discount?
Thanks, Howard... That was what I was looking for and I forwarded it to my Nephew and my Brother. Josh, no clue... I'll take a peek at your blog when I get a chance... I will let you know of any opportunities, but I am looking myself for freelance positions. Charlie I'll pass your link on later today. That may be the way to go as these are still expensive titles even with the 80% educational discount. (I looked and it appearred that what was needed was $300 for 2 titles. Thats over a year using a subscription model. (not to mention upgrades, and he can get more that way.) On 10/30/2012 10:20 AM, Charlie Arehart wrote: And Frank, note more specifically in the reference Howard offered that students/teachers can get a Creative Cloud membership (with those tools you seek and more) at just $20/month. More at http://store1.adobe.com/cfusion/store/html/index.cfm?event=displayProductca tegoryOID=7335802store=OLS-EDU. /charlie -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Monday, October 29, 2012 11:49 PM To: discussion@acfug.org Subject: [ACFUG Discuss] Adobe products... Educational discount? Sorry this really isn't directly related to CF All, does Adobe have have any educational discounts... for high school students? My nephew just started at a charter/magnet school for multimedia arts in Jacksonville. He is required to get Adobe After Effects, Premiere Pro, and Photoshop from CS6. (but would prefer to have the Creative Suite Master Collection with Audition and Fireworks.) However, like most families right now, money is somewhat tight (especially after springing for a Mac Book, which even used was a budget breaker,) so I was hoping that some of the Adobe people on the list would know where to get the best pricing/discounts on the software or what programs are available to get him the software at a promotional rate. Obviously, getting a legit copy is important... (so the too good to be true deals from craigslist aren't really an option.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Adobe products... Educational discount?
Sorry this really isn't directly related to CF All, does Adobe have have any educational discounts... for high school students? My nephew just started at a charter/magnet school for multimedia arts in Jacksonville. He is required to get Adobe After Effects, Premiere Pro, and Photoshop from CS6. (but would prefer to have the Creative Suite Master Collection with Audition and Fireworks.) However, like most families right now, money is somewhat tight (especially after springing for a Mac Book, which even used was a budget breaker,) so I was hoping that some of the Adobe people on the list would know where to get the best pricing/discounts on the software or what programs are available to get him the software at a promotional rate. Obviously, getting a legit copy is important... (so the too good to be true deals from craigslist aren't really an option.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] International clients
Has any freelancers/small business people on the list worked with international clients? I have been talking with a potential client that is located in Australia. I will be creating a quote for him later this week. I wanted to know if anyone had any advice before all is set and done. I have checked salaries down under and I have learned that web developers make roughly the same amount of money there. (I was shocked to find that they even make a little more according to one of the websites I visited.) I am assuming with salaries being similar that project pricing would also be similar. I have researched the exchange rate (Roughly (au)$1 = (us)$0.95) and I plan on writing the contract in terms that all amounts are in US Dollars. I figured that I would mention the current rate in AU Dollars, but specifically mention that the AU figure is subject to change as dictated by the currency exchange. I asked my hosting company if they provide servers in Australia. Coincidentally, it turns out the host that I use has its corporate headquarters in Australia. (Though both my current servers are physically located in NJ.) I figured it might be better for response time if the server is in the same country as the client. (I know there are a limited number of transoceanic cables, but I do not know if there is are any throughput problems down under...) My accountant is about to start looking into the tax situation. For the US, we know it would be taxed the same as a domestic client. He will check to see if there is any potential AU tax liability. (If anyone has information one way or the other to share on this it will be most appreciated.) I'm also wondering if a lack of any physical goods changes this, or if the location of the physical server makes a difference. As for communication, we seem to have that covered... with the abnormal hours I keep, it actually works out. (we have used google hangouts for video conferencing and screen sharing.) I know there is the potential for a deadbeat client, but I don't expect a big problem here as long as I am the one in control of the server. As I mentioned any advice on working with international clients is appreciated; especially if you see something that I missed. Thanks in advance... Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] min JVM heap memory
All, I am setting up a brand new webserver with CF9 enterprise, 64bit, CentOS (think free RedHat Advanced server). Unfortunately, the server is not dedicated to CF, it is running MySQL, a mail server, and a few other items. Overall, the new server has 6GB of physical RAM of which I estimate roughly 4GB will be available to CF (I know the databases will be content with roughly 1GB, leaving 1GB for other services). I would like to know a good recommendation for setting the Min JVM heap size. I did a search and there is not a lot out there on the subject. It seems that there are two ideas that are prevalent, one is to set the size to a low value in order to increase the number of times the garbage collection runs, and the other idea is to set the min value equal to the max value which will cause much fewer garbage collections, but it will be a major impact when it does happen. Is Garbage Collection my only concern? The application will be creating and manipulating many pdf files with image attachments, and this is my primary concern for memory. Right now, I am on a 32bit system with a max JVM heap size of 1024MB and I get an out of memory error about once every other week. With the available memory, I plan on setting the max JVM heap size to 3072MB which I hope is plenty while still leaving memory for CF and any poor estimate on other services. However, I still do not know what to set the min JVM heap size to... I've considered setting the min JVM heap to 256MB, to allow for more frequent GC with a smaller impact, or 1024MB, so that I still can get regular JVM GC, yet the system will not be trying to allocate a bunch of memory every time a pdf is created. I pretty much have discarded the though of making the min size equal to 3072MB, because I do not want a huge hit if GC is forced to run, and if I am not using it, I would prefer the other applications have a little breathing room. So, any suggestions, and as I mentioned earlier, should GC be my biggest concern? I understand monitoring the system is important after the new server is running, but I would like to have a good starting point. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] (lack of) ACFUG Meeting on Wednesday???
I remember seeing the email saying that ACFUG was canceled on 8/1 and that it was being replaced by another adobe event. Can someone provide some more information about this please? Especially a location. I admit that I am doubtful that I will attend. However, with more information, I might try harder. (And I am sure other people on this list will want to know.) Regardless, I am still planning on going to the Alpharetta CF Lunch on Friday... Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Have a question about group limits
Charlie, No, I never used the group clause in cfoutput I vaguely remember hearing you talk about it once before, but I never had the need for it since. As for code style, yes this was a quick and dirty solution. Yes, I would have this in a function. If anything I would have the looping extract the necessary information and dump it into appropriate variables, whether that is a single query with all the rows or a simple struct depends on how I was using this information. (I would never just write out the results here, mixing business logic and display logic is rarely good style.) And to justify my lack of an elegant solution, I would just say it is because I was writing code on the fly in email, its not like I was cutting/pasting existing code that I used an IDE and intended to maintain. As for performance, I would agree with Dawn's assessment that this is not a great solution if you have many different "dests". I could see this being horribly slow with more than 10 dests or a very large recordset. Generally, I believe that it is usually best to create a single SQL and have the database do all the work for you returning only relevant results. (Without the need for later filtering and/or concatenation.) In this case, I believe that Oracle or SQL Server's windowing functions can be used to create a single query with the proper resultset. (These are the functions that allow you to use aggregate controls limited within a resultset.) Unfortunately, as much as I like MySQL, I believe that the windowing functions are one of its deficiencies. For MySQL, I would probably write a stored procedure to achieve the same results. As for pulling back all the rows and using the group attribute that Charlie mentioned... If all I wanted was combined results, I would not use the group attribute. I would try to use a single query with all the extra functions as I mentioned above. However, if I was actually utilizing all of the individual details, in which I needed every row, followed by a summary, in that case I would consider using the group function. This goes back to having the database do all the work for you -- if you already have all the information you need, there is no reason to ask the database for more. On a slightly different topic, don't always assume that a stored procedure is always the fastest. Generally that is the way most of us are taught, but it isn't always correct. On one of my applications we look for inspectors across the country based on location. The inspectors work in multiple locations so there is a child table for zip code lookups. We take the zip code of the work and find out who is closest with a secondary sort on a preferred indicator and a tertiary sort on the inspectors' cost. The system only needs to return the top 25 inspectors and of course there is another table to convert zip codes to longitude/latitude coordinates. The results are also filter on things in the parent table including the type of inspection and active/inactive status among other things. I created a stored procedure to take in the location, number of inspectors, and inspection type to return results. The output resultset was inspectors name, cost, distance, full address, and phone number. It worked, and on a good day it would take about 20-25 seconds to execute while running with roughly 4000 inspectors that had an average of roughly 10 zipcodes each. On a bad day it would take triple that time or more. (A nod here to Charlie who has mentioned in a past meeting that coldfusion doesn't like breaking the SQL connection when timing out in the middle of the call.) I rewrote the SQL to return the entire result set without using a stored procedure and now it normally takes about a half a second. I thought for sure that using a stored proc here would win the performance debate hands down, especially since it returns only the 25 relevant rows, not 4000. And when you figure the higher cost of the geometric calculations on all the results I was shocked. To this day I am not positive why, but my best guess is blaming the SQL Connector as a poor driver. (The SP was used by CF7 on windows, I forget which version of MySQL Connector/J) Also, the database and webserver are on the same machine so the 4000 record resultset does not have a network delay. As I said I am still puzzled by this, I have not tested the SP since moving to CF9. But don't always assume you know how something will perform until you try it. (Even though I still make a lot of performance assumptions.) --Frank On 07/24/2012 04:33 PM, Charlie Arehart wrote: Michael, I
Re: [ACFUG Discuss] Have a question about group limits
Michael, I am not sure, but I think this is what you are looking for... I do not believe that MySQL supports the LIMIT clause in a subquery, so I believe the following is easiest without creating a stored procedure or a unreadable monstrosity of SQL... cfquery name="groups" datasource="xxx" SELECT DISTINCT dest FROM tableB WHERE top10 = "1"; /cfquery cfloop query="groups" cfquery name="top10" datasource="xxx" SELECT dest, property, url_e, price, description FROM tableB WHERE top10 = "1" AND dest = cfqueryparam value="#groups.dest#" LIMIT 10 /cfquery !--- Either print here, or combine in one large query, using QueryNew() outside the loop and QueryAddRow() for each result --- /cfloop You definitely want to use the CFQUERYPARAM in the second query. Even though the dest field is coming straight from the database and probably does not need validation, it turns the SQL into a prepared SQL for the database so that MySQL will cache the execution plan and save a little time when it is executed multiple times. Let me know if that is what you wanted... Frank On 07/23/2012 05:28 PM, Michael Brown wrote: Thanks Larry, Sorry for not being clear. I want to limit the number records displayed "per" group. In the database there are thousands of records, but I just want to display 10 records per group. When I run the query, it only displays 10 records for only 1 group in the "dest" field. Hope that's a little clearer. THANKS On Mon, Jul 23, 2012 at 5:14 PM, Larry Morrow la...@a-plus.net wrote: Hi Michael, I may be the first and the least capable of helping, but I did not quite understand what you are trying to accomplish. Your query as is will list the results so that the records will be sorted by the group. When you say limit, can you provide a description of a results you are looking to achieve. Hopefully, I was clear in my question. Larry J. Morrow COO CTO A-PLUS Community Solutions, Inc. Office: 678.534.8326 ext 100 Fax: 801.843.5832 Cell: 678.416.8032 www.a-plus.net Please Note: The information in this email contains privileged, confidential, and proprietary information and is otherwise protected from disclosure. If you have received this email in error, please notify A-PLUS Community Solutions, Inc. immediately by replying to this message and deleting it from your computer. Anyone other than the intended is prohibited from reading, copying, or distributing this transmission. From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Michael Brown Sent: Monday, July 23, 2012 5:05 PM To: discussion@acfug.org Subject: [ACFUG Discuss] Have a question about group limits Hello fellow group members, I can't seem to get my output to limit the number of records displayed per group in the database. I using mysql with cf9. This is my query that I'm attempting to get data from. The group field is "dest". cfquery name="GetData" datasource="xxx_mysql" select dest, property, url_e, price, description from tableB where top10 = "1" order by dest /cfquery Thanks! -- Michael Brown 770-605-5240 Marketing Solutions with vision! http://www.singleconcepts.com __ Information
[ACFUG Discuss] LinkedIn hacked...
