I have a site where the guestbook is a constant problem for me. I've
tried persuading the radio station management that they really dont
want a guestbook but they see it as an important way to interact with
the listeners.
We'll get a fan of a show saying how the host is wonderful - a dream -
'a r
It's a beeze! Rick, if you need me to generate you one, let me know, just
send me the request.
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains informa
+1 on OpenSSL.
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and may also be privileged. It is for the exclusive
Download OpenSSL and follow the directions to make a self signed one. It's
a real PIA. We had to do one for a dev server that had secure content. It
was not fun.
Eric
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, 07 August 2006 22:19
To: CF-Talk
Subj
Unfortunately, I host many different domains, not just one primary domain
and subdomains...so GoDaddy's wildcard wouldn't be of much use...
Rick
-Original Message-
From: Jeff Garza [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 11:38 PM
To: CF-Talk
Subject: RE: SSL Certificates
> I've been looking around on Google for some info on making a
> self-signed cert, but haven't found anything that makes sense.
>
> Is there some software or something built into IIS 5 that
> allows me to make self-signed certs? MakeCert.exe?
There's nothing built into IIS to do this, but ther
> Are you certain about that, Dave? I didn't see anything in
> the text that would indicate all the sites had to be part of
> the same domain...I now wildcard certs seem to work that way
> now, but perhaps it's different in Win 2003 Server and IIS 6?
Certs are certs - there's nothing OS-specif
GoDaddy, wildcard cert... $299 for one year. Unlimited use for however many
servers/sites/etc...
We just implemented one and we've installed it on ~8 servers already for 10
different aliases for our domain...
Foo.mydomain.com
Bar.mydomain.com
Etc...
--
Jeff
-Original Message-
From: Ri
Well, now I see on MS's site that there's built-in capability for creating
self-signed certs in IIS 5. But it doesn't say anything about being able
to use them with multiple sites and host headers...
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 0
> I see. That would only work if your sites were within the same domain,
however.
Are you certain about that, Dave? I didn't see anything in the text that
would
indicate all the sites had to be part of the same domain...I now wildcard
certs
seem to work that way now, but perhaps it's different in
But even if I make my own cert for the one website that needs it
right now (another will need one shortly), will it work with a host header?
Or would I simply not use a host header for that particular site with IIS 5
and have the site identified by the cert?
Rick
-Original Message-
From:
I've been looking around on Google for some info on making
a self-signed cert, but haven't found anything that makes sense.
Is there some software or something built into IIS 5 that allows
me to make self-signed certs? MakeCert.exe?
Rick
-Original Message-
From: Dave Watts [mailto:[EMA
Bummer...
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 11:09 PM
To: CF-Talk
Subject: RE: SSL Certificates
> If I'm reading the text below from MS's website correctly, then IIS
> can support multiple websites with host headers, but only with
> recruiters. It's time that we had a way for these companies to get bad
> press and therefore have a hard time finding people until they change
> their ways.
If only f**kedcompany.com didn't charge for their records now!
~|
Int
> If I'm reading the text below from MS's website correctly,
> then IIS can support multiple websites with host headers, but
> only with a wildcard certificate...
I see. That would only work if your sites were within the same domain,
however.
Dave Watts, CTO, Fig Leaf Software
http://www.figlea
> Public perception is not a problem...I'm hosting a non-public
> office application for an insurance agent, which will have no
> pages for the public to view.
In that case, you don't need to buy anything at all. Just use a self-signed
certificate as Jim suggested.
> A "self-signed" certificate
> I can upgrade to Windows Server 2003 R2, Web Edition with
> II6, which does support SSL and Host Headers for only $400!
Again, I don't think this is the case, because of the way that SSL and host
headers work. You can use one, or the other, but not both.
Dave Watts, CTO, Fig Leaf Software
http
If I'm reading the text below from MS's website correctly,
then IIS can support multiple websites with host headers,
but only with a wildcard certificate...
Here's the text copied from their site at
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5
96b9108-b1a7-494d-885d
Heh.. Funny you should mention that..
Hopefully i will be starting a new site in the next 6 months or so..
already bought the domain..
www.recruitersthatsuck.com :-)
On 8/7/06, Matt Williams <[EMAIL PROTECTED]> wrote:
> Should allow for positive comments too... Feedback as it were.
