Okay, I must be having a brain fart today - I'm trying to get a cell in a
table to NOT wrap. I actually want the text that doesn't fit to be hidden.
What am I missing? (btw, I'm coding only for IE for an internal app). I've
done this before, just can't remember what I did. I want the second
td style=width: 100px; overflow: hidden; nowrapTest Test Test Test Test
Test Test Test Test Test Test Test Test Test
Test Test Test Test Test Test Test Test Test /td
On Wed, Jul 23, 2008 at 3:00 PM, Experienced CF Developer
[EMAIL PROTECTED] wrote:
Okay, I must be having a brain fart today -
Actually, I'm gonna pick on you again Dave and challenge
this. (I'm hoping to add to my wall)
If a someone is using MySQL ...
Well, the original poster was asking about the current attack, which
specifically targets MS SQL Server.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Do you mind if I blog about that part where you said Yeah,
your right about that That's got to be good for my
cf_streetCred (ha).
I don't mind, no.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction
:309507
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=28801.20441.4
__ NOD32 3290 (20080723) Information __
This message was checked by NOD32 antivirus system.
http://www.eset.com
Hello All,
The Autosuggest is a great, but I am having issues with commas in the data.
I have a list of company names:
YourCompany Name comma Inc.
What I get from the Autosuggest is a list of all the '*YourCompany Name'*and
a list of all the *'Inc'*.
Any ideas on how I can get around this
Wim,
This didn't work for me. I still get the following:
http://www.zarts.com/test.cfm
Dave
-Original Message-
From: Wim Lemmens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 8:04 AM
To: CF-Talk
Subject: Re: (ot) Stupid HTML Question
td style=width: 100px; overflow:
/groups/CF-Talk/message.cfm/messageid:309507
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=28801.20441.4
__ NOD32 3290 (20080723) Information __
This message was checked by NOD32 antivirus
That's what you wanted, no?
You say I actually want the text that doesn't fit to be hidden.
That's what you get.
Please explain correctly what you want.
Wim.
On Wed, Jul 23, 2008 at 3:49 PM, Experienced CF Developer
[EMAIL PROTECTED] wrote:
Wim,
This didn't work for me. I still get the
This might work:
tdnobrTest Test Test Test Test Test Test Test Test Test Test Test Test
Test Test Test Test Test Test Test Test Test Test/nobr/td
Adrian
-Original Message-
From: Experienced CF Developer [mailto:[EMAIL PROTECTED]
Sent: 23 July 2008 14:49
To: CF-Talk
Subject: RE: (ot)
Wim,
The nobr tag did what I wanted. The code below did not work as you would
think it should (I had already tried those options myself). If you look at
the page at http://www.zarts.com/test.cfm you will see the code you gave me
below but you will also see that the cell still wraps.
Thanks
I only checked in FireFox. There it works correctly.
IE messes it up...
On Wed, Jul 23, 2008 at 3:56 PM, Experienced CF Developer
[EMAIL PROTECTED] wrote:
Wim,
The nobr tag did what I wanted. The code below did not work as you would
think it should (I had already tried those options
The nobr tag did what I wanted. The code below did not work as you would
think it should (I had already tried those options myself). If you look at
the page at http://www.zarts.com/test.cfm you will see the code you gave me
below but you will also see that the cell still wraps.
FYI - I
Wim, your code worked on Firefox just fine, but not in IE as he asked for.
On Wed, Jul 23, 2008 at 8:52 AM, Wim Lemmens [EMAIL PROTECTED] wrote:
That's what you wanted, no?
You say I actually want the text that doesn't fit to be hidden.
That's what you get.
Please explain correctly what you
Ah, that's it. I'm only developing for IE for an internal app.
Dave
-Original Message-
From: Wim Lemmens [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 9:00 AM
To: CF-Talk
Subject: Re: (ot) Stupid HTML Question
I only checked in FireFox. There it works correctly.
IE messes
Here's the story: We have about 20 logos. We want a random four displayed. In
and of itself this is not very complicated, but a third party wants to add and
delete logos from the pool.
It seems to me that the easiest way to do this (once we put in a self-admin
section to upload/delete logos)
The query you get from cfdirectory is an array (or rather, its columns are):
cfset randomFilename =
yourCFFileQuery[name][randRange(1,yourCFFileQuery.recordCount)]
On Wed, Jul 23, 2008 at 10:05 PM, Melissa Cope [EMAIL PROTECTED] wrote:
Here's the story: We have about 20 logos. We want a random
You don't necessarily need them in an array to do this. You can get at the
data with your chosen index like so:
cfoutput
#yourQuery[name][yourRandomNumber]#
/cfoutput
Adrian
-Original Message-
From: Melissa Cope [mailto:[EMAIL PROTECTED]
Sent: 23 July 2008 15:06
To: CF-Talk
Hi,
I have a simple scenario to tackle where a user hits a cfm page and has to
answer a question, the same user must not be able to repeat this process
though. (would like to avoid the user having to register any information i.e.
user name or email address etc for identification).