All, I know that this is not really a forum for linkedin, but I know many people with ACFUG use it. It has been hacked and its password table has been compromised. Story here: http://arstechnica.com/security/2012/06/10-or-so-of-the-worst-passwords-exposed-by-the-linkedin-hack/ Now is the time to change your password on LinkedIn as well as any site you use with the same credentials. Rumor has it that Linkedin was using a simple hash (without any salt) and that the passwords have been cracked with the rainbow tables. Another site cropped up called www.Leakedin.org with a list of cracked passwords. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] HEY
If there is no obvious reason, it could always be a "firesheep" attack. Essentially, this attack steals/clones your cookies which steals a session. More details here: http://en.wikipedia.org/wiki/Firesheep For the end-user, the easiest way to help prevent this is with an extension called https-everywhere. https://www.eff.org/https-everywhere This addon essentially forces the browser to use SSL as much as possible which will keep the cookies encrypted as well. (Note, not every site is supported...) As developers we can help prevent issues like this by using the httponly and secure attributes of cookies. Httponly helps prevent the theft of cookies through XSS attacks. Essentially, when you set a cookie, httponly does not allow _javascript_ to read the cookie. The secure attribute is primarily helps when your site is all SSL. It only allows the cookie to be used through SSL connections. (i.e. if you are directed to an unencrypted page, the cookie will not be sent.) Links for more info: http://www.petefreitag.com/item/764.cfm http://www.adobe.com/devnet/coldfusion/articles/coldfusion-securing-apps.html http://www.jalpino.com/index.cfm/event/read/entry/Securing_CFID_CFToken_and_JSessionID_cookies http://stackoverflow.com/questions/1048436/forcing-httponly-cookies-with-jrun-coldfusion On 06/02/2012 09:16 AM, Peyton Todd wrote: Yes, it appears so. However, a virus scan of my computer finds nothing, the tech support person at my e-mail provider finds no change to the standard parameters that (according to him) would be used by hackers to cause other problems, and the few people who had clicked the link before I could get the warning message out report that it would not open. Unfortunately he had no clue as to how it got hacked. From: Veronika Bari veronikab...@yahoo.com To: "discussion@acfug.org" discussion@acfug.org Sent: Fri, June 1, 2012 4:41:28 PM Subject: Re: [ACFUG Discuss] HEY i think your email got hacked. From: Peyton Todd peytont...@att.net To: scklweorpkwpokwer...@mail.com Sent: Friday, June 1, 2012 10:11 AM Subject: [ACFUG Discuss] HEY you should give this a look http://www.spacnews.net/biz/?read=3292931 - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
Re: [ACFUG Discuss] CF9 email problem
Brooks, Not a problem, Trust me, I was looking at the calling page as well. I am happy there are people on the list willing to help... Also, a bad or incomplete explanation is my fault. Thanks, Frank On 05/23/2012 07:45 AM, brooks.wil...@atl.frb.org wrote: The reason I thought the function may be executing more than once is because I was not given the calling code - only the function. Sincerely, Brooks ADS develops supports effiective, efficient and secure software solutions -- Federal Reserve Bank of Atlanta ∙ Application Delivery Services 1000 Peachtree Street NE ∙ Atlanta,Georgia ∙ 30309-4470 ( 404-498-8178 From: Frank Moorman stretch...@franksdomain.net To: discussion@acfug.org, Date: 05/22/2012 10:01 PM Subject: Re: [ACFUG Discuss] CF9 email problem Sent by: ad...@acfug.org One interesting thing, I just checked the undelivered log and it was empty, but It allowed me to set the mail log severity level. I changed it all the way from warning to debug Time to test... On 05/22/2012 09:54 PM, Frank Moorman wrote: Yeah, I'm really stumped by this. I initially thought that I cut and pasted a "query=" attribute into the cfmail tag. I'm still not sure what is happening. I plan on adding a few cflog tags into the method later tonight, similar to what Brooks mentioned. The other weird thing is that the email is sent out a few minutes apart (one reason why I am considering a possible mail server issue.) But it only seems to duplicate this specific email, and every time this email is sent, (but no reports or evidence of any other email on the system.) I have a PNG file of the CF admin showing the emails here: http://www.moormanappdev.com/ColdFusion%20Administrator_1337736378216.png On 05/22/2012 07:43 PM, Cheyenne Throckmorton wrote: I can't imagine why the same function would send multiple of the first and only one of the second unless maybe your #GetContactInfo.email_address# statement is returning a comma-delimited list to generate multiple emails and maybe to the same list. Like its returning fr...@domain.com,fr...@domain.com,fr...@domain.com,fr...@domain.com from some kind of a join mix up in the sql and then your mail setup is spawning off separate emails to each email in the list despite them all being the same. On Tue, May 22, 2012 at 3:26 PM, brooks.wil...@atl.frb.org wrote: Frank: Try adding some debugging code. I would add a cfdump/ at the beginning and end of the function body. This would tell me that the function is starting and ending as you expect. What may be happening is that the function begins, sends the first email and then abnormally terminates. Then the calling program calls the function again and this pattern is repeating 4 more times. Finally on the 6th try, the function completes as expected. Sincerely, Brooks From: Frank Moorman stretch...@franksdomain.net To: discussion@acfug.org, Date: 05/21/2012 03:21 PM Subject: [ACFUG Discuss] CF9 email problem Sent by: ad...@acfug.org All, I am having an email problem... My system is sending out about a dozen of the first email yet only one of the second. (I only want one of each.) The system is CF9 and it has happened a few times. (Every time since it was implemented this weekend.) I tried to find any type of loop or query and I stunned... I considered the possibility that it is a mail server problem yet no other email seems to be affected and the site hosts two separate CF applications with many different emails from both. I have copied the code in its entirety here just removing the i
Re: [ACFUG Discuss] CF9 email problem
Note for the future... Don't use DEBUG setting for the mail log... (TMI, but at least not in a disgusting way) "...will respool queue in 15 seconds..." "...will respool queue in 15 seconds..." "...will respool queue in 15 seconds..." "...will respool queue in 15 seconds..." As for my problem, My test last night produced 4 copies of the first email and only one of the second after one webpage execution. In the middle of the night I took the drastic measure of rebooting the webserver. My test after the reboot only sent one email. I am currently waiting for the owner of the site to do his own independent testing to confirm it is working. I'm still dumbfounded... It appears as if the reboot fixed any type of inconsistency in the mail spool. However, the big question is why was it this specific email function and no other emails? There were about 12 tests of this email function and each one generated multiple emails being sent out while every other email in both applications was fine. No code change and a reboot stopped the problem(at least temporarily) I am wondering if there was some type of hiccup when the byte code was originally compiled from the cfc that caused the problem... The reboot then cleared the class cache and it was fixed when it recompiled. This is currently my best *guess* Unfortunately I still don't know the actual cause. (and I hate not knowing the real problem... I want to avoid this issue in the future, not keep my fingers crossed.) Thanks All, Frank On 05/22/2012 10:00 PM, Frank Moorman wrote: One interesting thing, I just checked the undelivered log and it was empty, but It allowed me to set the mail log severity level. I changed it all the way from warning to debug Time to test... On 05/22/2012 09:54 PM, Frank Moorman wrote: Yeah, I'm really stumped by this. I initially thought that I cut and pasted a "query=" attribute into the cfmail tag. I'm still not sure what is happening. I plan on adding a few cflog tags into the method later tonight, similar to what Brooks mentioned. The other weird thing is that the email is sent out a few minutes apart (one reason why I am considering a possible mail server issue.) But it only seems to duplicate this specific email, and every time this email is sent, (but no reports or evidence of any other email on the system.) I have a PNG file of the CF admin showing the emails here: http://www.moormanappdev.com/ColdFusion%20Administrator_1337736378216.png On 05/22/2012 07:43 PM, Cheyenne Throckmorton wrote: I can't imagine why the same function would send multiple of the first and only one of the second unless maybe your #GetContactInfo.email_address# statement is returning a comma-delimited list to generate multiple emails and maybe to the same list. Like its returning fr...@domain.com,fr...@domain.com,fr...@domain.com,fr...@domain.com from some kind of a join mix up in the sql and then your mail setup is spawning off separate emails to each email in the list despite them all being the same. On Tue, May 22, 2012 at 3:26 PM, brooks.wil...@atl.frb.org wrote: Frank: Try adding some debugging code. I would add a cfdump/ at the beginning and end of the function body. This would tell me that the function is starting and ending as you expect. What may be happening is that the function begins, sends the first email and then abnormally terminates. Then the calling program calls the function again and this pattern is repeating 4 more times. Finally on the 6th try, the function completes as expected. Sincerely, Brooks From: Frank Moorman stretch...@franksdomain.net To: discussion@acfug.org, Date: 05/21/2012 03:21 PM Subject: [ACFUG Discuss] CF9 email problem Sent by:ad...@acfug.org All,
Re: [ACFUG Discuss] CF9 email problem
Yeah, I'm really stumped by this. I initially thought that I cut and pasted a "query=" attribute into the cfmail tag. I'm still not sure what is happening. I plan on adding a few cflog tags into the method later tonight, similar to what Brooks mentioned. The other weird thing is that the email is sent out a few minutes apart (one reason why I am considering a possible mail server issue.) But it only seems to duplicate this specific email, and every time this email is sent, (but no reports or evidence of any other email on the system.) I have a PNG file of the CF admin showing the emails here: http://www.moormanappdev.com/ColdFusion%20Administrator_1337736378216.png On 05/22/2012 07:43 PM, Cheyenne Throckmorton wrote: I can't imagine why the same function would send multiple of the first and only one of the second unless maybe your #GetContactInfo.email_address# statement is returning a comma-delimited list to generate multiple emails and maybe to the same list. Like its returning fr...@domain.com,fr...@domain.com,fr...@domain.com,fr...@domain.com from some kind of a join mix up in the sql and then your mail setup is spawning off separate emails to each email in the list despite them all being the same. On Tue, May 22, 2012 at 3:26 PM, brooks.wil...@atl.frb.org wrote: Frank: Try adding some debugging code. I would add a cfdump/ at the beginning and end of the function body. This would tell me that the function is starting and ending as you expect. What may be happening is that the function begins, sends the first email and then abnormally terminates. Then the calling program calls the function again and this pattern is repeating 4 more times. Finally on the 6th try, the function completes as expected. Sincerely, Brooks From: Frank Moorman stretch...@franksdomain.net To: discussion@acfug.org, Date: 05/21/2012 03:21 PM Subject: [ACFUG Discuss] CF9 email problem Sent by: ad...@acfug.org All, I am having an email problem... My system is sending out about a dozen of the first email yet only one of the second. (I only want one of each.) The system is CF9 and it has happened a few times. (Every time since it was implemented this weekend.) I tried to find any type of loop or query and I stunned... I considered the possibility that it is a mail server problem yet no other email seems to be affected and the site hosts two separate CF applications with many different emails from both. I have copied the code in its entirety here just removing the identifying information... The component call executes a database query which returns a single row. cffunction access="public" name="zzz" output="false" returntype="void" hint="sends an email." cfargument name="RequestUUID" type="string" required="true" cfset var GetContactInfo = '' cfinvoke component="contacts" method="GetContactRequest" returnvariable="GetContactInfo" cfinvokeargument name="ContactId" value="#arguments.RequestUUID#" /cfinvoke cfmail to="#GetContactInfo.email_address#" cc="supp...@zzz.com" from="zz.com donotre...@zzz.com" subject="zzz Correspondence" type="text"
Re: [ACFUG Discuss] CF9 email problem
One interesting thing, I just checked the undelivered log and it was empty, but It allowed me to set the mail log severity level. I changed it all the way from warning to debug Time to test... On 05/22/2012 09:54 PM, Frank Moorman wrote: Yeah, I'm really stumped by this. I initially thought that I cut and pasted a "query=" attribute into the cfmail tag. I'm still not sure what is happening. I plan on adding a few cflog tags into the method later tonight, similar to what Brooks mentioned. The other weird thing is that the email is sent out a few minutes apart (one reason why I am considering a possible mail server issue.) But it only seems to duplicate this specific email, and every time this email is sent, (but no reports or evidence of any other email on the system.) I have a PNG file of the CF admin showing the emails here: http://www.moormanappdev.com/ColdFusion%20Administrator_1337736378216.png On 05/22/2012 07:43 PM, Cheyenne Throckmorton wrote: I can't imagine why the same function would send multiple of the first and only one of the second unless maybe your #GetContactInfo.email_address# statement is returning a comma-delimited list to generate multiple emails and maybe to the same list. Like its returning fr...@domain.com,fr...@domain.com,fr...@domain.com,fr...@domain.com from some kind of a join mix up in the sql and then your mail setup is spawning off separate emails to each email in the list despite them all being the same. On Tue, May 22, 2012 at 3:26 PM, brooks.wil...@atl.frb.org wrote: Frank: Try adding some debugging code. I would add a cfdump/ at the beginning and end of the function body. This would tell me that the function is starting and ending as you expect. What may be happening is that the function begins, sends the first email and then abnormally terminates. Then the calling program calls the function again and this pattern is repeating 4 more times. Finally on the 6th try, the function completes as expected. Sincerely, Brooks From: Frank Moorman stretch...@franksdomain.net To: discussion@acfug.org, Date: 05/21/2012 03:21 PM Subject: [ACFUG Discuss] CF9 email problem Sent by: ad...@acfug.org All, I am having an email problem... My system is sending out about a dozen of the first email yet only one of the second. (I only want one of each.) The system is CF9 and it has happened a few times. (Every time since it was implemented this weekend.) I tried to find any type of loop or query and I stunned... I considered the possibility that it is a mail server problem yet no other email seems to be affected and the site hosts two separate CF applications with many different emails from both. I have copied the code in its entirety here just removing the identifying information... The component call executes a database query which returns a single row. cffunction access="public" name="zzz" output="false" returntype="void" hint="sends an email." cfargument name="RequestUUID" type="string" required="true" cfset var GetContactInfo = '' cfinvoke component="contacts" method="GetContactRequest" returnvariable="GetContactInfo" cfinvokeargument name="ContactId" value="#arguments.RequestUUID#" /cfinvoke cfmail to="#GetContactInfo.email_address#" cc="supp...@
[ACFUG Discuss] CF9 email problem
All, I am having an email problem... My system is sending out about a dozen of the first email yet only one of the second. (I only want one of each.) The system is CF9 and it has happened a few times. (Every time since it was implemented this weekend.) I tried to find any type of loop or query and I stunned... I considered the possibility that it is a mail server problem yet no other email seems to be affected and the site hosts two separate CF applications with many different emails from both. I have copied the code in its entirety here just removing the identifying information... The component call executes a database query which returns a single row. cffunction access="public" name="zzz" output="false" returntype="void" hint="sends an email." cfargument name="RequestUUID" type="string" required="true" cfset var GetContactInfo = '' cfinvoke component="contacts" method="GetContactRequest" returnvariable="GetContactInfo" cfinvokeargument name="ContactId" value="#arguments.RequestUUID#" /cfinvoke cfmail to="#GetContactInfo.email_address#" cc="supp...@zzz.com" from="zz.com donotre...@zzz.com" subject="zzz Correspondence" type="text" Customer, Your request has been sent ...blah... blah... blah... #GetContactInfo.contractor_phone#. blah... blah... blah...#GetContactInfo.contractor_first_name# #GetContactInfo.contractor_last_name#. /cfmail cfmail to="#GetContactInfo.contractor_email#" cc="supp...@zzz.com" from="zzz.com donotre...@zzz.com" subject="CUSTOMER REQUEST" type="text" blah... blah... blah... CUSTOMER INFORMATION: Name: #GetContactInfo.first_name# #GetContactInfo.last_name# Address: #GetContactInfo.street_address# City, State: #GetContactInfo.city#, #GetContactInfo.state# #GetContactInfo.zip_code# /cfmail cfreturn /cffunction -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
Re: [ACFUG Discuss] Tricky SQL help?