>
>
> On
Public perception is not a problem...I'm hosting a non-public
office application for an insurance agent, which will have no
pages for the public to view.
A "self-signed" certificate offers the same security as one
that I purchase?
Rick
-Original Message-
From: Jim Wright [mailto:[EMAIL
True! and again, Adobe will continue to support, so when can we put an
end to this cyclical topic!!
Eric J. Hoffman
Managing Partner
2081 Industrial Blvd
StillwaterMN55082
mail: [EMAIL PROTECTED]
www: http://www.ejhassociates.com
tel: 65
Whoa! Wildcard certificates, even at GoDaddy.com, are $300 per year!
I can upgrade to Windows Server 2003 R2, Web Edition with II6, which does
support SSL and Host Headers for only $400!
Anyone hosting on Windows 2003 Web Edition with II6? Any reasons
why I need or would be much better off hosti
> Rats! After I installed my certificate and couldn't access
> the secured site, I started digging around and found out that
> IIS 5 and Win 2000 Server can't use Hosting Headers and SSL!
>
> I host multiple websites and I use Host Headers to do so.
>
> Am I understanding correctly that I'll h
On 8/7/06, Rick Faircloth <[EMAIL PROTECTED]> wrote:
> Thanks, Dave...some reading I was doing after posting finally confirmed
> that I would have to have 1 certificate for each domain, or either purchase
> a multiple domain (up to 4 domains) certificate for about $500!
>
> Rick
>
I would do some
Should allow for positive comments too... Feedback as it were.
On 8/7/06, RobG <[EMAIL PROTECTED]> wrote:
>
> After this thread over on CF-Jobs about that posting from
> "accessiblecomputing.com" and the guy who posted the job being a prick
> to one of the list members who took issue with his pos
Rats! After I installed my certificate and couldn't access the secured
site,
I started digging around and found out that IIS 5 and Win 2000 Server can't
use Hosting Headers and SSL!
I host multiple websites and I use Host Headers to do so.
Am I understanding correctly that I'll have to upgrade t
> And to touch on a post someone else made to the thread: It
> would have to be a license free EAR or WAR that gets
> "exported"; needing licenses for these apps defeats the idea
> that I think was key to that part... the "free" & EOD (Ease
> Of Deployment ;)... Maybe competition/extension with
Let me suggest that you get a wildcard certificate, in case you are
hosting multiple web sites for the same domain.
www.domain.com
Mail.domain.com
Intranet.domain.com
Etc.domain.com
-Original Message-
From: Rick Faircloth [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:46 PM
T
Joe I like your idea Ben mentioned Converting to Proper before Updating the
DB
SO:
>
>
>
This works great. Using Lower case becuase CapFirst converts to upper but
doesnt check for case in advance.
This is going to be a global fix on several data entry forms. so I dont
thing I care much abo
Thanks, Dave...some reading I was doing after posting finally confirmed
that I would have to have 1 certificate for each domain, or either purchase
a multiple domain (up to 4 domains) certificate for about $500!
Rick
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Mo
> I just purchased my first Security Certificate and need to
> know how to apply it to my server / sites.
>
> I host multiple sites. Would the certificate apply to my
> server and therefore to all the sites on my server or would
> each site have to have its own certificate?
Certificates apply
Ok...I'll give that a try...sure sounds easier than all the hoops I've been
jumping through, so it's probably correct!
Thanks, Michael...
Rick
-Original Message-
From: Michael Wolfe [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 8:59 PM
To: CF-Talk
Subject: RE: Trying to get m
On 8/7/06, Tanguy Rademakers <[EMAIL PROTECTED]> wrote:> CF
without a server would be fairly useless for web sites / services,
> no ?
My bad for not making it more clear - you would still deploy your cf apps in
a J2EE server just like you do today.
--
It was clear over hear. Er. Here, even. I mea
Rick,
You should be able to set up multiple domains in the ArgoSoft administrator.
In order to lock down relaying, you have two options:
First, enable the option to allow relaying. Then, either enable the option
to require user authentication, or limit the IP address to 127.0.0.1 (or
whatever th
This statement in itself is two sided already, so I'd say go with the
survey:
RobG wrote:
> "...right down to the same white spacing, line breaks, and even coding
> methodology (and I don't mean Fusebox)."
