[ACFUG Discuss] GetAdminHash error in CF Admin
I recently strarted getting the following error while trying to access the CF admin module. The getAdminHash method was not found. Either there are no methods with the specified method name and argument types or the getAdminHash method is overloaded with argument types that ColdFusion cannot decipher reliably. ColdFusion found 0 methods that match the provided arguments. If this is a Java object and you verified that the method exists, use the javacast function to reduce ambiguity. I did some searching and it seems like this was a fairly common thing for people who have updated their versions of CF, especially going back to 6.1 and 7. But we have a relatively new install of CF9. This was not an update and there are no old versions of CF running on the server. My main application is working fine, but we can't get into the administrator. I also found some advice about clearing out the cfcache folder and setting the admin security to false. I've tried both of these solutions (and yes I stopped and restarted services after each change). Any suggestions? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] GetAdminHash error in CF Admin
Thanks for the response. I found the same response. But it sheds no insight on this particular installation. This was a newly built machine for the sole purpose of hosting a new CF9 environment. We are running under IIS and I see that the virtual directory for CFIDE is pointing to the correct location. I *am* checking with sysadmin to find out if they ran any updaters or hotfixes in the last 2 weeks. I believe I used the cfadmin module as recently as 1 week ago with no problems. On Thu, May 13, 2010 at 10:31 AM, Troy Jones t...@dynapp.com wrote: I did some brief Google searching and found this article: http://www.houseoffusion.com/groups/cf-talk/thread.cfm/threadid:42479 When you say that you have a relatively new install of CF9 and there are no old versions running on the server, does this also mean that there were never any versions installed previously at all? Is it possible that there were previous versions installed and that the CFIDE folder is outdated or does not belong to this version? Troy Jones ___ Troy Jones | Director of Technical Services | Dynapp Inc | 1-800-830-5192 ext. 603 | dynapp.com | facebook.com/dynapp -Original Message- From: ad...@acfug.org [mailto:ad...@acfug.org] On Behalf Of Gerry Gurevich Sent: Thursday, May 13, 2010 10:20 AM To: discussion@acfug.org Subject: [ACFUG Discuss] GetAdminHash error in CF Admin I recently strarted getting the following error while trying to access the CF admin module. The getAdminHash method was not found. Either there are no methods with the specified method name and argument types or the getAdminHash method is overloaded with argument types that ColdFusion cannot decipher reliably. ColdFusion found 0 methods that match the provided arguments. If this is a Java object and you verified that the method exists, use the javacast function to reduce ambiguity. I did some searching and it seems like this was a fairly common thing for people who have updated their versions of CF, especially going back to 6.1 and 7. But we have a relatively new install of CF9. This was not an update and there are no old versions of CF running on the server. My main application is working fine, but we can't get into the administrator. I also found some advice about clearing out the cfcache folder and setting the admin security to false. I've tried both of these solutions (and yes I stopped and restarted services after each change). Any suggestions? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?falogin.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] GetAdminHash error in CF Admin
Problem solvedapparently they had installed CFIDE in the default webroot. We had another developer copying some files from the web root of another server to this server and he overwrote the CFIDE folder with an older version. So...all the info about this problem being from a mismatched version of CF and the admin appears to be good advice. On Thu, May 13, 2010 at 10:44 AM, Gerry Gurevich gerry.gurev...@gmail.com wrote: Thanks for the response. I found the same response. But it sheds no insight on this particular installation. This was a newly built machine for the sole purpose of hosting a new CF9 environment. We are running under IIS and I see that the virtual directory for CFIDE is pointing to the correct location. I *am* checking with sysadmin to find out if they ran any updaters or hotfixes in the last 2 weeks. I believe I used the cfadmin module as recently as 1 week ago with no problems. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Web Service Problem
A little clarification of my initial description: I had indicated that the SOAP envelope was formed wrong...but it turns out that this was the tool that I was using to generate the SOAP request that was malforming the outbound request. Presumably it is because of something in the WSDL. But I'm investigating another tool. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Web Service Problem