First. let me say that MySql does allow for the COALESCE function and and Nelson's SQL should work. I would say however, the 3rd null parameter is not needed, if the first field is null it will use the second field whether or not it has a null value. SELECT S.* , coalesce(A1.addresstype, A2.addresstype) AS AddressType , coalesce(A1.addresstype, A2.addresstype) AS AddressLine1 , coalesce(A1.addresstype, A2.addresstype) AS City , coalesce(A1.addresstype, A2.addresstype) AS State FROM Students S LEFT JOIN Addresses A1 ON S.id = A1.empid and A1.addressType = 'temporary forward' LEFT JOIN Addresses A2 ON S.id = A2.empid and A2.addressType = 'permanent forward' Second for performance, I agree with the general consensus that having the DB do all the work is usually the most efficient. There is one caveat for this though... datatype conversions. Have coldfusion convert all datatypes to what is defined in the table definition. If for some strange reason, zipcodes are stored as an integer field, use WHERE zip_code = 7003, not WHERE zip_code = '07003'. The reverse is true too... if you have a field that stores numbers as a string use WHERE string_field = '34'; do not use WHERE string_field = 34; I used to work on an oracle system where people were ignorant of how a field was defined and oracle would slow to a crawl due to implicit type conversions. Remember, Coldfusion only needs to convert the datatype once, the database may do it for each individual row. On 04/09/2012 10:59 AM, Nelson Winters wrote: If you're using SQL Server, something like this should work: SELECT S.* , coalesce(A1.addresstype, A2.addresstype, null) AddressType , coalesce(A1.addresstype, A2.addresstype, null) AddressLine1 , coalesce(A1.addresstype, A2.addresstype, null) City , coalesce(A1.addresstype, A2.addresstype, null) State FROM Students S LEFT JOIN Addresses A1 ON S.id = A1.empid and A1.addressType = 'temporary forward' LEFT JOIN Addresses A2 ON S.id = A2.empid and A2.addressType = 'permanent forward' On Mon, Apr 9, 2012 at 10:45 AM, Tepfer, Seth la...@emory.edu wrote: I know this is not strictly a CF issue, but I’m trying to find the most efficient way of doing this, and a single query seems faster than 2 queries plus a query of queries. I have two tables, one of student names, one of addresses. Students: id, name, emplID Addresses: emplID, addressType, addressline1, city, state, Student table data: 1, john dooley, 1234567 2, jane dooley, 2345678 3, tom dooley, 33456780 Addresses table data: 1234567, onCampus, 101 Dowman, null, null 1234567, home address, 100 main street, springfield, IL 1234567, permanent forward, 120 main street, Atlanta, GA 2345678, home address, 200 main street, springfield, MO 2345678, temporary forward, 130 main street, Atlanta, GA 3456789, home address, 300 main street, springfield, GA Every student has a home address. Some have permanent or temporary forwards. The query results I want to return are · All the student names · If they have permanent or temporary forward, that address · If they do not, a null for the address (NOT the home address or onCampus address) I’ve tried an outer join with a ‘where addressType = ‘permanent or temporary’, but that doesn’t give me all the names, just the ones with a forward. Thanks for any time you can give. This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and
Re: [ACFUG Discuss] File Organization for Mac Development
Linux user here so take this with a grain of salt... For development, it is easiest to work in the webserver's directory. With the assumption of Mac (OS-X+) being loosely based on BSD/Linux, you can create a symbolic link on the folder. Take your ide default folder and than make a link to that folder in the webserver directory. That way it essentially is in both places; you store the code where it is easiest to access from your IDE, and changes you make there show up automatically through the link on the webserver. As for what I personally do, (again, as a linux user, but this should work in all modern OS's) I generally prefer not to have my daily use machine running a web server (and db server) constantly while I am using it. I create a virtual machine. (I use virtual box which is a free download) I can make the virtual machine a different environment (provided I have install disks) if I want. When I need a webserver, I start the virtual machine. I share my data folders with the virtual machine and I mount them under the web root. It takes a bit more to initially set this configuration up, but I find it very easy to work with on a daily basis. And if I get a new machine, I just copy the virtual machine's hard disk to the new computer and I can start right away. (The VM's hard disk is just a single file in the VM's data directory.) --Frank On 03/02/2012 03:20 PM, Cameron Childress wrote: I put CF projects all in the default Apache webroot dir: /Library/WebServer/Documents/[projectname] Non-web projects (Flex/AIR/Titanium) I usually just leave wherever the IDE wants to put them. I create vhosts entries for each project in Apache and make entries for each in the hosts file (located at /private/etc/hosts). Usually I use ".local" for these. So if I am working on www.acfug.org, the local development entry would be www.acfug.local. That's how I do it... -Cameron On Fri, Mar 2, 2012 at 3:05 PM, Clarke Bishop cbis...@inboundteam.com wrote: A few weeks back I switched from PC to Mac. A key reason was that I thought Mac's have now become better development machines! Here's my question for anyone doing web development on a Mac. How do you organize your files for development. Do you put everything under Documents, create new folders inside of your home folder? What? Thanks for any tips. Clarke -- Clarke Bishop Inbound Team 770.642.1353 cbis...@inboundteam.com Get my vCard here | Clarke's LinkedIn Profile -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook | twitter| google+ -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
[ACFUG Discuss] incorporation advice
All, I am meeting with a CPA tomorrow. I plan on starting a company in order to take on the payments for the free lance work I am currently performing. When I was talking with the CPA today, I realized that not only do I not know what type of business I need, but I do not even know what questions to ask... The reasons I am most interested in doing this is so that I can try to minimize taxes, but is that all I need to look for? The CPA is suggesting a S-Corp for me, and I know I need to talk in more detail with him, but I still do not understand my choices. While I will probably take the CPA's advice, I was hoping that maybe some of the people on this list that have gone through this experience can share some insight. Any advice on questions I need to ask the CPA, or any topics I should discuss with him would be appreciated. I would love to hear from someone who had a moment of WOW!, I wish I thought of that when I first started... I know that this has been discussed at ACFUG meetings in the past (even ones that I attended and now wish I remembered more...) So if someone has a URL to share, that would also be appreciated... Once again, thanks for any advice... Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CF Shopping carts
I used to work somewhere that used cfshopkart... It used to work fairly well, but at the time it did not use cfqueryparam to prevent against sql injection attacks. (especially worrisome on an e-commerce site.) Does it still have this problem, or has a newer version fixed this? On 10/05/2011 06:41 PM, Clint Willard wrote: http://www.cfshopkart.com Clint Willard Senior ColdFusion Programmer Analyst clint...@gmail.com h) 770-965-6074 m) 706-714-5502 On Wed, Oct 5, 2011 at 7:59 AM, Stephen Carlson st...@xiinteractive.com wrote: I'm looking for some input on ColdFusion shopping carts free or paid versions. Requirements: - easy/quick to set up... the project has a short delivery fuse. - user admin that is easy for the client to use. - solution suitable for small/medium business not corporate/enterprise. - SEO integration would be a big plus. Any help, suggestions, etc are welcome. Please let me know if you have experience with any particular product and if you would recommend it. Stephen M Carlson XI Interactive -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
[ACFUG Discuss] Informal poll Who will be at NCDevCon this weekend?
I'm just curious... I will be there and I plan on driving up on Friday. I know that Josh is speaking there this year, but who else is going? If you did not sign up yet, you better do it fast, there was a single ticket left a few minutes ago... --Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Informal poll Who will be at NCDevCon this weekend?
I guess there have been a few cancellations or dropped sessions... There are now 6 available tickets. I would join you Doug, but I think I will be bouncing between the CF and Web tracks of the conference. I won't have a big enough break to take in a hands on session. As it is, I only expect to hit the mobile track for the CF/Sencha Touch session on Sunday morning. (and maybe the last Saturday session as well, designing for mobile.) On 09/14/2011 04:41 PM, Douglas Knudsen wrote: "beach" sure sounds better, good call. I had no difficult life changing dependencies, so I'll be at NCDevCon. Come hang in the hands-on session for Mobile development and get schooled. BTW, I do believe as of now it is sold out. Douglas Knudsen http://www.cubicleman.com this is my signature, like it? On Wed, Sep 14, 2011 at 4:08 PM, Cameron Childress camer...@gmail.com wrote: Would love to go, but I'll be in San Diego. Tough call I know, but I had to go with "beach". -Cameron On Wed, Sep 14, 2011 at 3:47 PM, Frank Moorman stretch...@franksdomain.net wrote: I'm just curious... I will be there and I plan on driving up on Friday. I know that Josh is speaking there this year, but who else is going? If you did not sign up yet, you better do it fast, there was a single ticket left a few minutes ago... --Frank -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook | twitter| google+ -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
[ACFUG Discuss] url encryption
Hey all... I've got a problem that I would like some ideas on... I have an https (secure site) and I would like to pass a variable from javascript back to the server via an ajax call. The variable is sensitive and I would like to keep it secure. If I request the ajax page with the url variable, will it be encrypted with https? The web being what it is seems to show some disagreement on this issue. I have read that the entire url (including the variables) is sent in the clear. However, I saw somewhere else that only the domain is in the clear when the dns request is made; after the DNS request, the secure socket is created and everything including the path, filename. and any variable is encrypted through SSL. Does anyone know for sure which of the above is correct? are url parameters encrypted on SSL connections? If they are not encrypted, does anyone have a good solution to encrypt, or is my best bet to change from a GET to a POST request for security? Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Ghostery
I forgot who asked, but I was discussing blocking tracking cookies and while browsing. I mentioned Ghostery... The question I could not answer was if it is firefox only or cross-browser compatible... (Obviously, it works on non-windows OS's as well because I use it.) Ghostery is a browser tool available for Firefox, Chrome, Safari, Opera and Internet Explorer. It scans the page for scripts, pixels, and other elements and notifies the user of the companies whose code is present on the page. These page elements aren't otherwise visible to the user, and often not detailed in the page source code. Ghostery allows users to learn more about these companies and their practices, and block the page elements from loading if the user chooses. It allows you allow/disallow all trackers as a group or individually. So you can disable doubleclick while allowing Google+ to track you. (if desired) It will even delete LSOs from Flash and Silverlight. Whether you disable trackers or not, ghostery displays a list of found trackers when you load a page so you can see what lengths a website goes to in order to get information about you. I found that many pages only use 1 or 2 trackers, but some go to great lengths and try to track you with a dozen different cookies... http://www.ghostery.com/ -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
Re: [ACFUG Discuss] cfmenu adding an iframe
I admit I have never used the cfmenu tag before so I am not familiar with the scripts being utilized. Have you tried to change the css using an external css file or a style tag at the top of the page? You will not even need the onload method. Try putting this in the page's head: style type="text/css" #_yuiResizeMonitor {display:none !important; width:0px !important; height:0px !important; margin:0; !important;} /style If that doesn't work, try adding " position:static !important; " in the above Unless the scripts on the page modify the style properties of this iframe (which may happen when the iframe gets created,) I would expect this to work. With the # sign, we are identifying the iframe by id, and the !important should override any other styles applied by the page. On 07/22/2011 05:19 PM, Jeff Howard wrote: I tried that. It really is baffling to me. If I comment out the cfmenu from the page the extra space isn't there, but I put it back in the code and I have an extra 2 inches at the end of my page which is fairly unsightly looking. Below is the code that is showing up in Firebug after my actual code. iframeid="_yuiResizeMonitor"src="data:text/html;charset=utf-8,%3Chtml%3E%3Chead%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3Ewindow.onresize%3Dfunction()%7Bwindow.parent.YAHOO.widget.Module.textResizeEvent.fire()%3B%7D%3Bwindow.parent.YAHOO.widget.Module.textResizeEvent.fire()%3B%3C%2Fscript%3E%3C%2Fhead%3E%3Cbody%3E%3C%2Fbody%3E%3C%2Fhtml%3E"style="position: absolute; visibility: hidden; width: 10em; height: 10em; top: -110px; left: -110px; border-width: 0pt; display: none;" html head scripttype="text/_javascript_" window._onresize_=function(){window.parent.YAHOO.widget.Module.textResizeEvent.fire();};window.parent.YAHOO.widget.Module.textResizeEvent.fire(); /script /head body/body /html /iframe On Thu, Jul 21, 2011 at 5:35 PM, Teddy R. Payne teddyrpa...@gmail.com wrote: Jeff, I have not run into this yet, but if you are trying to apply style or manipulate the DOM for something that loads last then using the onload attribute of the body tag executes after the body has completed. That could be one way, but not a direct fix. Teddy R. Payne, ACCFD Google Talk - teddyrpa...@gmail.com On Thu, Jul 21, 2011 at 5:24 PM, Jeff Howard jeh...@gmail.com wrote: I recently created an application that I used cfmenu to create the navigation. I originally used jQuery but decided to go with CF and I just recently noticed that at the bottom of the page there is a sizable area of white (actually gray) space below my content. When I use Firebug to figure out what is creating that I come across an iFrame titled _yuiResizeMonitor that is created by CF. This space exists in FF, IE and Chrome. I tried adding a script at the end of the page that set the CSS for this to not display but it has not rendered so I get that the object is null when trying to style is with js at the end of the page. Has anyone had an issue similar to this, and if so, were you able to find a fix? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?falogin.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -To
Re: [ACFUG Discuss] CFLUNCH Roswell/Alpharetta
I'm sorry, I am the one that needs to apologize. I never got out today either and I started the thread. I had to work through lunch and just realized I missed it now when I read Doug's email. I messed up. Did anyone make it? I'll try again next month. On 06/30/2011 12:12 PM, Douglas Knudsen wrote: apologies! work got in the way of getting to CFLunch today, sucks, wanted to get out there. Hope you enjoyed Roam, say hey to Clif the cook for me! Douglas Knudsen http://www.cubicleman.com this is my signature, like it? On Tue, Jun 28, 2011 at 6:45 PM, Patti Winter patti...@gmail.com wrote: Roam has an assortment of paninis, wraps, sandwiches and salads for about $6-$8 For future lunches, if you want someplace more central to Alpharetta, Roswell and Woodstock, there is a restaurant in the Crabapple area - right on the line of Alpharetta and Roswell - called Crabapple Tavern. They have wifi and good food/prices. Here's their site: www.crabappletavern.com. There is also a new Italian restaurant on the Alpharetta/Roswell line called Franco's. The food is excellent for those who like the real NY style pizza and sandwiches. I’m leaving for NY on Thursday but available tomorrow - let me know how I can help. Patti On Tue, Jun 28, 2011 at 10:42 AM, Patti Winter patti...@gmail.com wrote: Hi Frank, I can help you out if you still need someone. I'm just starting to get back into ColdFusion after being away from it for a few years, and interested in a Roswell/Alpharetta lunch. I can give you some suggestions for future lunches of restaurants that my husband and I frequent in Roswell/Alpharetta that are similar to the types of places in which I’ve attended previous CF lunches, and also closer to Woodstock. I haven’t been in Roam for about 3 years but I’m driving past there later this afternoon, so I can stop by and get the details. Patti On Tue, Jun 28, 2011 at 12:12 AM, Frank Moorman stretch...@franksdomain.net wrote: All, It seems like the consensus is for Roam Atlanta. Do they have a full lunch menu? I do have one request, This is a little farther than I prefer (but still close enough to go) can someone that is actually familiar with Roam co-ordinate it? As for Charlie, I have no problem with Wednesdays instead... Of course, this week is one of those rare situations that Wednesday will not work for me... --Frank On 06/23/2011 10:20 AM, Douglas Knudsen wrote: ditto on Bachman's suggestion, cool place for true, great coffee, wifi, food, and staff. For some old skool CF_Lunch locations, consider Smoke Jack, Wild Wings, or Cinco Mexican Cantina. Douglas Knudsen http://www.cubicleman.com
[ACFUG Discuss] Job inquiry... who works for Amazon???