In my view this isn't necessarily a bad thing. If your coding standards
suck, and you do
Oh oh... you used the M-word, now I feel obligated to provide the
Firefox alternative;
http://livehttpheaders.mozdev.org/
Although I must say that Fiddler has more features.
Mingo.
Brad Wood wrote:
> Ever used MS Fiddler. It can be a very handy tool to track down pesky
> 404's you don't e
> I think this is an incredibly bad idea, unless by "worthwhile" you mean
> "lawsuit magnet".
You hit it right on the head Dave.
Rey
~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date Col
Hi, guys.
I just purchased my first Security Certificate and need to know how to apply
it to my server / sites.
I host multiple sites. Would the certificate apply to my server and
therefore
to all the sites on my server or would each site have to have its own
certificate?
Rick
~~
If you want to change the case of all the elements in the form
structure, you could loop of them like so:
Or, you could loop over a subset of field names just to modify the
ones you want to change.
--
Joseph Lamoree
~~
+1
..:.:.:.:.:.:.:.:.:.:.:.:.
Bobby Hartsfield
http://acoderslife.com
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:31 PM
To: CF-Talk
Subject: RE: Tired of lousy companies & recruiters
> My intention isn't to slander companies or re
I agree...time for some transparency for all sides...
Rick
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:24 PM
To: CF-Talk
Subject: RE: Tired of lousy companies & recruiters
Sounds like a great idea. I would suggest in order to be
I agree with Ken. I think that is a MUCH safer idea.
...
Ben Nadel
www.bennadel.com
-Original Message-
From: Ken Ketsdever [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 6:48 PM
To: CF-Talk
Subject: RE: Tired of lousy companies & recruiters
I agree...
It i
I agree...
It is both a good concept and a litigation magnet.
I would consider something like a survey that someone could fill out.
Ratings 1 - 10
Would you use this recruiting company again?
How would you rate your overall experience with the recruiting company?
How would you rate your overa
> My intention isn't to slander companies or recruiters, but to
> simply post facts about the position and the management
> there. Here's an example:
>
> "It turns out I was hired not to be a developer, but rather
> to BE the guy who hired me. His anal-retentive nature
> required me to write
Sounds like a great idea. I would suggest in order to be fair, once an
issue is put up, the company has the ability to post a reply, then the
poster gets to post his reply to the reply, then that's it.
I'm all for giving the company a chance to present their side, but I
wouldn't want it to be a fl
Ever used MS Fiddler. It can be a very handy tool to track down pesky
404's you don't even realize are there like js includes, css etc.
~Brad
-Original Message-
From: Kris Jones [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 5:17 PM
To: CF-Talk
Subject: Re: Weird CF error...
M
Unfortunately it would never work - and would no doubt give you no end of
grief.
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
My understanding is that the favicon.ico file gets requested with
every page. If it's not found, a 404 (or sometimes some other error)
is thrown. But the page being requested is getting returned, so
there's no error returned to the user per se. It's kind of like when
an image on a page isn't at the
I think it theory it's a good idea - people looking out for people... But in
reality people would FREAK OUT over stuff that was posted and probably cause
you more of a head ache that you would like.
...
Ben Nadel
www.bennadel.com
-Original Message-
From: RobG [mailto
On 8/7/06, Ray Meade <[EMAIL PROTECTED]> wrote:
>
> I see. Well converting a script of this size and complexity could take me
> forever (if I'm even capable of it being a newbie and all), but I guess I
> have no choice if I want the app. to be able to print checks and insert the
> check amount in t
After this thread over on CF-Jobs about that posting from
"accessiblecomputing.com" and the guy who posted the job being a prick
to one of the list members who took issue with his posting, I'm once
again wanting to setup some sort of website where consultants, employees
or whomever can post abo
Oh, I get it. The entire sentence isn't backwards, they put the
adjectives/adverbs in different order. That's true. :) It's that way
with all romance languages.