I have
Excellent points! Thanks Dave, and everyone who took the time to reply to /
read this thread.
Moral lessons learned:
1) Don't go crazy with tightening security around SQL statements. Only
secure the vulnerable;
2) Whenever possible, think of using native CF functions to simplify code.
:-)
BTW,
In my experience, the conditions you're describing are mutually exclusive.
Even requiring registration doesn't ensure that a person only answers a
question once because they could create multiple accounts. It really comes
down to balancing how important it is for a single answer for a single
Simon,
Nope... I can think of no way to do it that cannot be circumvented. For
example, you can require that they enter their email - but of course they
can go use another email address. You can create some sort of signature
based on the browser, ip, or other cgi vars - but of course they can
The code below did not work as you would
think it should
Actually, it works with Mozilla and Opera, but not with IE nor Safari.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this
@Sonny
Thanks Sonny, good points made, I agree. This is a tricky one I must
admit, essentially its making a complex situation out of a basic
scenario with many factors I must turn a blind eye 2.
The point regarding multiple users per workstation is an obstacle I am
going to turn a blind
Not dissing anyone. Just curious. With all the ORM's and code generators out
there, why are you not using cfqueryparam?
One reason I can think of is that until recently you could not use it with
cached queries. For those of us that have to support older versions of
ColdFusion, it's definitely a
Unless your app is running inside a network/domain and IWA is enabled then the
means to identify a user across visits you have already mentioned and ruled
unreliable.
I don't believe you have any more options other than requiring some form of
authentication from the site user. Basically, if it
Does this app only run inside your network? if so you can use integrated
windows authentication, if the users log into a domain from their workstation
and the webserver is on that domain/network you can enable IWA and use the cgi
variable to identify each user.
Nice point Jesse I will check, thank you :)
On 23 Jul 2008, at 16:26, Jesse Beckton wrote:
Does this app only run inside your network? if so you can use
integrated windows authentication, if the users log into a domain from
their workstation and the webserver is on that domain/network you
The query you get from cfdirectory is an array (or rather, its columns
are):
cfset randomFilename =
yourCFFileQuery[name][randRange(1,yourCFFileQuery.recordCount)]
I can't believe I didn't thank of that! Thanks so much.
Actually, I'm gonna pick on you again Dave and challenge
this. (I'm hoping to add to my wall)
If a someone is using MySQL ...
Well, the original poster was asking about the current attack, which
specifically targets MS SQL Server.
That might be true, but he didn't say that. He simply
You can also do Java's File Class, which returns an array. I haven't
done speed tests, but it *should* be faster for big directories:
listDirectory =
createObject(java,java.io.File).init(/var/absolute/directory/path).list();
Let us know if it's faster for you
Melissa Cope wrote:
The
Is there a way to get the modified date out of exchange using the new tags for
exchange in coldfusion? If not, how would I go about doing this. I basically
want to sync my SQL database with MS Exchange 2003. Thanks in advance!
Just to get this out of the way. I am pretty much brand new to web services so
please excuse my lack of knowledge.
I have been working on a real small web app that allows the customer to input
an invoice then it kicks out a csv of the invoices. My problem is that the
vendor just added an
Steve,
Try hitting it with CFHTTP and see what you get:
cfhttp url=https://devurl.asmx?method=ZNAPing;/cfhttp
cfdump var=#cfhttp#
See what you get. Maybe it's not written as a 'real' web service and simply
just returns xml?
Dave
-Original Message-
From: Steve Sequenzia [mailto:[EMAIL
We're having some serious trouble with an internal website that uses IIS
pass-through authentication that logs you in automatically based on the
user you're logged into your computer as. The problem is, I can't find
any load testing apps that will test a site with that type of login. My
thinking
On Wed, Jul 23, 2008 at 2:18 PM, Burns, John D [EMAIL PROTECTED] wrote:
We're having some serious trouble with an internal website that uses IIS
pass-through authentication that logs you in automatically based on the
user you're logged into your computer as. The problem is, I can't find
any
Hi Dave,
I have an older cf auction application that is being hit with this attack. I'm
running URLScan on my win2k server running CF5 server w/ sql2k. What is the max
length of URL you would recommend? Any deny verbs, headers, etc you would
recommend so I can compare to my urlscan.ini. I
On Wed, Jul 23, 2008 at 3:18 PM, Burns, John D [EMAIL PROTECTED] wrote:
Can anyone confirm this or point us
toward a product that does it?
This may do what you need
http://www.iis.net/downloads/default.aspx?tabid=34g=6i=1466
You probably need to add ?wsdl onto the end of your webservice URL. If you
hit the URL you are passing in a browser, you are probably getting an error
message.
Try https://devurl.asmx?wsdl in your browser and see if you get the WSDL.
That is what CF needs.