All, I just received a call from a recruiter about a cf position with an Amazon subsidiary in Marietta. It sounds good, but they are only looking to start with a 3 month contract (I currently have until the end of the year on the current job that I am trying to leave.) I know that someone at the last CF meeting mentioned they started working with Amazon in Marietta, but I forget who... I was hoping to pump them for some more information before I go farther with the recruiter. Can that person either reply to the list or my personal email? ( fr...@franksdomain.net ) I appreciate it... Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CFLUNCH Roswell/Alpharetta
All, It seems like the consensus is for Roam Atlanta. Do they have a full lunch menu? I do have one request, This is a little farther than I prefer (but still close enough to go) can someone that is actually familiar with Roam co-ordinate it? As for Charlie, I have no problem with Wednesdays instead... Of course, this week is one of those rare situations that Wednesday will not work for me... --Frank On 06/23/2011 10:20 AM, Douglas Knudsen wrote: ditto on Bachman's suggestion, cool place for true, great coffee, wifi, food, and staff. For some old skool CF_Lunch locations, consider Smoke Jack, Wild Wings, or Cinco Mexican Cantina. Douglas Knudsen http://www.cubicleman.com this is my signature, like it? On Wed, Jun 22, 2011 at 10:16 AM, Kevin Bachman kevin.bach...@activegroup.net wrote: I would be interested and may have a better locale that has a more professional atmosphere and be more central to tech companies in the Roswell/Alpharetta area. How about Roam Atlanta? www.roamatlanta.com It's located on Windward Pkwy, just east off 400. Great coworking/cafe environment with lots of space. I am also trying get a Norcross CF_LUNCH off the ground as well if anyone is interested. -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Wednesday, June 22, 2011 10:13 AM To: discussion@acfug.org Subject: [ACFUG Discuss] CFLUNCH Roswell/Alpharetta Who is interested in starting a CFLUNCH in Roswell/Alpharetta? In order to have some feedback time, lets start it next Thursday 6/30. Unfortunately, I have not worked in Roswell/Alpharetta in over 4 years (I will be coming from Woodstock) so I am not familiar with any recent changes available restaurants in the area. Unless someone can think of a better idea, I suggest Five Guys burgers in the Kroger Strip Mall at the corner of Mansell Rd and Crossville Rd (which turns into Holcombe Bridge Rd.) http://maps.google.com/maps/place?cid=15913864652255605335q=Five+Guys+Burgers+%26+Fries,+Roswell,+GAhl=enved=0CBkQ-gswAAsa=Xei=8_YBTt22N5fAzQS448WRBw However, there is a major problem with this location right now... The Holcombe Bridge Rd / Alpharetta Hwy intersection (which is 1/4 mile to the east of Five Guys) is currently experiencing some major roadwork. Anyone coming through this intersection *may* hit some heavy delays.. So please feel free to suggest an alternate location if Five Guys does not work out for you, or if the only way for you to get there is through the construction work. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?falogin.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http
[ACFUG Discuss] CFLUNCH Roswell/Alpharetta
Who is interested in starting a CFLUNCH in Roswell/Alpharetta? In order to have some feedback time, lets start it next Thursday 6/30. Unfortunately, I have not worked in Roswell/Alpharetta in over 4 years (I will be coming from Woodstock) so I am not familiar with any recent changes available restaurants in the area. Unless someone can think of a better idea, I suggest Five Guys burgers in the Kroger Strip Mall at the corner of Mansell Rd and Crossville Rd (which turns into Holcombe Bridge Rd.) http://maps.google.com/maps/place?cid=15913864652255605335q=Five+Guys+Burgers+%26+Fries,+Roswell,+GAhl=enved=0CBkQ-gswAAsa=Xei=8_YBTt22N5fAzQS448WRBw However, there is a major problem with this location right now... The Holcombe Bridge Rd / Alpharetta Hwy intersection (which is 1/4 mile to the east of Five Guys) is currently experiencing some major roadwork. Anyone coming through this intersection *may* hit some heavy delays.. So please feel free to suggest an alternate location if Five Guys does not work out for you, or if the only way for you to get there is through the construction work. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] ColdFusion 9 Standard to Enterprise Trial
Ajas, While others are better able to answer this question than myself, I believe that the Developer Edition simply is a trial of the Enterprise edition. One way you can verify that you have the Enterprise edition features is to see if you can access the server monitor in the cfadministrator. This is a feature that goes away as soon as you enter in a standard edition registration key. (After using it for 30days, I missed it when it was gone.) You do not want to keep a live site on the developer edition, I think that after 30 days it will start restricting you to only 2 ip addresses. Frank On 05/05/2011 05:25 PM, Ajas Mohammed wrote: One of our clients wants to try out CF 9 Enterprise 30 day trial. Unfortunately, this server already has CF 9 Standard. So I uninstalled CF 9 Standard (because installer wont give option to install server configuration again) and reinstalled CF 9 server configuration by selecting 30 day trial option. I also renamed ColdFusion9 folder to ColdFusion9_OLD just to be on safe side before starting the installer. After installation, when the configuration/migration settings page runs, CF admin shows up fine but it says Developer Edition. How can I get the 30 day trial period Enterprise Edition Server configuration installed on this server? This is on Windows 2003 server and its 32 bit. Let me know if you need more information. Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] ColdFusion 9 Standard to Enterprise Trial
Ajas, I do not think the 2 ip restriction is enforced before the 30 day trial expires. I would expect you to be able to test with the 50 users. (Otherwise, use Kevin's idea...) On 05/05/2011 06:40 PM, Kevin Hellriegel wrote: I'm not sure if this works, but it's worth a shot to get around the 2 ip restriction. Try setting up a proxy (something like tcpmon or charles. You could also use the ProxyPass directive in Apache web server) that points to the Developer server and have the 50 users connect to the proxy's port/IP address. On Thu, May 5, 2011 at 6:27 PM, Ajas Mohammed ajash...@gmail.com wrote: Thanks Frank. I understand that Developer is trial of Enterprise edition. They want to test out Enterprise for a week or so with 50 plus users. I dont think I can do that because of 2 ip restriction in developer edition. Thats the reason I want a fully functional 30 day Enterprise trial edition on this server. Let me know if anyone has questions or if I need to clarify something. Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, May 5, 2011 at 6:22 PM, Frank Moorman stretch...@franksdomain.net wrote: Ajas, While others are better able to answer this question than myself, I believe that the Developer Edition simply is a trial of the Enterprise edition. One way you can verify that you have the Enterprise edition features is to see if you can access the server monitor in the cfadministrator. This is a feature that goes away as soon as you enter in a standard edition registration key. (After using it for 30days, I missed it when it was gone.) You do not want to keep a live site on the developer edition, I think that after 30 days it will start restricting you to only 2 ip addresses. Frank On 05/05/2011 05:25 PM, Ajas Mohammed wrote: One of our clients wants to try out CF 9 Enterprise 30 day trial. Unfortunately, this server already has CF 9 Standard. So I uninstalled CF 9 Standard (because installer wont give option to install server configuration again) and reinstalled CF 9 server configuration by selecting 30 day trial option. I also renamed ColdFusion9 folder to ColdFusion9_OLD just to be on safe side before starting the installer. After installation, when the configuration/migration settings page runs, CF admin shows up fine but it says Developer Edition. How can I get the 30 day trial period Enterprise Edition Server configuration installed on this server? This is on Windows 2003 server and its 32 bit. Let me know if you need more information. Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] QoQ Variable Disappearance
All, I am not sure about changes in CF 8 or 9 on this issue, but I remember CF7 had issues retaining datatypes. Essentially using CAST() helps this problem. More info here: http://www.bennadel.com/blog/379-ColdFusion-Query-of-Queries-Unexpected-Data-Type-Conversion.htm On 04/14/2011 02:10 PM, Charlie Arehart wrote: Is it a query that's gone? Or a column within it perhaps? Worth double checking. There is an isquery function, for instance. As for the datatype issue, I seem to recall there being a feature to indicate the datatype, which was bolstered in CF 8 or 9. Anyone recall the details, and whether it may relate to his use of query of queries, specifically? BTW, Matthew, be sure to check out the chapter on Q of Q in the Developer's Guide (not in the CFML Reference) in the CF docs. Many never notice that there is ample documentation, and often pointers to solutions to such very problems. /charlie -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Matthew Nicholson Sent: Wednesday, April 13, 2011 7:36 PM To: discussion@acfug.org Subject: [ACFUG Discuss] QoQ Variable Disappearance Alright, This is turning into a delightful exercise in QoQ syntax, restrictions, and design. Here is a recap on problem I'm experiencing; CFSTOREDPROC provides a list of all work orders and associated information CFQUERYA generates list of sites to auto-accept (Huge List - 17000 Elements) CFQUERYB generates list of sites to exclude from auto-accept (Small List - 39 Elements) CFQUERYC QoQ using the work order information provided by CFSTOREDPROC; generate a set of work orders where ID IN CFQUERYA and ID NOT IN CFQUERYB Problem: CFQUERYB disappears prior to it executing the where statement in CFQUERYC I've verified that prior to the QoQ, the variable is populated with the appropriate information but it vanishes once we start processing the QoQ. The server provides me with the following error message. Invalid data for CFSQLTYPE CF_SQL_INTEGER. I assume the extra white space is a empty variable or null value. I will add, that the assumption that I'm overloading QoQ isn't not something I'm able to verify as I have done the same process in a separate environment with larger data sets and I'm unable to reproduce the problem. Any thoughts on this underlying limitation would be wonderful. Now moving forward, Option: Within CFQUERYC (JOIN CFQUERYA with CFSTOREDPROC) cfquery name=qryAutoApprove dbtype=query SELECT * FROM qryWorkOrder, qryAA WHERE qryAA.sitecompany_id = qryWorkOrder.sitecompany_id /cfquery Problem: Data Type Issues: Left hand side expression type = INTEGER. Right hand side expression type = STRING. However, both items based upon the DB and functions should all be treated as varchar(s) I've read in a few places I should be hard casting these variables although based upon my research all of the data types line up and I've not been able to determine how a sitecompany_id would be cased previously as an INTEGER. So, any thoughts on all this? I have a feeling I'm being thick headed with the syntax but I don't see where the logic is breaking down at the moment and any insight would be greatly appreciated. Thank you! Matthew R. Nicholson SolTech, Inc. Cell: 770-833-5326 www.soltech.net To find what you seek in the road of life, the best proverb of all is that which says: Leave no stone unturned. ~Edward Bulwer Lytton - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=gin.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Best password hash practices
Guys, Thanks for the input... I agree with Cameron, storing the salt value negates its usefulness. I think that using a formula in code to generate a salt is better... it requires that the source code be stolen and analyzed in addition to the database in order to determine a pattern with the salt. I read the article and I have been thinking about it, I think I will be going with my initial thought with one change... instead of salting the second hash with the original password, I will salt it with UCase(***username***) This will be an improvement over the original for two reasons: It will eliminate the problem of users with the same password having the same hash value; and one of the flaws in my suggestions was that a Human looking at the second hash could easily guess the password. This will still break the usefulness of the rainbow tables as well. So, StoredHash = Hash( Hash(***password***) UCase(***username***) ) By using UCase(), I can still allow case insensitivity on the username. Even if the source code is compromised with the database, it still requires brute forcing one hash before being able to use the rainbow tables. Thanks, Frank On 03/20/2011 12:20 PM, Cameron Childress wrote: On Sun, Mar 20, 2011 at 10:27 AM, Tom McNeer tmcn...@gmail.com wrote: Here's a good article on the subject: http://blog.mxunit.org/2009/06/look-ma-no-password-secure-hashing-in.html I'll point out (and so did Peter Bell in the article comments) that salting the hash is a good solution, but the specific implementation recommended in the linked article does have flaws. Storing the salt with the hash somewhat negates the security added by the salt since you are storing it IN PLAIN TEXT with the hash itself. If someone steals that table, they get the hashed values and the salts. When this DOES DO is eliminate certain existing rainbow tables being used against the hash since each hashed password would effectively require it's own set of rainbow tables (essentially the same as a brute force attack). This doesn't make hashing any more secure against brute force, but it does help eliminate the usefulness of rainbow tables... Compare this to the option of having a single site-wide master salt that all passwords are hashed with. If that salt is discovered, all the supposed hacker needs to do is generate one set of rainbow tables with the one salt and they can run all the passwords against it. Given enough targets and this could totally be worth it. -Cameron - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Best password hash practices
All, I am building a new website and I need to create a user/password database. I used to always use the hash function on the password, store the hash on the database, and then verify credential by doing a select from the database where: ***stored value*** = hash(***password***) . However, it appears that a single hash is no longer adequate security due to rainbow tables. I was planning on overcoming this by performing an initial hash, taking the result and salting it with the original password and passing this concatenated value into a second hash function. e.g. ***stored value*** = Hash( ***password*** ( Hash( ***password*** ) ) ) I wanted to know what everyone else thought about what the best practice in web security is right now and if this is adequate, or if someone has a better idea... (I may use a few string functions to actually stick the password in the middle of the second iteration instead of just concatenating the value on the end just for a little more obscurity.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] CF9 Performance