> -Original Message-
> From: Denny Valliant [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 07, 2006 3:53 PM
>
> On 8/7/0
On 8/7/06, Munson, Jacob <[EMAIL PROTECTED]> wrote:
>
> > IE: spanish is written backwards as far as sentences are concerned
>
> That's news to me! Are you referring to the punctuation coming at the
> beginning of the sentence as well as the end (for ? and !)? Other than
> that, I can't figure ou
Try using CapFirst() from cflib.org, works great, though you will still have
to write a regex for things like "McMillan".
Thanks,
Mark
-Original Message-
From: Richard Dillman [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 5:14 PM
To: CF-Talk
Subject: Proper Case
Just wonderin
On 8/7/06, DRE <[EMAIL PROTECTED]> wrote:
> Hi, I've run across this view in a sql 7 db. Please note right after
> the from clause, there looks like a table name before any of the join
> parameters and lots of parenthesis in the same area. I've never seen
> this and I couldnt find it in any of my
> Do you have any scripts that you can share?
Well, no, unfortunately.
The reason for this is that there are various approaches that you can take
to solve this problem, and these approaches are very dependent on what
you're trying to accomplish - it's not a matter of just having a script that
you
Interesting... Looks like several nested derived tables.
~Brad
-Original Message-
From: DRE [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 4:04 PM
To: CF-Talk
Subject: OT ? Sql View Weird Item?
Hi, I've run across this view in a sql 7 db. Please note right after
the from cla
You can always just send the data via flash remoting to a validation
CFC, and then send back a struct with a valid flag, and message. Alert
as necessary in the flash form.
~Brad
-Original Message-
From: Zaphod Beeblebrox [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 3:55 PM
To
I missed that, sorry.
DataMgr only handles the CRUD actions themselves.
For forms, I could offer my sebForms custom tags though...
http://www.bryantwebconsulting.com/cftags/
http://www.bryantwebconsulting.com/cftags/examples/
The version on the site is a little outdated though. I will try to up
Personally, I would put the values into proper case before putting them into
the database. That means you only have to process the text once... Not once
for each time you read it from the database.
...
Ben Nadel
www.bennadel.com
-Original Message-
From: Richard Dill
Just wondering if there is an Easier way of doing these things.
By default I submit all text fields to the DB:
dbvalue = '#lcase(form.field)#'
then with CSS Style my outputs as
#dbvalue#
for fields Like Name or Address...
Is this the best way to be handling this? Or is their some way to pass
That looks pretty nice. Thanks for posting it.
I think though that the OP was looking for a tool which also created the
form itself. Does DataMgr do this too?
-Original Message-
From: Steve Bryant [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 3:43 PM
To: CF-Talk
Subject: Re: C
Hi, I've run across this view in a sql 7 db. Please note right after
the from clause, there looks like a table name before any of the join
parameters and lots of parenthesis in the same area. I've never seen
this and I couldnt find it in any of my sql books. Can anybody share
any insight? It see
Hi, all.
I'm using ArgoSoft Pro Mail Server for sending email via CF.automated
notices,
email newsletters, etc.and I'm trying to enable the relaying without
creating
an open relay. I'm not quite sure how this is accomplished.
The developer of the software seemed to get a little lost when I was
d
Any strategies for displaying server validation errors in flash forms,
stuff like a duplicate email address that you only know once you make
a trip to the server?
I'd like to have it presented the same as the other validation errors
(client side ones)
Thanks
zB
--
Soy un perdedor
I'm a loser b
Warning, plug ahead (but for free, open source product):
Chad,
I have a solution (DataMgr) that does what I think you are asking for.
It is an object, but doesn't require you to do any OO in order to use it. Nor
does it require any major changes to the structure of your code.
http://www.bryant
As others have mentioned, use cfqueryparam for input, but you should
also use htmlEditFormat() for ALL output that could have originated
outside your application. This will escape all tags and should render
any javascript blocks useless.
M!ke
~
Ah...
That could make sense. When you "search" through the site, it uses virtual
pathing like so:
http://www.andyandjaime.com/index.cfm/searchdate/2006-07
But the thing is that I never GET the error in the browser. If that error
was generated, wouldn't it show up in the browser window?
-Or
Thanks all, PreserveSingleQuotes() solved the problem.
>That's by design. ColdFusion is escaping your single quotes.