Thanks Ruben. I had already downloaded SOAPUI, but was using a different tool on the recommendation of a colleague. Turns out it was the tool. Thanks also to Charlie for your suggestions. Sorry to bother the list with this non-issue. On Wed, May 27, 2009 at 12:59 PM, Ramirez, Ruben - Curtis 1000 rrami...@curtis1000.com wrote: I have used SoupUI (http://www.soapui.org/), which is in on the CF411 list. You give your WSDL address and it allows you to make requests. As Charlie mentioned, this will confirm if the problem is with the web service itself. The other reason this was a big deal for me is that it shows you what the soap request should look like. Whenever I have had problems with a web service, my soap request was wrong. Hope it helps, Ruben - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Web Service Problem
I’m trying to publish a web service for other users to consume. I’m running into a problem with the returned soap envelope. Please note that I can consume these services with CFINVOKE. That is not the problem. I’m trying to consume them on another platform. Any help would be greatly appreciated. Here are more details and the cfc is listed below. The WSDL definition comes out just fine. And the two hello calls work out just as expected. However when I try to call the add or echo functions, I get the following error: -- Attribute “xsd” bound to namespace “http://www.w3.org/2000/xmlns/” was already specified for element “soap:Envelope” The only difference that I can determine is that the add and echo functions have parameters while the hello methods do not. Here is a sample SOAP message with the error: ?xml version=1.0 encoding=utf-8?soap:Envelope xmlns:soap=http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:xsd=http://www.w3.org/2001/XMLSchema; xmlns:enc=http://schemas.xmlsoap.org/soap/encoding; soap:Body soap:encodingStyle=http://schemas.xmlsoap.org/soap/encoding/;SI:echo xmlns:SI=http://ws.hero.ncea;in xsi:type=xsd:anyType123/in/SI:echo/soap:Body/soap:Envelope Note that there is a duplicate entry for xmlns:xsd in the soap envelope. Here is a listing for my web service: simple.cfc cfcomponent output=false cffunction name = hello output=no returntype=string access=remote cfreturn 'Hello World' /cffunction cffunction name = hello2 output=no returntype=string access=remote cfset strOut=Hello World cfreturn strOut /cffunction cffunction name = add output=no returntype=numeric access=remote cfargument name=add1 required=yes default=0 hint= / cfargument name=add2 required=yes default=0 hint= / cfset var sum = cfset sum=arguments.add1+arguments.add2 cfreturn sum /cffunction cffunction name = echo output=no returntype=string access=remote cfargument name=in required=yes default=0 hint= / cfreturn '#arguments.in#' /cffunction /cfcomponent - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Cross Site Forgery Question
Forgive me if this came through and no one responded, but I didn't see my message in the list, so here goes again just in case. I've also added a little more info to my original scenario/question. I was trying to respond to Shawn's statement: Something to understand is that action pages are not the only pages that can be exploited or part of an exploit. Can anyone give an example of a Cross Site Forgery exploit that would have an impact on a non-action page? Suppose I have a page that lists all of my users. http://somehost/myapp/index.cfm?event=showusers On this page, I execute a select query and display the results. If someone else tricks me into loading that page on my own machine using img src=http://somehost/myapp/index.cfm?event=showusers, then what is the risk? It would be a roundabout way to do a denial of service. But otherwise, it doesn't expose any information and doesn't cause any damage. I definitely understand the problem of not protecting the page http://somehost/myapp/index.cfm?event=deleteuser or http://somehost/myapp/index.cfm?event=deleteuseruserid=1. If I'm missing something, please let me know. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Cross Site Forgery Question
On Thu, Dec 18, 2008 at 10:18 AM, shawn gorrell chees...@yahoo.com wrote: Something to understand is that action pages are not the only pages that can be exploited or part of an exploit. Frinstance? Suppose I have a page that lists all of my users. http://somehost/myapp/index.cfm?event=showusers On this page, I execute a select query and display the results. If someone else tricks me into loading that page on my own machine using img src=http://somehost/myapp/index.cfm?event=showusers, then what is the risk? I definitely understand the problem of not protecting the page http://somehost/myapp/index.cfm?event=deleteuser or http://somehost/myapp/index.cfm?event=deleteuseruserid=1. If I'm missing something, please let me know. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Cross Site Forgery Question
Sorry, I posted to the wrong list initially. Here is my question for the discussion list: I've been asked to investigate this by someone at my company. They found this link as a CF solution. Do you all have any thoughts or opinions on the value of this approach? It seems to only work for form submit actions. What would you do if you had a link to an action page? How would you mitigate against this type of attack? Your thoughts are appreciated. - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