Thanks all... I am going to suggest getting Fusion Reactor (It should be an easy sell based on cost to benefit ratio.) I have always been somewhat performance minded, which I tend to see in other old school programmers that remember cpu's operating at 1Mhz and memory measured in K or even bytes. (My old Vic-20 stated 3583 bytes free once the buffers and screen memory en were allocated.) I always paid attention to the exec times and SQL time in debug, but Charlie is correct... I am working blindly if I can only see what is going on in a single thread. I actually was happy with CF Server Monitor, but I only had it for 30 days... When I entered the CF9 standard license and saw it go away, I was disappointed. I liked exploring what was really going on and then I felt like one of my arms was cut off. If I have a page that does timeout is there a way to include memory usage in my error report? In a best case scenario, I do not hear about an error until 10 minutes later; at that point the root cause is usually gone and monitoring is too late. If I can see these other 3 requests were executing at the same time I might have my smoking gun. Thanks again, Frank Charlie Arehart wrote: I can hardly add more. :-) Good summary, and thanks for the kind regards, Ajas. Really Frank (and others in that boat), its so true: if you regard CF as a black box which when it hangs can only be restarted to make the problem go away, youre really not solving the root cause problem. A tool like FusionReactor (or SeeFusion, or the CF Server Monitor, if on Enterprise) can be so vital. If you need help learning how to use FR particularly, besides the ample docs, they also have training (which I wrote and teach), and an awesome mailing list (where I and others actively help people solve problems). You can also hire folks who can help you interpret what you find, to connect the dots and solve the problems (hopefully) quickly. Besides myself, there are many others who do that sort of consulting, and I list them at http://www.carehart.org/cf411/#cfassist. /charlie arehart char...@carehart.org Providing CF and CFBuilder troubleshooting services at http://www.carehart.org/consulting From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Ajas Mohammed Sent: Monday, January 31, 2011 11:17 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] CF9 Performance Frank, here are my thoughts as far as performance optimization is concerned. I have solved my company's dreaded performance problems, thanks to FusionReactor and good advice from this group and more specifically Charlie Arehart. Thank you all. :-) 1. Get FusionReactor. Trust me, you will never use ColdFusion without FusionReactor next time. I guarantee it.For 300 dollars you will not go wrong. 2. FusionReactor will let you monitor all requests i.e. running or completed. So you can look at what requests took lot of time. 3. Even better, if a page is running slow, you can go and view exactly on which line number the code is stuck executing. Brilliant feature to solve performance problems. I love it. 4. You can view system metrics to see your servers health like memory, cpu usage, currently running request count all in one screen. 5. You can kill a request. Worst case scenario. There are exceptions but still there is an option. I can just go on like that. No kidding about that. Its an awesome tool for CFers. Now to the other important point. You didnt mention much about your configuration. How much memory you have available? things like that. If you can tell us that, we can help you better. Now you do say, its because of images in pdf. So let me ask you this, are you using local images or images from a url. If you are not using local images, then look at localurl = "yes" attribute that was added to cfdocument in CF 8/9. I would also look at the image you are using and check for the famous issue posted by Rupesh Kumar http://www.rupeshk.org/blog/index.php/2007/12/images-and-cfdocument-performance/ Finally, have you looked at any of the logs in ColdFusion to see anything obvious? Let me know if you have questions. HTH Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Mon, Jan 31, 2011 at 8:12 PM, Frank Moorman stretch...@franksdomain.net wrote: All, The last month I have encountered a few performance issues. About 3 times a week I
Re: [ACFUG Discuss] CF9 Performance
Thank you Charlie... And Ajas and Chris... We are on the same mental page. My whole reasoning for this thread is that I am having random timeouts. (I know they are not really random ;- ) I do think they are related and I do not believe the page actually timing out is the real problem. When it fails, I know which page failed, but I do not have any tool to see what else was going on at the same time. I was looking to see what tools are available that will give me more server information, preferrably one that will tell me what was happening when the error occurred, not 10 minutes later when I can actually look at a monitor. I mentioned the CFDOCUMENT with the images, because I know it is a big performance hit. I suspect (but currently have no proof) that the pages that are failing are executing at the same time as the pdf creation process. (Yes, I am using localurl) I also suspect it is the other pages timing out instead of the actual pdf creation page, because I know I have increased the default timeout individually on those pages in the past. I do not want to increase the global timeout default, because while that may help give the other pages a few more seconds to finish what they are doing, it will not fix the root cause and only (temporarily) mask the problem. If/when (probably when) I install Fusion Reactor, I will try to see the common theme with the multiple timeouts. If I see createInspectionForm.cfm running at the same time in every case and taking a lot of memory, I will definitely raise an eyebrow in that direction. However, if I see a long running memory intensive sql at the same time, I will know where else to look. Right now, I believe blind is an appropriate term, and I am only guessing based on past experience. Once again, Thank you everyone... Frank Charlie Arehart wrote: Frank, as for your last question, you could certainly programmatically grab and output the memory use (overall, in the heap, not for any specific request) at the end of a request using various means. The CF Admin API offers some (but the memory-related stuff would again only be in the servermonitoring.cfc which is only in Enterprise). You can call Java objects to get the memory (just google to find many examples of that). I will point out that FusionReactor will take care of this for you. In its requests pages (running, recent, long, slow) as well as its request log, it logs the amount of memory in use at the time of the start and end of each request. All that said, you mention an interest primarily in requests that timeout. Ill say as an aside that the timeout itself is probably not doing what you expect. CF generally will not timeout most long-running requests when they cross your specified timeout value. Instead, it will generally take as long as it needs doing some tag that it cant interrupt (like a CFQUERY or CFHTTP) and only after that returns (which could be minutes or hours later in some situations) will it then check the time on some subsequent tag (and not every kind) to then say, oh goodness, this page has gone on too long. The tragedy is that if it then was allowed to run a mere few more milliseconds, it might have completed, since the really slow tag was much earlier. I discuss all this (and why I therefore recommend against using timeouts, or any kill request feature) in a blog entry: http://www.carehart.org/blog/client/index.cfm/2010/10/15/Lies_damned_lies_and_CF_timeouts Also, as for your wishing you could view the memory in use at the time of the long-running page, Ill argue that also may not be as useful as you think. Often, CF memory problems are not at all what they seem (and may not be the cause of problems you are having). I discuss that in another blog entry (the start of a planned series), at: http://www.carehart.org/blog/client/index.cfm/2010/11/3/when_memory_problems_arent_what_they_seem_part_1 Back to your questions, your last one is quite appropriate. You often do need to know what other requests were running at the time of a problem, and here again FusionReactor comes to the rescue with its Crash Protection notification alerts, which can tell you (by email or in a log) what requests were in fact running at the time of a problem (requests too slow, or too many running at once, or free memory too low). Ill add that both SeeFusion and the CF Server Monitor do also offer such alerts, and they all include in their attachments a thread dump of all running requests which can provide the kind of what line was running detail that Ajas alluded to earlier in the thread. Hope that helps. /charlie arehart char...@carehart.org Providing CF and CFBuilder troubleshooting services at http://www.carehart.org/consulting From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Tuesday, February 01, 2011 12:03 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] CF9 Performance Thanks all... I
[ACFUG Discuss] CF9 Performance
All, The last month I have encountered a few performance issues. About 3 times a week I am getting a The Request has exceeded the maximum time limit. It is happening on different pages and different tags. I know I can probably increase the global timeout value, but I would rather fix any real issue instead. Here is the question... We are on a small budget, I can get the owner to spring some cash, if it is really necessary. What would be my best option to find out the root cause of the issues? We are using CF9 Standard. I know the performance monitor in enterprise is decent, but for the $6000 upgrade cost, he won't be happy if it does not get me to the right results. (he'll deal with it, but I wouldn't like spending that much if I don't get my answer.) Is fusion reactor a better choice than the CF9 Enterprise upgrade? Does anyone else know other good choices? Right now my *guess* is that our large picture based pdf files are being created at the same time limiting overall resources slowing down the other pages. It would be nice to see what the resources are on the machine at the time of the error. To add to the complexity, IIS and MySQL are all running on the same server. (It is a small enough site, I have never seen more the 300MB of RAM allocated to MySQL.) Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] IIS error log Connection dropped
Charlie, It comes down to after attempting to fix the Out of memory issues due to CFDOCUMENT in many different ways (All on a CF9 server). I was still getting the problems. It was specific inspection reports(pdfs) that were always failing(even overnight with no other server tasks.) After 6 weeks of dealing with the problem, I came across the blog entry. I made that one change and the errors stopped. When I recreated pdf reports that I could not get working before, they all worked after the change. In the 3 months since I made the change, I have not had the issue reappear. That is why I said that it affects CF9, because when I applied the solution, the problem stopped. As for the coincidence remark, that is my way of never truly believing that bugs are fixed, they just get smarter and harder to find later. (Having a pessimistic attitude towards computers brings less aggravation the next time they burn you...) So based on the posted solution fixing my CF9 server, I would say it affects CF9; I just don't trust any solution, even after 3 months, without the problem coming back. --Frank Charlie Arehart wrote: Well, you say first it does still affect CF9 and then youd find it a remarkable coincidence if CF9 was not still plagued by this. So which is it? :-) I would not say the latter so quickly myself, because it seems possible that something could have changed in the base JVM deployed with CF9, which is much higher than that deployed with CF8, perhaps negating that switch. If you or anyone else is in a position to run a test, it would be helpful for many, Im sure. No answer yet from Rupesh on his blog. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Friday, January 14, 2011 12:29 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] IIS error log Connection dropped Charlie, Yes, this does still affect CF9. I tried the localurl and many other items before I stumbled across this solution. I used the override and I have not run out of heap space since I made the change in early October. (at least not because of pictures anyway.) I would find that a remarkable coincidence if somehow CF9 was not still plagued by this. --Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
Re: [ACFUG Discuss] IIS error log Connection dropped
Ajas, I had a major performance problem with the processing time of CFDOCUMENT when creating PDFs using images in CF9. Creating a pdf would use all my Java heap memory and crash if I had a lot of images. As few as 25 low-resolution images (1024x768) in a single pdf could potentially bring my server to a screeching halt. It gave me many sleepless nights until I finally found the answer on Rupesh Kumar's blog: http://www.rupeshk.org/blog/index.php/2007/12/images-and-cfdocument-performance/ All I would say is just be on the lookout for performance issues. (The problem above was due to a bug dealing with images in the underlying Java advanced imaging library.) --Frank Ajas Mohammed wrote: I have the means i.e T SQL to call the object but I guess its time to use CF 9 built in features. Let me give a background of whats going on. We use this object or COM rather since CF 6.1, CF 7 to merge pdf's, form fields etc. We had problems then and even now, when we moved to CF 9 in Nov 2010, the problems still continue. We know CF 8 and CF 9 have better capabilities now to handle pdf's merging, form fields etc and I think thats the direction we will go from here, since its a random headache every now and then, when everything starts to blow up. So cfpdf and cfpdfform, here I come. :-) Apart from this, the text we use for cfdocument has http url for images and I have seen from blog posts that you are better off using localurl attribute to save resources and improve performance of CFDocument. Let me know if any one has CFDocument best practices. I have already listed localURL part. ;-) Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, Jan 13, 2011 at 2:20 PM, Mischa Uppelschoten mischa.uppelscho...@bankersx.com wrote: COM events would be logged in Application. The entry you show does not seem related to COM. I think your best bet is to either wait for or provoke a problem and look in App log for that time period. Do you have any means of calling that object from another platform like .Net or T-SQL? From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Ajas Mohammed Sent: Thursday, January 13, 2011 12:05 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] IIS error log Connection dropped Yes, I looked at Event Viewer. The most common or frequent error I see in Event log under System is "Error communicating with the Spooler system service. Open the Services snap-in and confirm that the Print Spooler service is running." The source is listed as TermServDevices and eventID is 1114. In Event Viewer, Under Application, I see "The configuration information of the performance library "C:\WINDOWS\system32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted." The source is listed as Perflib and EventID is 2003. Under System, there is another one "The WinHTTP Web Proxy Auto-Discovery Service suspended operation." Source is WinHttpAutoProxySvc and Event Id is 12517 Let me know if you need more info. Thanks, Ajas Mohammed / http://ajashadi.blogspot.com We cannot become what we need to be, remaining what we are. No matter what, find a way. Because thats what winners do. You can't improve what you don't measure. Quality is never an accident; it is always the result of high intention, sincere effort, intelligent direction and skillful execution; it represents the wise choice of many alternatives. On Thu, Jan 13, 2011 at 11:16 AM, Charlie Arehart char...@carehart.org wrote: Mischa, I’m curious: are you thinking of the IIS Application pools instead? I know they have recycling and shutdown features, but I’d be surprised to hear that there was any similar mechanism for COM objects. But assuming there is, is that for all of them, somehow? Specific ones? If the latter, how/when would the be registered to participate in such monitoring? Could be compelling, beyond Ajas’s issue. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Mischa Uppelschoten Sent: Thursday, January 13, 2011 11:11 AM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] IIS error log Connection dropped Windows has some options for COM application recycling and automatic shut down. Have you checked the event logs? From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Charlie Arehart Sent:
Re: [ACFUG Discuss] IIS error log Connection dropped
Charlie, Yes, this does still affect CF9. I tried the localurl and many other items before I stumbled across this solution. I used the override and I have not run out of heap space since I made the change in early October. (at least not because of pictures anyway.) I would find that a remarkable coincidence if somehow CF9 was not still plagued by this. --Frank Charlie Arehart wrote: Good reminder, Frank. I had forgotten about that one (from 2007, and I had even commented on it in 2009). Ive just asked Rupesh there in a new comment about whether this is still an issue in CF9, for Ajas and indeed any others who may see it. Thanks for sharing it. BTW, Frank, in your case, had you tried also the localurl? For many, thats the simplest solution to most CFDOCUMENT perf problems. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Thursday, January 13, 2011 4:10 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] IIS error log Connection dropped Ajas, I had a major performance problem with the processing time of CFDOCUMENT when creating PDFs using images in CF9. Creating a pdf would use all my Java heap memory and crash if I had a lot of images. As few as 25 low-resolution images (1024x768) in a single pdf could potentially bring my server to a screeching halt. It gave me many sleepless nights until I finally found the answer on Rupesh Kumar's blog: http://www.rupeshk.org/blog/index.php/2007/12/images-and-cfdocument-performance/ All I would say is just be on the lookout for performance issues. (The problem above was due to a bug dealing with images in the underlying Java advanced imaging library.) --Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
Re: [ACFUG Discuss] CMS Preferences
Charlie, As for autoplay and XSS attacks... Usually autoplay is through _javascript_ on the same domain. When you whitelist a domain, autoplay will usually start again. The way noscript's whitelist works is based on the source domain of the script, not the website domain. This allows a sites custom js to work, but it will stop other sites like intellitxt or ad-tracking sites. This will stop XSS listed on a different host, but it will not help you if the entire server is compromised and malicious js is on the same server. This can cause a problem if a site uses third party _javascript_ framework and does not host a copy of the framework locally. But this generally is not a good idea and most sites don't do this anyway. If they do, noscript does have an option to "allow all scripts on this page." In addition, noscript has a setting to temporary allow a domain which will let you "test" settings until the end of your browser setting. Generally, I got started with noscript for two reasons... 1) I believe in a site getting revenue through ads, so I do not use adblock, but I do not want my movement across the web tracked. 2) I occasionally have to deal with certain hotel wifi systems that used _javascript_ to inject advertising iframes. Needless to say, I am not happy (or trusting) when this happens. Charlie Arehart wrote: Nope, Frank, I dont. I instead avoid sites that do that auto-playing. :-) Id rather make my vote that way, and especially publicly when I get the chance. I realize its different strokes for different folks. Those who choose to use that just need to know that there are some of us who will prefer not to visit their site (and perhaps not even use their tools) if they go that way. The CFDJ and other sys-con.com magazines suffered a lot of grief for doing the same. Anyway, I ended my note with a grinning emoticon as I realize Lance may be preferring to reach end users more than techies, and may be willing to trade away our concerns to wow them. :-) But perhaps others will appreciate your suggestion, so thanks for sharing it. As for it avoiding XSS attacks, well, wouldnt you need to stop all JS to do that, not just auto-play? Id really not want to forego all JS to avoid that risk. Just one of lifes risks we all need to weigh. I still choose to drive down a road at 50mph with cars passing me just a couple of feet away with only a yellow line separating us. :-) But if Im misunderstanding, feel free to clarify, for me and others who may be interested. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Monday, January 03, 2011 4:53 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] CMS Preferences Auto playing video? Don't you use the noscript add on for firefox? I find that makes the web much better. Just whitelist the sites you trust and avoid the web-annoyances you don't like. Its also a great tool to avoid xss attacks. Charlie Arehart wrote: Done, though I was tempted to not add it, in protest over auto-playing audio/video. ;-} /charlie - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
[ACFUG Discuss] Meeting this month?
All, what is the current feeling/chances/possibility about a meeting on Wed? Has anyone found a suitable location? Or even a temporary one for this month. What is the status, the website is not showing anything scheduled. I can always play DD if there is no meeting, but I think one time a month, it is better to try to keep my skills sharp. --Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] ColdFusion Datasource to MySQL over SSH tunnel on windows
Assuming that you have the ssh daemon running already on your MySql/Linux box... Download and install PuTTY. http://www.putty.org/ You can then create a tunnel in Putty and tell it which ports to forward. (in this case, 3306) It is fairly easy, I can help some more if you have questions about it. Personally I use a linux client to connect to cygwin SSH on a windows server, but I have instructed the non-techie owner of the website how to use Putty to connect from his own windows PC. Once Putty is installed and is running you can connect with the normal MySql Query Browser/Admin tools. You just replace the server IP with 127.0.0.1 in order to utilize the forwarding provided by Putty. --Frank On 10/13/2010 12:56 PM, Mike Staver wrote: I'm trying to set up a remote dev instance for one of my applications, and what I would like to do is have it connect to my mysql instance on a linux box I run. I don't plan on opening up port 3306 to the outside world for obvious reasons, and I shouldn't need to if I'm correct in my thinking here. Currently, I use Navicat to connect to the DB over an SSH tunnel and it works great. I'm not entirely sure how Navicat does this behind the scenes, and I'd love to know how to duplicate this on both windows and Mac OS Has anyone done this before? On the Mac or Linux side, I would imagine you'd just set up some kind of port forwarding that would do this for you. I'm very unsure of how that would work on windows. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Max Java Heap size
Does anyone know what the maximum java heap size is for CF9? I remember that CF7 would not start whenever it was set above 1024MB. (32-bit windows environment) Our server is set to 1024MB right now and we are encountering out of memory errors in Java when creating large PDFs. (Lots of images) We are looking at increasing the physical memory on the server from 2GB to 4GB. (Which thanks to windows memory management will probably give us a gain of 1GB) Once we have more memory we will increase the Java Heap size appropriately. This is only a stopgap move. We know that the number of images is affecting the memory usage. The PDFs are crashing right now when they include approximately 60 photos. The long term plan is to create the pdfs one page at a time (with no more than 14 images each) and then use the CFPDF command to merge the pages into one file. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: Fwd: [ACFUG Discuss] CFIMAGE/CFDOCUMENT problem in CF9
ined("arguments.PropertyId") cfqueryparam cfsqltype="cf_sql_integer" value="#arguments.PropertyId#", /cfif cfqueryparam cfsqltype="cf_sql_varchar" value="#ImgUUID#" maxlength="38" ); /cfquery cfquery datasource="#session.DBsource#" name="getInsertImage" SELECT LAST_INSERT_ID() AS GENERATED_KEY; !---SELECT @@identity as new_id--- /cfquery cfreturn getInsertImage.GENERATED_KEY /cffunction!--- File Upload --- The first thing this code does is removes any spaces in the filename. (if necessary) It the calls another method to determine the final location of the resized image. Now we get to the meat: 1) We determine the current image size. 2) We determine if the longer side is larger than the max pixel width we want. 3) If we are on the long side and we need to resize, we call cfimage to create the new file and delete the old. 4) If the image did not need to be resized, we just move it out of the temp directory and into the new directory. In either case we use a UUID in order to have a unique file name. We then store the data into a table including the original filename and who uploaded it. After uploading images with this function, the images appeared normal on the website, but appeared as grey boxes in the pdf. (Not the red "x" of a missing image in the pdf, but a solid grey box.) On 09/08/2010 10:26 AM, W. Sean Harrison wrote: Frank, Are you pulling image info and resizing in the same process as you're generating the CFDocument? You may want to try single threading the image manipulation and PDF generation, or doing them separately. ...I'm hoping you see this resolved - I've got a huge app that procesess images of avigation/easement projects before rendering PDF's for the FAA, and I'm not about to upgrade until I see this particular issue resolved! --Sean -- Forwarded message -- From: Frank Moorman stretch...@franksdomain.net Date: Tue, Sep 7, 2010 at 5:14 PM Subject: [ACFUG Discuss] CFIMAGE/CFDOCUMENT problem in CF9 To: discussion@acfug.org All, As I sent out late last week, I did an upgrade from CF7 to CF9 over the weekend. Unfortunately even with all the testing we did we came across a problem this afternoon. Essentially, we allow inspectors to upload images that will eventually be used to create a pdf inspection report. The images are from digital cameras and we will resize them down to 1024x768. (roughly, we do keep the aspect ratio.) Here is the problem, with CF7 we called the cf_magicktag to get image size information, then we calculate the new size, and lastly call cf_magicktag a second time to do the resize. Unfortunately, cf_magicktag does not work well with CF9. I thought that was ok because I would use the new CFIMAGE tag. Then this afternoon the brown stuff hit the fan as I found out that any image modified by CFIMAGE would not show up in A CFDOCUMENT. Most of our pdfs that we created today with CFDOCUMENT had gray boxes instead of images. Everything else on the pdf was fine, but no images. I figured out that all the images uploaded before the upgrade displayed correctly in reports, but no image uploaded after the upgrade could be displayed in a pdf. I did a search on the adobe forums and google and I only came up with the following: http://www.websavey.com/2010/02/coldfusion-images-not-loading-in-cfdocument-when-using-cfimage- It sounds like the above person came across the same issue, but there was no resolution. I was able to fix the issue by using CFIMAGE action="" ... to make up for cf_magicktag's problem and then use cf_magicktag to do the actual resize which fortunately works and the images now show up again in pdfs. However, at best, this is an ugly hack. I was wondering if anyone else using CF9 (or possible CF8) has encountered this and how it was resolved. Also, does anyone know what I can do with my uploaded images? I am going to try to see if I change the format (maybe from JPG to TIFF) if that would fix my issue for everything uploaded today. (for space, after the resizing, the originals are immediately deleted.) But, any suggestions on this would also be appreciated. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
[ACFUG Discuss] CFIMAGE/CFDOCUMENT problem in CF9
All, As I sent out late last week, I did an upgrade from CF7 to CF9 over the weekend. Unfortunately even with all the testing we did we came across a problem this afternoon. Essentially, we allow inspectors to upload images that will eventually be used to create a pdf inspection report. The images are from digital cameras and we will resize them down to 1024x768. (roughly, we do keep the aspect ratio.) Here is the problem, with CF7 we called the cf_magicktag to get image size information, then we calculate the new size, and lastly call cf_magicktag a second time to do the resize. Unfortunately, cf_magicktag does not work well with CF9. I thought that was ok because I would use the new CFIMAGE tag. Then this afternoon the brown stuff hit the fan as I found out that any image modified by CFIMAGE would not show up in A CFDOCUMENT. Most of our pdfs that we created today with CFDOCUMENT had gray boxes instead of images. Everything else on the pdf was fine, but no images. I figured out that all the images uploaded before the upgrade displayed correctly in reports, but no image uploaded after the upgrade could be displayed in a pdf. I did a search on the adobe forums and google and I only came up with the following: http://www.websavey.com/2010/02/coldfusion-images-not-loading-in-cfdocument-when-using-cfimage- It sounds like the above person came across the same issue, but there was no resolution. I was able to fix the issue by using CFIMAGE action=info ... to make up for cf_magicktag's problem and then use cf_magicktag to do the actual resize which fortunately works and the images now show up again in pdfs. However, at best, this is an ugly hack. I was wondering if anyone else using CF9 (or possible CF8) has encountered this and how it was resolved. Also, does anyone know what I can do with my uploaded images? I am going to try to see if I change the format (maybe from JPG to TIFF) if that would fix my issue for everything uploaded today. (for space, after the resizing, the originals are immediately deleted.) But, any suggestions on this would also be appreciated. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Upgrading CF7 to CF9