~Brad
- Original Message
We're having some serious trouble with an internal website
that uses IIS pass-through authentication that logs you in
automatically based on the user you're logged into your
computer as. The problem is, I can't find any load testing
apps that will test a site with that type of login. My
since the webservice is thru SSL, make sure the SSL certificate is valid and
from a trusted CA. if it's not from a trusted CA, you'll have to import the
cert into your CF server's trusted store.
see http://www.coldfusionmuse.com/index.cfm/2005/01/29/keystore
One of my websites got hit.. I always use
cfqueryparam - at least for the last few years,
but some old code (this website started with
version 1 of CF) was still hanging around that
was unprotected. I used that scanning tool and it
found about 20 unprotected querries out of about 20,000...
however, one of the owners got banned when
he included the word Declare in a product description:)
Wow-- that sucks. This is a classic reason why that sort of blocking method
is in my opinoin only useful for a temproary stop gap. It treats the symtom
more than the problem and is prone to
On 7/23/2008 at about 1:30 I had a second sql injection attack. On 7/21/2008 I
had fixed the database for this site from the first attack and I had fixed all
the cfqueries with the proper cfquery param tags and included cfif
cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO contains EXEC( OR
If you are still being affected by the attack, then you still have one or
more vulnerable queries somewhere with access to that database.
Did you use a code scanner like QueryParam Scanner from RiaForge to search
the ENTIRE code base for missing cfqueryparams?
Also, find out the user your
What about if I put:
cfif cgi.SCRIPT_NAME contains EXEC( OR cgi.PATH_INFO contains EXEC( OR
cgi.QUERY_STRING contains EXEC(cfabort/cfif
in my all cf files on my web site and if hacker gonna try to run any of this
files for example:
index.cfm?+code, mail.cfm?+code etc basically it attacks all on
Excuse me... But why are you checking script_name and Path_info for EXEC(
Both of these are generated on the web server - not sent by the
browser... So I'd be interested to know your reasoning. Also, form elements
are not part of the query_string since they are passed in a form body
container
That may help with this particular attack, but I already have seen 2
versions of it today.. Both happened to have the EXEC(
but there are variations that use other key words.
The correct way (which unfortunately I found out through failure:) is:
1. Run a scanner like:
Just to follow up: From what I can tell you cannot use special characters with
the find + replace option in the Studio Express _editor_. I ended up using
another editor.
Thanks for the response Sonny. I know my original question was about as clear
as .. mud ;-)
Good list al - but I have a couple of revisions for you :)
First, this code:
cfqueryparam name=id default=0 type=integer/
Creates a variable in the VARIABLES scope. If you are scoping your variables
(as in #url.id# then this will have no affect on that scope - or the form
scope). If you are not
Is there a problem using 'attributes' instead of FORM or URL within
cfqueryparam? I am getting invalid binding errors on this insert:
INSERT INTO OrderHeader (Orderno, ItemTotal, Shipping, OrderTotal,
PurchaseDate, BuyerEmail, BuyerName,
Ship2Name, Ship2Addr1,
As long as the param exists no there is not a problem. What kind of binding
error are you getting?
Mark A. Kruger, CFG, MCSE
(402) 408-3733 ext 105
www.cfwebtools.com
www.coldfusionmuse.com
www.necfug.com
-Original Message-
From: Toni Steinhauer [mailto:[EMAIL PROTECTED]
Sent:
Is the attributes scope working as expected in other parts of the
application?
Dump the attributes scope ad make sure that the expected values exist and
are populated as you think they should be.
--
Scott Stewart
ColdFusion Developer
4405 Oakshyre Way
Raleigh, NC 27616
(h) 919.874.6229 (c)
With this latest spate of SQL attacks it has at least alerted CF (and non CF
coders hopefully) to the importance of sql injection and input sanitisation.
However I am noticing that almost all of the drop-in 'patches', almost all
of them seem to be straight list/array searches and there is almost
I would check to make sure that the cfsqltype you are using matches the data
being passed in, as well as the column in the database.
Please post the actual error.
~Brad
- Original Message -
From: Mark Kruger [EMAIL PROTECTED]
To: CF-Talk cf-talk@houseoffusion.com
Sent: Wednesday, July
Gabriel,
Can you give me a rundown on how a sting like dr/*foo*/op would translate
as drop? Trying this in query analyzer does not seem to work.
se/*foo*/lect * from users
where archivebit = 1
order by firstname
Doesn't work...
So I created a table called foo and then ran this query like
My thinking is:
The way it appears, a zombie will hit about 2 -12 pages on my web
server - over the course of a few seconds - then leave me alone..
On the first page they hit, if I ban them, then the next 1 to 11
tries will not succeed even if they happen to find a vulnerable file
Mark,
The comment block obfuscation technique has been posted on blog articles
that I have read through the years, however
http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ seems to be the
only one that I can pull up after a 30 second search. Needless to say I am
almost certain that I have
Thanks for that link Gabriel. I'm sure it was intended for black hats, but
I think stuff like that should be required reading for any web programmer.
It's easier to defeat the enemy when you understand what they are doing.
~Brad
- Original Message -
From: Gabriel [EMAIL PROTECTED]
To:
59 matches
Mail list logo