>
>You need to either wrap your string in the PreserveSingleQuotes()
>function or, better, use
>
~|
Introduc
Dave,
Do you have any scripts that you can share?
Rey...
Dave Watts wrote:
>>Also, in MX7, look into the "Enable Global Script Protection"
>>setting on the settings page of cf admin.
>
>
> The protection this provides is minimal, at best. It's really no substitute
> for properly preventing XS
surely it should be the American incorrect way to write...
:)
"This e-mail is from Reed Exhibitions (Oriel House, 26 The Quadrant,
Richmond, Surrey, TW9 1DL, United Kingdom), a division of Reed Business,
Registered in England, Number 678540. It contains information which is
confidential and
No 404 error handler around. But even if there were, the favicon.ico file is
most definitely there. I also can't get the error to be duplicated which is
irritating me.
:
-Original Message-
From: Ben Nadel [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 2:07 PM
To: CF-Talk
Subjec
> Also, in MX7, look into the "Enable Global Script Protection"
> setting on the settings page of cf admin.
The protection this provides is minimal, at best. It's really no substitute
for properly preventing XSS attacks.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Softwa
> > I was under the impression that CFQUERYPARAM took care of all
> > of the SQL injection possibilities.
>
> All that I know of, but I understand hacker types to often be
> very creative and intelligent people. I always assume that
> they have, or will someday, figure out new attacks. The ho
That's by design. ColdFusion is escaping your single quotes.
You need to either wrap your string in the PreserveSingleQuotes()
function or, better, use
-Original Message-
From: David Carter
Sent: Monday, August 07, 2006 3:14 PM
To: CF-Talk
Subject: cfquery - single quotes become double
#PreserveSingleQuotes(sql_stmt)#
On 8/7/06, David Carter <[EMAIL PROTECTED]> wrote:
>
> Hello all,
>
> I am having a strange problem with a cfquery through SQL Server where I am
> building the SQL statement dynamically from form input. I wonder if anyone
> here has encountered and over come a simi
#preserveSingleQuotes(sql_statement)#
On 8/7/06, David Carter <[EMAIL PROTECTED]> wrote:
> Hello all,
>
> I am having a strange problem with a cfquery through SQL Server where I am
> building the SQL statement dynamically from form input. I wonder if anyone
> here has encountered and over come a
Hello all,
I am having a strange problem with a cfquery through SQL Server where I am
building the SQL statement dynamically from form input. I wonder if anyone here
has encountered and over come a similar error in the past, and could lead me
toward a solution.
When the SQL statement is placed
Do you have a file-not-found error handler in CF? It might not be finding
the file and be handled oddly in the 404 error.
...
Ben Nadel
www.bennadel.com
-Original Message-
From: Andy Matthews [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 2:55 PM
To: CF-Talk
> > Nice tag apart from it's gramatical problems...
Irony.
Has anyone already suggested the UDF at
http://www.cflib.org/udf.cfm?ID=40 ?
~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date
Hey Andy,
I'd hit the same error in house with a couple of sites when it was trying to
call the favicon from a subfolder off of the root. Ended up putting in a
blank favicon.ico folder in until we had a real one, but then call the file
itself from a full path. That seemed to knock out the proble
I'm getting a weird CF error:
1) coldfusion.runtime.Cast$NumberConversionException: The value
"favicon.ico" cannot be converted to a number
2) coldfusion.runtime.CfErrorWrapper
3) Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/418.8 (KHTML,
like Gecko) Safari/419.3
4) None
5) /index.cfm
I found a tag called cf_scriptkill in the exchange which seems to work
quite well. So along with the cfqueryparam, this should help out a lot.
Thanks for all of the suggestions.
Rey,.
~|
Introducing the Fusion Authority Quarter
Social engineering can be much more effective, and harder to code for.
~Brad
-Original Message-
From: Ian Skinner [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 12:43 PM
To: CF-Talk
Subject: RE: Good script to prevent cross-site scripting & sql
injection?
I was under the impres
Actually, even in the U.S. the proper way to write the amount in text would be
"One Hundred One Dollars and Fifty Cents". Anyone who says otherwise, needs to
go back to school.
> British 10^9 is one thousand million!