All, I am planning on upgrading from CF 7 to CF9. The last time I did a major upgrade was when I moved from CF5 to CF7. At that time, Macromedia provided documentation on exactly what to look for in your code before the upgrade. (mostly tag/attribute changes and deprecations.) I did find the following web page: http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec17576-7fef.html However this page seems sparse in comparison to the documentation that I remember during my last upgrade. Has there not been any more deprecated tags and functions since CF7? Or does Adobe believe upgrading will be painless for all? If anyone can point me to additional documentation I would appreciate it. In addition, if anyone had a major issue during an upgrade from 7 (or 8) to 9, I would appreciate a heads up on what to watch out for. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Upgrading CF7 to CF9
Thank you Charlie. I will look at the blog entries. I have used the code checker and I have even used CF9 for two months on a development machine. But I still worry. I googled for the information before I created this email and I did not find much which makes me wonder if I am just cynical or too cautious about it being a clean move. (On an aside, sometimes I also think that being experienced means that you expect failure so that you can deal with it as soon as it happens, instead of going into denial that your code can't be at fault.) I remember the big changes and problems caused during the last upgrade (CF5-CF7). The move to java also moved the database drivers from ODBC to JDBC. When that occurred, parameter overloading on stored procedures was no longer supported and it caused us to rewrite many of our existing procs. In addition the JDBC change obsoleted the DBVARNAME attribute and changed all CFPROCPARAMS to be positional instead of identifying the variable. We searched for and corrected this as well as we could during testing, but I think the last positional error was not found until 4-6 months after the code hit production. The other big issue during the migration was the CF7 bug that did not run custom javascript if you used any CFINPUT edits to check for data validity. We found this error about two weeks before implementation and ran around applying a workaround to each page this affected (about 125 pages if I remember correctly.) A few days after we finished putting in our workaround Macromedia came out with a patch for it. But before I keep droning on and on, Thank you for the information. Frank On 09/04/2010 12:01 PM, Charlie Arehart wrote: Hey Frank, at least with respect to the aspect of your jump including going through CF8, this blog entry from Josh points to several resource for those moving to it: http://blog.joshuaadams.com/index.cfm/2008/9/4/Upgrading-from-ColdFusion-MX-to-ColdFus ion-8 Granted, I know you want info on 9. I'm not aware of any that have been done, though perhaps there have been. One place to look, at least to get more info on what's changed, is a list of CF9 tutorial resources gathered up (from many people) by blogger Akbarsait: http://www.akbarsait.com/cf9tutorials.cfm Going back to the move to CF8, one of the resources Josh points to is a blog entry of mine which may also interest you: http://www.carehart.org/blog/client/index.cfm/2009/8/10/cf8_migration_resources I'll say as well that certainly your move from 5 to 7 was huge, on two counts: CF6 had been a major rewrite of CF onto Java, and 7 added quite a lot. The move from 7 to 9 should be less challenging. It seems that there's been even more focus in recent releases to try to do no harm to existing apps, but of course there's always something that can have changed that might affect one user more than most, so testing is always vital. Finally, as Josh points out in his entry, don't forget the available Code Compatibility Checker that's built into the CF Administrator and has been for years. Of course, it's upgraded each release. It's not perfect, but it's a start. Hope that helps. /charlie -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Saturday, September 04, 2010 2:53 AM To: discussion@acfug.org Subject: [ACFUG Discuss] Upgrading CF7 to CF9 All, I am planning on upgrading from CF 7 to CF9. The last time I did a major upgrade was when I moved from CF5 to CF7. At that time, Macromedia provided documentation on exactly what to look for in your code before the upgrade. (mostly tag/attribute changes and deprecations.) I did find the following web page: http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cb ec17576-7fef.html However this page seems sparse in comparison to the documentation that I remember during my last upgrade. Has there not been any more deprecated tags and functions since CF7? Or does Adobe believe upgrading will be painless for all? If anyone can point me to additional documentation I would appreciate it. In addition, if anyone had a major issue during an upgrade from 7 (or 8) to 9, I would appreciate a heads up on what to watch out for. Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com
Re: [ACFUG Discuss] Upgrading CF7 to CF9
Dawn, Thank you. I did a scan and this application does not use ListToArray(), but I will double check a few areas because I know I use similar functions like ValueList(). I also understand your DB changes... I changed this site from SQL Server to MySQL 2 years ago. My day job uses Oracle while both my side jobs use MySQL. Thanks again, Frank On 09/04/2010 02:23 PM, Dawn Hoagland wrote: We recently moved an app from CF7 to CF9. The only issue language related that we ran into was that the arguments for the ListToArray() function (I think, I don't have the code in front of me) changed and caused a few unexpected results in some reports. Every other issue we had was moving the DB from SQL Server to Oracle - definitely a much bigger change... Dawn On Sat, Sep 4, 2010 at 1:57 PM, Frank Moorman stretch...@franksdomain.net wrote: Thank you Charlie. I will look at the blog entries. I have used the code checker and I have even used CF9 for two months on a development machine. But I still worry. I googled for the information before I created this email and I did not find much which makes me wonder if I am just cynical or too cautious about it being a clean move. (On an aside, sometimes I also think that being experienced means that you expect failure so that you can deal with it as soon as it happens, instead of going into denial that your code can't be at fault.) I remember the big changes and problems caused during the last upgrade (CF5-CF7). The move to java also moved the database drivers from ODBC to JDBC. When that occurred, parameter overloading on stored procedures was no longer supported and it caused us to rewrite many of our existing procs. In addition the JDBC change obsoleted the DBVARNAME attribute and changed all CFPROCPARAMS to be positional instead of identifying the variable. We searched for and corrected this as well as we could during testing, but I think the last positional error was not found until 4-6 months after the code hit production. The other big issue during the migration was the CF7 bug that did not run custom _javascript_ if you used any CFINPUT edits to check for data validity. We found this error about two weeks before implementation and ran around applying a workaround to each page this affected (about 125 pages if I remember correctly.) A few days after we finished putting in our workaround Macromedia came out with a patch for it. But before I keep droning on and on, Thank you for the information. Frank On 09/04/2010 12:01 PM, Charlie Arehart wrote: Hey Frank, at least with respect to the aspect of your jump including going "through" CF8, this blog entry from Josh points to several resource for those moving to it: http://blog.joshuaadams.com/index.cfm/2008/9/4/Upgrading-from-ColdFusion-MX-to-ColdFus ion-8 Granted, I know you want info on 9. I'm not aware of any that have been done, though perhaps there have been. One place to look, at least to get more info on what's changed, is a list of CF9 tutorial resources gathered up (from many people) by blogger Akbarsait: http://www.akbarsait.com/cf9tutorials.cfm Going back to the move to CF8, one of the resources Josh points to is a blog entry of mine which may also interest you: http://www.carehart.org/blog/client/index.cfm/2009/8/10/cf8_migration_resources I'll say as well that certainly your move from 5 to 7 was huge, on two counts: CF6 had been a major rewrite of CF onto Java, and 7 added quite a lot. The move from 7 to 9 should be less challenging. It seems that there's been even more focus in recent releases to try to do no harm to existing apps, but of course there's always something that can have changed that might affect one user more than most, so testing is always vital. Finally, as Josh points out in his entry, don't forget the available Code Compatibility Checker that's built into the CF Administrator and has been for years. Of course, it's upgraded each release. It's not perfect, but it's a start. Hope that helps. /charlie -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Frank Moorman Sent: Saturday, September 04, 2010 2:53 AM To: discussion@acfug.org Subject: [ACFUG Discuss] Upgrading CF7 to CF9 All, I am planning on upgrading from CF 7 to CF9. The last time I did a major upgrade was when I moved from CF5 to CF7. At that time, Macromedia provided documentation on exactly what to look for in your code before the upgrade. (mostly tag/attribute changes and deprecations.) I did find the following web page: http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cb ec17576-7fef.html However this page seems sparse in comparison to the documentation that I remember during my last upgrade. Has there not been any more
Re: [ACFUG Discuss] ACFUG Meeting is Tonight
...the top people from Adobe responsible for ColdFusion Server and Builder... You make that sound like it is going to be a rant session... Do we get to beat them over their heads with iPads? :-) On 08/03/2010 02:14 PM, John Mason wrote: Just a reminder that the ACFUG meeting is tonight. This is a great chance to meet with the top people from Adobe responsible for ColdFusion Server and Builder. August 2010 ACFUG Meeting Date Tuesday, August 3, 2010 Dinner Schmoozing 6:00 PM Meeting Time 6:30 PM to 9:00 PM Location EchoEleven [Directions] Dress Anywhere from casual to business formal Price FREE! RSVP for this meeting! Add to Outlook calendar. Topics Meet Adam Lehman and Rupesh Kumar The ColdFusion product manager from Adobe Adam Lehman and Rupesh Kumar, the senior computer scientist of the ColdFusion team will be in town and we're moving our meeting to Tuesday night so it can be possible for people to get a chance to meet with them and provide suggestions for features in future releases of ColdFusion Server and Builder products. CFUnited Review Depending on time, we'll go over the topics and sessions from the recent CFUnited conference. It is possible this may get moved to our next meeting. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] disappearing variable values
I remember the older version of Blue Dragon in which you could use FORM and URL scopes interchangeably. But what really scares me is when I see code that drops the scope all together... (And I see far too much code like this even today.) On 07/14/2010 12:29 PM, Dusty Hale wrote: Yea I'm familiar with that from the Fusebox days where form and url become attribute scope but no none of that in this app. On Wed, Jul 14, 2010 at 10:50 AM, Steve Ross nowhid...@gmail.com wrote: You aren't doing any variable scope copying in your app.cfm are you? Sometimes people choose to make their form vars and their url vars combined so they only have to check one... just a thought. On Wed, Jul 14, 2010 at 10:47 AM, Charlie Arehart char...@carehart.org wrote: Dusty, I really can’t see “donorid” being something the CF would have a problem with. :-) Let’s see if we can get to the bottom of this. First, to be clear, I tested it on CF8 (8.0.1) and did not experience it. Let’s confirm: are you on 8 or 8.0.1, just in case that may make a difference. But I suspect it’s something else. Second, are you saying that if you run the code right now (on your server), you still have the problem? Third, how about this: if you drop it into a new template that has no code other than this, does it still happen? Finally, if you put that file into a new directory with a blank application.cfm (so that you’re not inheriting any other), does it still happen? As I tell people all the time when they bring me in to consult on solving CF troubleshooting problems (big or small), there is always an explanation—it just isn’t always what it seems at first. /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Dusty Hale Sent: Wednesday, July 14, 2010 2:02 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] disappearing variable values I've had a similar thing with url variable: cfparam name="url.myvariable" default="The Sky is Blue" cfparam name="url.donorid" default="Roses Are Red" pThe value of url.myvariable is: cfoutput#url.myvariable#/cfoutput/p pThe value of url.donorid is: cfoutput#url.donorid#/cfoutput/p cfif url.donorid is ""pIt's Empty/p/cfif cfabort For some reason url.donorid always disappears unless there is an actual passed variable in the url. However, in theory the cfparam tag should set the default if none in the url. But no. It comes out an empty string. Here's the really strange thing because it seems to be just the variable name "donorid" and if I change the name then no problem. I'm on CF8 and this little quirk drove me nuts in an application trying to figure out why. On Tue, Jun 22, 2010 at 5:23 PM, Troy Jones t...@dynapp.com wrote: I am having a perplexing issue. Has anyone ever had an instance where it seemed as if a variable just “poofs” into thin air? For example, when I run the following code: cfdump var="#attributes#" cfdump var="#pageID#" cfdump var="#thisPage#" cfset testVar = thisPage.form_id cfoutputthisPage.form_id = #testVar#/cfoutput cfif attributes.mode is "do" cfset thisForm = application.com.lib.getData("vformfields","form_id = #testVar#","field_sortorder") The variable “testVar” exists up until the setting of “thisForm” which I’ve verified with the cfdumps. At that point, when #testVar# is called, it is passing a NULL value to the SQL statement and throwing an error. I’ve tried recreating the error with a standard cfquery tag just to see if something was getting jacked up in the function call, but it had the same result. It’s as if the value just ran away and left. I’ve never seen anything quite like it and have run out of tails to chase, so to speak. This is on CF9 Enterprise, for anyone who needs it and any help would be greatly appreciated. Troy Jones - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -- Dusty Hale - President Hale Technologies, Inc. Email: du...@dustyhale.com Phone (Toll Free USA): 1.877.841.3370 Phone (Atlanta): 1.404.474.3754 Website: www.DustyHale.com - To unsubscribe from this list, manage your profile @
Re: [ACFUG Discuss] I find myself where I have tried to avoid going. A short rant and then a question. Would love some feedback.
