>For best practices-sake, if the user forgets their password, you should
>only be able to generate a new one and email it out
I prefer not to send any password via mail (auto or user-generated. If a user forgets his/her password we do a couple of things:
1- user must type the registered email in
| Certainly storing hashes is better than passwords. However, you can't
| reverse hashes, which means that if someone forgets their password you
| can't figure it out for them. For some web applications that is a
| problem although I think offering to reset the password provides the
| same benefit,
> One of the most frequently seen security vulnerabilities
> on the internet today is a web application that will email
> you your password in plaintext.
Speaking of... A quick rant here...
Went to MAX this year. Got my registration packet and looked as my session
summary. As they have done in
> Yes, and very useful as are the other
> responses. That's what I was looking for.
Glad I could help.
> And if I understand it correctly, you can't
> un-hash a stored variable to read it, but can
> only compare a hashed Form.Password variable
> against what's stored in the db. Is that right?
Yu
That's right, you can't un-hash a stored variable.
For best practices-sake, if the user forgets their password, you should
only be able to generate a new one and email it out, and let the user
change it to something else.
-w
At 10:46 PM 1/4/2004, you wrote:
>Cameron Childress wrote:
> >
> > Ph
Cameron Childress wrote:
>
> Phew, that was a long answer
Yes, and very useful as are the other responses. That's what I was
looking for.
I already have the random, strong password generation part down. I
wasn't going to hash the password because the web app info really
isn't terribly private
> I would not suggest storing your passwords in plain text in the
> DB. Storing
> them in this manner leaves them vulnerable to anyone who ends up with
> access
> to that database. You may or may not consider the data in your web app
> important to your user, but most users will attempt to use
I would not suggest storing your passwords in plain text in the DB. Storing
them in this manner leaves them vulnerable to anyone who ends up with access
to that database. You may or may not consider the data in your web app
important to your user, but most users will attempt to use a password the
Why do you care if the password is unique?
Wouldn't your time be better spent making sure the password is mixed case
with letters and numbers so it can't be easily guessed? Or perhaps you
should write something that would de-activate the account if the user types
in the wrong password more than
Wherever possible we try to use an e-mail address as the username and then
generate a password and e-mail it to the user. That way, they are guaranteed
to give you a valid address as they can't get in without one... It also
covers the uniqueness angle as an e-mail address is unique.
Once the user
I want to enable users of my web app, upon creating their accounts, to
be able to select their own login password. When they create their
account, I'm comparing their proposed password with all other
passwords stored in a db to ensure that the proposed password is
unique. If it's not, though, I don
Jochem helped me convert the to_date function to work in MS Access and now I have a problem with to_char. When I run the script against an Access DB I get: Undefined function 'to_char' in _expression_.
For Oracle SQL=My script is:
SELECT fromdate1
FROM leaverequest
WHERE (('#UCase(DateFormat
> You are executing a DLL from the browser (so to speak); which is
> different than an ISAPI application. I'm still under the impression
> that if you are loading a DLL in a browser you are not running that
> DLL as an ISAPI filter.
You're right that this DLL wouldn't be an ISAPI filter. However
>
> collection="teste"
> name="GetContentDB"
> type="SIMPLE"
> criteria=" #UserCriteria#"
> language="Spanish">
>
> Here begin my problem... Returns only if UserCriteria is EQUAL(exactly)
> any word in collection. Don't works with partial word.
When you specify TYPE="SIMPLE", you shouldn't sp
I couldn't tell exactly what was happening by looking at your example (It
seemed to mask the specific URLs and there was no "verder" button).
In the example you gave: www.mysite.com/application.dll?topage=mypage.html
You are executing a DLL from the browser (so to speak); which is
different
> Now it comes: when I want to work with Coldfusion and I also want
> the application function to work I have to use the "application.dll?
> topage="- in the urls, but the Coldfusion-functionality isn't working
> anymore. The webserver recognises the *.cfm extensions but not what is
> inside.
T
> Sorry, I meant to say "a set of controls for ColdFusion."
>
> There isn't anything inherently specific to .Net that allows such
> controls to exist, is there?
No, there's nothing inherently specific to .NET with regard to these
controls. However, you won't find much that's directly analogous to
Jochem van Dieten wrote:
> I just got an email from Rafael Quinones confirming that JavaCast()
> should work:
>
>
>
> factory = CreateObject("java", "coldfusion.server.ServiceFactory");
> ds_service = factory.datasourceservice;
> dsources = ds_service.datasources;
>
>
> encryptPasswo
Hi,
It's an isapi.dll directly called in the browser. With COM it communicates with database-driven software on the server. I don't think it has something to do with CGI. Unfortunately it isn't possible to access the databse directly either it's a weird Paradox DB.