>
> Thank You,
> Peter
>
> Peter J. MacDonald II
> Creative Computing, Inc.
>
If you use cfqueryprocparam, you can still have troubles if your stored
proc builds a dynamic statement and then executes it without stripping
out single ticks.
We found that out on accident, when our order find would blow up every
time someone searched for a name like "O'Neil". :)
~Brad
-O
> 1) In Weblogic, CF has to be deployed as an exploded war /
> ear (as i recall, this has something to do with needing read
> / write access to the license.properties file). This means
> that the ear or war has to be uploaded to each machine in the
> cluster, exploded, deployed from the weblogi
Awesome. Thanks for all of the suggestions guys!
Rey
~|
Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting,
up-to-date ColdFusion information by your peers, delivered to your door four
times a year.
http
I was under the impression that CFQUERYPARAM took care of all of the SQL
injection possibilities.
--
All that I know of, but I understand hacker types to often be very creative and
intelligent people. I always assume that they have, or will someday, figure
out new attacks. The hope being
I generally cache all the select queries to speed up the pagination, I clear
that cache when any inserts/updates are done.
For BIG tables I require a search criteria to be used to reduce the number
of returned records. Usually there is no reasons to page through ALL
records.
Snake
-Original
You can bind some params to attributes, but only where you can enter
evaluations in them.
AFAIK you can't get to the regular properties.
Neil
On 8/7/06, Kris Jones <[EMAIL PROTECTED]> wrote:
>
> Hi all,
>
> Does anyone know if/how you can access report element properties
> through code, rather t
I was under the impression that CFQUERYPARAM took care of all of the SQL
injection possibilities.
-Original Message-
From: Rey Bango [mailto:[EMAIL PROTECTED]
Sent: Monday, August 07, 2006 11:39 AM
To: CF-Talk
Subject: Good script to prevent cross-site scripting & sql injection?
Hi guy
#reReplace( string, pattern, '', 'all' )#
Results in : mehereyoutoo/
Dont know if it helps but
~Eric
On 8/7/06, Eric Haskins <[EMAIL PROTECTED]> wrote:
>
> I just wrote this for a perl Cross-Site Scripting quick fix. Im unsure
> how to move it to CF as I am still learning
>
> $uri =~ s/[^A-Za
I don't have any "scripts" par se, but I usually check the cgi referrer
to prevent someone from posting off-site forms to my process scripts. As
far as sql injection, cfqueryparam will go a long way to help that...
and be careful of the preservingsinglequotes() function-- it can make it
easier to i
look into , you can't go wrong with it
On 8/7/06, Rey Bango <[EMAIL PROTECTED]> wrote:
> Hi guys,
>
> Any recommendations on a good script to prevent cross-site scripting &
> sql injection? if someone has good code for this, I'd really appreciate
> it if I could use it.
>
> Rey...
>
>
~~
For SQL injection, dedicated use of in all queries where
user input is accepted prevents most if not all attacks.
For Cross Scripting, I think urlEncodedFormat() can be used in some places, but
I'm not sure how universal this one is?
--
Ian Skinner
Web Programmer
BloodSource
www.
Hi guys,
Any recommendations on a good script to prevent cross-site scripting &
sql injection? if someone has good code for this, I'd really appreciate
it if I could use it.
Rey...
~|
Introducing the Fusion Authority Quarterly
I just wrote this for a perl Cross-Site Scripting quick fix. Im unsure how
to move it to CF as I am still learning
$uri =~ s/[^A-Za-z0-9\/]*//g;
after the 0-9 is actually a backslash escaping a forwardslash
That cleans everything accept Alpha Numeric and / in $uri variable
--
~Eric
~~
> CF without a server would be fairly useless for web sites / services,
> no ?
My bad for not making it more clear - you would still deploy your cf apps in a
J2EE server just like you do today.
/t
~|
Introducing the Fusion Aut
Hi Ray,
I'll bet there is a custom tag already written for this out there
somewhere. Take a look around the usual places: adobe developer
center, fusionauthority. I'm sure there are others, but I just can't
think of them right now.
Cheers,
Kris
> I see. Well converting a script of this size and
1 - 100 of 144 matches
Mail list logo