I agree that from the business point of view the most important figure is the lowest cost of ownership. Also, that a most cases good CF programmer can build an app cheaper then a comparable app in PHP even when considering the higher initial cost of CF server and the slightly higher wages of the CF programmer. (due mostly to rapid app development.) However the money argument falls flat in one overriding aspect: Most non-technical business people do not understand technology. Without this knowledge they are more than likely to look at pure price comparisons without knowing about the real cost of labor and maintenance over time. When this happens, the cost of PHP (free) along with a cheaper source of programmers will always win. Here is a personal example of business people calculating the costs... Right before I started with CF, I was using everyone's favorite language to bash: COBOL and JCL. I worked at a large telecommunications company (component of the DJIA,) and I was outsourced followed by offshored. The outsourcing company said that it was purely financial in nature in that a local developer cost $90/hr while the cost associated with a offshore programmer was $30/hr. (These were the billing total of the outsourcing company and not only included my wages by my share of my manager wages and so on up through the levels.) I was able to quickly secure a new job when the off-shoring occurred which meant that my position was the first to be replaced. I kept close ties with my co-workers and found out that the first task of my replacement(s) was to remove a single step from each of 20 related JCL procedures. (They were clones of each other.) I could have easily done an tested this process in 8 hours; however the three (yes, three) replacements that did this work billed a total of 120 hours to complete it. Admittedly, I had pre-existing knowledge of the system, but anyone that knows JCL and is told the exact step to remove would not need much additional knowledge in order to accomplish the task. But, not only did it take them so long to accomplish, when they moved the procs to the production environment nearly all of the jobs failed. They failed because of parameter overides in the changed procs. Essentially, when removing the step, they failed to remove parameters that were only referenced in that step causing a syntax error in the JCL. Long story short, they never tested what was moved or even performed a simple syntax check on the modified codes. Now, here is where the money kicks in: Cost to client for me to do it: $90 x 8hrs = $720 Cost for offshore devs to do it incorrectly : $30 x 120hrs = $3600 Clearly my knowledge and experience shows that by keeping me, the client would save $2,820. However, to the non-technical business manager assumes that all programmers are the same, and in doing so thinks that I too would take 120 hours costing $10,800. So to the non-techie, he/she thinks they saved the company $7,200 when it really cost the company $2,820 more. (of course at this time any MBA would ask for a bonus/raise for saving so much money and get rid of anyone that argues against their math. :-) ) So money is the most important aspect to a business person, but make sure that you include educating the business people into the realism of development. --Frank On 07/10/2010 01:44 PM, Shane Heasley wrote: As is usual, what is missing from this conversation is ... money. Geeks get emotionally attached to their technologies. The like this, they love that. This is "cool". To some it borders on religion - "Open source or death!". But what is important is the money. Business owners, non-profits, whatever, hire us to build a tool to fix a problem. We should choose thetechnologies to build that toolthat will provide the business owner with the lowest cost of ownership. In most cases everything else is secondary. I cannot think of any compelling reason to use PHP except that the company's IT team uses it and already know it. Even then, it would likely be cost effective over the long run to switch to CF. asp.net does have some compelling features and it is the only real competing technology to CF in my opinion. RoR has compelling features - but hasn't gained enough traction that I would recommend it as an enterprise level solution to any decent sized client. PHP is for amateurs and .net costs more to develop in. Java is ridicules to develop in from a cost perspective. Why use Java when you have a high level abstraction called ColdFusion that saves vast amounts of work and homogenizes the code base? Bottom line - you can build and maintainweb appsfor less money using ColdFusion. Period. CF is the clear choice. Now - Adobe needs to get their marketing act together. The have the best technology. CF needs resources put into development (time to get rid ofthe stupid bugs)and they really need to focus on the top 1,000 companies in the US.
[ACFUG Discuss] NCDevCon
I'm just interested in know how many people (and who) are going to make the drive to NCDevCon this weekend. Also, if anyone is from the area (or went to school there), what are the local hot spots (aka watering holes) for Saturday night (and possibly Friday night) I will be in attendance and I already have may stay booked at the local Clarion (recommended by the conference) - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] amp; showing up in the database
All, I was wondering if someone could help me track down a bug... I am using Coldfusion 7 with MySQL 5.1. Every query in the application is using CFQUERYPARAM and I am not sure if this is important to this particular issue, but Global Script Protection is enabled on the server. My problem is this, a user enters an ampersand into a form field. The field gets stored in the database with amp; replacing every . When I read the data from the table for display to a web browser I output it using HTMLEditFormat to produce standards compliant pages. However, this takes the data and changes it to amp;amp; displaying amp; in the web browser. I need to display to the users without the amp; I know that I could remove all of the HTMLEditFormats and that will work, but in my mind that is not the problem and I would prefer to fix the real issue and not just the symptom. I would like to get actual 's on the table not amp;. I also thought of using triggers to stop the issue but to me that also is just treating the symptom. Does anyone know what is actually causing this behavior so that I can actually fix it at the source? Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] amp; showing up in the database
Dean, Thank you. I went to get code snippets to prove that HTMLEditFormat was not being used on the insert. It isn't but I did find the real problem when I went to grab the code... The action page takes the submitted form variables and calls the component to do some minor calculations and the insert/update/delete as necessary. No special editing is done here other than making sure the data is properly formatted. However, I realized that javascript is the culprit. The form page is dynamic in that it allows you to any number of items, select from a pre-existing list, enter your own item manually, and change the order on the fly (The sequence of entries is important.) The javascript copies all entries from the INPUT's to a table displayed to the user. It then clears the INPUT to use for the next item. When the user submits the form, the onSubmit function is called which uses javascript to concatenate all of the entries into a list which it then stores in a hidden input element. (The list is later processed in the component.) However, because javascript is copying from inside a table using the innerHTML property instead of a value property, it is copying the HTML equivalents, not the original values. These HTML equivalents are where I am getting my special characters transformed to escape codes. I'll end up fixing this by adding a few regex functions to my code before processing either in the onSubmit function or in the CFC. (Just FYI, I concatenate my lists with a CHR(10) which is a ascii value (Line Feed) that can not be entered into a browser. This in turn allows the end user to type any symbol without fear of them screwing up my list separator.) Thanks again, Frank On 05/15/2010 04:04 PM, Dean H. Saxe wrote: Someone is calling htmleditformat() on the insert... -dhs -- Dean H. Saxe A true conservationist is a person who knows that the world is not given by his fathers, but borrowed from his children. -- John James Audubon On May 15, 2010, at 10:01 AM, Frank Moorman wrote: All, I was wondering if someone could help me track down a bug... I am using Coldfusion 7 with MySQL 5.1. Every query in the application is usingCFQUERYPARAM and I am not sure if this is important to this particular issue, but Global Script Protection is enabled on the server. My problem is this, a user enters an ampersand into a form field. The field gets stored in the database with amp; replacing every . When I read the data from the table for display to a web browser I output it using HTMLEditFormat to produce standards compliant pages. However, this takes the data and changes it to amp;amp; displaying amp; in the web browser. I need to display to the users without the amp; I know that I could remove all of the HTMLEditFormats and that will work, but in my mind that is not the problem and I would prefer to fix the real issue and not just the symptom. I would like to get actual 's on the table notamp;. I also thought of using triggers to stop the issue but to me that also is just treating the symptom. Does anyone know what is actually causing this behavior so that I can actually fix it at the source? Thanks, Frank - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=gin.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Opa
Many gmail accounts were hit recently. http://www.pcworld.com/businesscenter/article/194635/drugdealing_spammers_hit_gmail_accounts.html "It isn't clear what's behind this wave of Gmail compromises. But in forum posts, Gmail users note that the hackers appear to be sending spam via Gmail's mobile interface -- which gives mobile-phone users a way to check their Gmail accounts -- and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam." --Frank On 04/26/2010 03:02 PM, Larry Nunn wrote: Yes, unfortunately I am suffering from this embarresment. My apologies to anyone (hopefully no one) that did in fact click the link. I'm in the process of investigating where the problem came from and I have a few leads so hopefully once I've determined the source I can publish what I discovered. - Larry Sent from my iPhone On Apr 26, 2010, at 2:17 PM, John Mason ma...@fusionlink.com wrote: I'm assuming at this point that your email account has been hacked? John ma...@fusionlink.com Thomas Nunn wrote: http://sites.google.com/site/sdfft4y5htwhg/dasm2w - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-
Re: [ACFUG Discuss] validating credit card numbers with CF
I definitely agree with Steve. Once bitten, twice shy. I enjoy the things that CF does for me on the server side, but I use my own _javascript_ and Ajax on the client side. One of the reasons is the form validation I mentioned earlier, but the other is that I was starting with Ajax before CF8 was even released. I have already created code and ways to do things that work. I am sure that everyone will agree that it is not wise to fix code that is not broken. Going forward, I still do not plan on using CF's ajax or even CFFORM. In my mind it is easier to keep consistency in the code base and do everything the same way across different pages. Unless there is a compelling reason to justify spending the time to use a new way. Once you have the logic and common _javascript_ libraries in place, it is really just as easy to "roll your own" code as it is to use CF's implementation. I admit that I did not know of the new form features for "submitonce" or "datefield" that Charlie mentioned, but I have already solved these issues in my own custom code. I agree with Steve's reasoning and while I am a supporter of CF, by using my own work on the front-end, it will make it easier for me to change the back end if I ever have the need or requirement. (For the record, I also believe in avoiding any proprietary SQL commands to always keep porting options open.) Now I do agree with Charlie in that the client side features of CF are very useful and they also have the huge benefit of making it quicker and easier to develop and roll out new applications. But in my mind the big issue is where you want to spend your time debugging? _javascript_ can be a huge pain to debug, but it is better than being forced to find a workaround or wait until Adobe patches a problem in CF. (I believe that CF is well tested, but errors do occur and when the big ones happen, managers do not like being told it can't be fixed...) --Frank On 03/11/2010 04:10 PM, Steve Ross wrote: The inherent problem with using any framework that has been distributed with/embedded in CF is that there is no upgrade path for the embedded framework unless Adobe decides to release a patch. So when you find that bug or your designer asks you to implement their great customization to that cfmenu you will have to hack at to get it to work (and deal with deploying your hacks) OR like me you just decide it isn't worth it and it would be a lot easier if you just roll your own solution (or in my case choose something like jQuery that has a TON of community support). Speaking more about the built in validators, they work fine when you ONLY use them and them alone. If you need to validate some custom js code and then let CF's validators fire at the same time you will have issues. Or you will end up ditching CF's because you wan't to control how you notify the user etc. Also I just found a bug in cf8 where cfajaxproxy is doing some weird re-writeing of my cfc path. Again, more ammunition as to why I don't like the built in because there is a point on a large project where you will get to a place where it causes more headaches than fixes them. These may sound like edge cases but, again I'm just saying why *I* stay away from the built in cfform, cfajax, cfmenu (display/framework) oriented tags. -Steve On Thu, Mar 11, 2010 at 3:27 PM, Charlie Arehart char...@carehart.org wrote: See. :-) With all due respect and admiration, Steve, that’s just the sort of attitude I’m railing against. I think it’s just dead wrong to flatly reject the tag outright, suggesting that it should NEVER be used. :-) Again, I get that for SOME people and for SOME situations, there may be reasons that it doesn’t work for you. Goodness, that’s true with just about anything, right? But before accepting that bold dismissal, I hope that some who’ve heard only that sort of ill regard for it will take a look at the article I pointed out below, where I highlighted a few ways that CFFORM and its subsidiary tags have evolved fairly significantly over the years. Some of them are quite valuable, such as the “submitonce” validation that was added to help prevent users from hitting submit twice on a form, or the cfinput type=”datefield” which offers a very useful popup calendar. Granted, many have the chops and motivation to craft such features by hand or may choose to use scripts (or entire libraries) they get from elsewhere, and there’s no denying that becoming versed in a new ajax library can bring still more value in features that perhaps Adobe hasn’t yet implemented. But my whole point is that for a great majority of users, having the feature built-in without any need for coding is simply a valuable asset that shouldn’t be dismissed so readily and completely. Again, I’d recommend people take in the various perspectives but give caution to outright dismissals. That just isn’t due diligence. But hey, mine is indeed just
Re: [ACFUG Discuss] validating credit card numbers with CF
I used to use CFFORM with CFINPUT until I got burned by ColdFusion 7. When CF7 was first released we upgraded. One or two weeks before our implementation, we found out that their was a major bug (i.e. one that affected many pages in our apps) If you used both CFINPUT's validation routine and added your own custom _javascript_ validation (for business logic that CF wouldn't handle) only one would execute (I forget which one.) We had to scramble for a workaround. We did create a _javascript_ solution (Something like ) but then we needed to apply it to 200 or 300 forms throughout our applications. One or two months later Macromedia fixed the problem, but by then we already started moving to use our own _javascript_ exclusively and when you have a common js include, it really is not that difficult to avoid CFFORM/CFINPUT. Frank On 03/10/2010 02:14 PM, Charlie Arehart wrote: Yep, Shawn, but I realize this is a subject about which some are passionate (and I don’t mean Dean, who has rightfully earned his place in the security pantheon), but I mean others who may have heard bad things about CFFORM (whether they really ever affirmed any issues) and would want to warn others or claim that my suggestion was naïve and leading lambs to slaughter. :-) I’ve seen it so often over the years, that I just didn’t want to have them kick the door in to make their point but rather just open the door so they could make their point without any violence. :-) /charlie From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of shawn gorrell Sent: Wednesday, March 10, 2010 1:14 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] validating credit card numbers with CF Why wouldn't someone use CFFORM for the client side convenience (not validation, because it is not validation)? If it meets your needs, it is often the fastest way. Purists like that are part of the reason why I have problems with the development community at large. Why make anything any more complex than absolutely necessary? We're in the business of solving functional and non-functional requirements, and there are no style points awarded for being a cool-guy programmer. From: Charlie Arehart char...@carehart.org To: discussion@acfug.org Sent: Wed, March 10, 2010 12:38:10 PM Subject: RE: [ACFUG Discuss] validating credit card numbers with CF And while the back-end validation is of course vital, if you want to do it on the front-end as well (in _javascript_), note that it’s a built-in feature of CFINPUT, validate=”creditcard”. Yes, yes, I know that purists would never use CFFORM, and I know that you can’t rely on client-side validation for security because it can be circumvented and won’t work if JS is disabled on the browser, yadda, yadda. That’s why I note that this would be subsidiary to server-side validation. Still, it’s a lot more user-friendly to catch it on the front-end first, if you can. All that said, I suppose some will still have more to say. Shields up. Engage. :-) /charlie - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - -To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com-