With CFHTTP it's not possible t
> What's the other option to Evaluate()?
Square bracket notation, as described in my earlier email
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
Hello CFers,
I want to automate some information gathering.
Nasdaq.com has a list of downloadable ticker symbols.
The address is www.nasdaq.com//asp/symbols.asp?exchange=Q&start0 and
www.nasdaq.com//asp/symbols.asp?exchange=N&start0
I want my application to go there DL the new file into the same
I'm performing a query to get a list of users NOT assigned something. Once they're assigned to a particular team, I want to return to the page listing users NOT assigned to a team. I want to make sure, that if you appeared on the output, and were assigned a team previously, that when I come back to
What's the other option to Evaluate()?
- Original Message -
From: "Philip Arnold" <[EMAIL PROTECTED]>
Date: Sun, 4 Jan 2004 10:55:49 -0500
To: CF-Talk <[EMAIL PROTECTED]>
Subject: RE: Dynamic Array or Structure
Just one point, please don't use Evaluate() - it's incredibly slow...
Also, i
Thanx Phillip
"formField" is the original value of form field... used to compare with the changed form field...
Like this:
- Original Message -
From: "Philip Arnold" <[EMAIL PROTECTED]>
Date: Sun, 4 Jan 2004 10:55:49 -0500
To: CF-Talk <[EMAIL PROTECTED]>
Subject: RE: Dynamic Array o
When you access the DLL directly in the URL doesn't that mean you're
executing a CGI program; not calling an ISAPI filter?
IIS (or your web server) sees the DLL extension and doesn't recognize it
as a ColdFusion page; so therefore does not pass it onto the ColdFusion
server. It won't matter
There are plenty of _javascript_ menus out there that can be made to work with
CF, many are free as well.
Milonic are my favorite.
http://www.milonic.com/
Tim
-Original Message-
From: stas [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 04, 2004 11:56 AM
To: CF-Talk
Subject: Re
Sorry, I meant to say "a set of controls for ColdFusion."
There isn't anything inherently specific to .Net that allows such controls
to exist, is there?
P.S. This isn't a troll!
- Original Message -
From: stas
To: CF-Talk
Sent: Sunday, January 04, 2004 11:52 AM
Subject: GUI web controls
I've asked this a while ago but may be some new products came out on the
market since.
Does anyone market a set of controls similar to what's available here:
http://www.aspnetmenu.com/home.aspx
Thanks,
Stas
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Setting
I'm am struggling with this serious problem: we have software for pc, and the software engineer also made an ISAPI.dll to access the functions via a web page.
When you call a web page and you want to get the functions working on your page you have to make an url like this:
www.mysite.com/applicati
I'm am struggling with this serious problem: we have software for pc, and the software engineer of it also made an ISAPI.dll to access the functions via a web page.
When you call a web page and you want to get the functions working on your page you have to make an url like this:
www.mysite.com/app
Just one point, please don't use Evaluate() - it's incredibly slow...
Also, if you are, then use your quotes and pounds sparingly:
#evaluate("#formfield#")# is the same as #evaluate(formfield)#
But if you can, use scoping and square bracket notation
Square bracket notation works like this:
#evalu
I'm looking for tips, how to's, tutorials, code for auditing tool for my solution:
Please see this:
Original values for form fields have Original string append this names...
intQtyContentOriginal,strNameFirmsOriginal,EmailUserOriginal
datasource = "#dsn#">
ins
Chunshen (Don) Li wrote:
> Oops, Java was not a friend of mine :)
> Same result same err msg after using javaCast string function.
I just got an email from Rafael Quinones confirming that JavaCast() should work:
factory = CreateObject("java", "coldfusion.server.ServiceFactory");
ds_service
I think you can proceed without being a non-root user. Although it displays
the warning, you can still click on the next button.
On 4/1/04 12:39 am, "Philipp Cielen" <[EMAIL PROTECTED]> wrote:
> Installing ColdFusion MX for J2EE on OS X I get the warning message that I
> am installing as a non-ro
Keep up the good job with not smoking, its hard as hell, but well worth it
:-)
_
From: Cutter (CF-Talk) [mailto:[EMAIL PROTECTED]
Sent: Sunday, January 04, 2004 12:31 AM
To: CF-Talk
Subject: Re: Match to list item
Tim,
Thanks, that is exactly what I was looking for. I did look up the
35 matches
Mail list logo
