>there appears to be no jdbc connector option to change this behaviour,
>so have to do in server config/start...
>
Sorry to drag up an old thread, but I wanted a record of this for anyone
reading the archives. There IS a JDBC URL option to disable backslash escaping
in MySQL on a datasource lev
On Sat, Aug 16, 2008 at 10:04 PM, Andrew Scott wrote:
> Well at the end of the day, I am currently using hibernate in ColdFusion
> thanks to Joe Reinhart I think is the one I am using. But I now plenty of
> people are looking into it at the moment.
Hibernate is easy to use with CF8 and Java. Few
Well at the end of the day, I am currently using hibernate in ColdFusion
thanks to Joe Reinhart I think is the one I am using. But I now plenty of
people are looking into it at the moment.
I have even looked at using GORM in Coldfusion, to help with DDD. But
haven't had the time to investigate as
That's it. I can't believe I forgot to turn "enable BlOB" when I updated
the dsn today. Thank you!
Nathan
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Saturday, August 16, 2008 9:47 PM
To: CF-Talk
Subject: Re: CFContent tag
First, check that your datasource has
First, check that your datasource has the "enable BLOB" checkbox ticked.
On Sun, Aug 17, 2008 at 11:44 AM, Nathan Chen wrote:
> Hi, All:
>
> I have a query that selects a BLOB field (embedded file) from a table.
> Then I use cfcontent to output the string to the browser. The code has
> running fin
Add a cfqueryparam to that code and we'll help you ;-)
Have you tried killing the acrobat.exe process to make sure it isn't hung up
on something.
~Brad
- Original Message -
From: "Nathan Chen" <[EMAIL PROTECTED]>
To: "CF-Talk"
Sent: Saturday, August 16, 2008 10:44 PM
Subject: CFConte
There are always trade-offs.
Everything you add is a few (or more) cycles, and you've got to at
least sorta aim for optimization (if ambiguously).
Like, the hibernate stuff seems plenty fast to me right now, but what
happens when I toss a ton of requests at it, or use large tables or
something?
Hi, All:
I have a query that selects a BLOB field (embedded file) from a table.
Then I use cfcontent to output the string to the browser. The code has
running fine until today all of a sudden it won't display the files. All
the files in that BLOB field are pdf files. The code looks like this:
On Sat, Aug 16, 2008 at 8:08 PM, Dominic Watson wrote:
> Sounds awesome ;)
It is pretty cool, and the annotation approach is very tempting.
There are so many ways to do it tho... and I'm seriously thinking a
modeling language is where it's really at, but, this is still way fun.
=]
> So in theor
No I am not arguing about it, I am saying that there is no reason that
ColdFusion could not do what I said it could. It only means that with the
release of ColdFusion 9, it is more of a possibility that SQL Injection will
become a thing of the past for ColdFusion.
It doesn't excuse the fact that w
No the developer could write
myObject.findAllByFirstname('Andrew');
I would imagine that cfquery will not change, and would remain for backward
compatability. At a guess!
--
Senior Coldfusion Developer
Aegeon Pty. Ltd.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Orig
The one thing that excites me is that ColdFusion is a dynamic language, if
Adobe introduce Hibernate and spring under the hood can you imagine
something like this.
Var myObject = new Person();
myObject.whereTitleLike('This is awesome');
or
myObject.findAllByFirstName('Andrew');
Having methods t
Rick,
I think it is only a matter of time, I only have one ColdFusion website that
is on a shared server/public. I have been through the attacks, but when
speaking with the hosting provider I think they started to put measures in
place for the entire servers.
Not 100% sure, as I haven't seen thes
Another not so common approach, is spamstop.
This little wrapper for cf, allows someone to filter the request by known
attackers. So you could redirect them away or display garbage on the screen
or whatever.
Maybe another stop gap measure.
--
Senior Coldfusion Developer
Aegeon Pty. Ltd.
www
So for six months you've known the feature is coming yet you're still
arguing about it now? Do you just like wasting people's time?
On Sat, Aug 16, 2008 at 11:37 PM, Andrew Scott
<[EMAIL PROTECTED]> wrote:
> Man your about 6 months late with that news
>
--
mxAjax / CFAjax docs and other usef
Sounds awesome ;)
So in theory, CF could use Hibernate (when it releases that stuff in
9) to automatically parametise a query, with no extra work from the
developer, ie. the developer just writes:
SELECT foo FROM bar WHERE foobar = 4570
and cf then parses the query to see what are para
On Sat, Aug 16, 2008 at 10:28 AM, Dominic Watson wrote:
[...]
> A question for anyone who knows hibernate then; does it require
> configuration per database, rely on convention or does it query the
> schema to generate its mappings automatically?
You can do it however you want it, man!
It'll reve
I'm doing the request filtering in apache so that it never even
bothers my CF engine with the request, but I was wondering if Jochem
didn't like the filtering for a reason.
I wouldn't rely on it alone in any way, shape or form, but just
cutting down on the "spam" hits on the application seems like
Well, I think we're in general agreement that Adobe should re-consider the
architecture of the cf8 product which would make it much more flexible, hence,
more options/opportunities for all (provider itself = Adobe, and a broad range
of developers... etc. etc.). Also, along this line of thought,
Ditto! It was the one thing that allowed me to pass with a 91% to get
advanced. I haven't even through about taking the CF8 exam until Exam
Buster was out.
J.J.
On Sat, Aug 16, 2008 at 11:45 AM, Dave Phillips
<[EMAIL PROTECTED]> wrote:
>>> Read what people are saying about the Exam Buster prod
Man... at this point, after reading about all of these problems with
SQL injection, and having been told that it doesn't concern MySQL, I'm glad
I'm using MySQL. This would be one big, time-consuming headache, otherwise.
I'm a solo developer and can use whatever DB I prefer, but I realize some
of
This reminds me of a great Homer-ism:
"The internet...is that thing still around?"
But seriously, Miva is *ancient* software IMO. I was using it 8 years ago a
LOT when I first got into the biz, and it was really robust, but really
really rigid. You couldn't do anything without the help of a thi
>> Read what people are saying about the Exam Buster product on our
testimonials page (some early CF8 comments are already on there):
Just wanted to throw in my two cents that Exam Buster helped me prepare for
my MX 7 developer exam, and I aced it with a 97% and earned the Advanced MX
7 Developer
>> I haven't mentioned this before because I do believe that filtering
>>> request URLs is the wrong approach
>>
>> Care to elaborate on this?
>
>Denstar, dig out your neo-security.xml file. In my Windows CF8 standalong
>install it is located in C:\ColdFusion8\lib\neo-security.xml
>
>Look at the
David,
As a stop gap while in full force you could use the ISAPI filtering
technique or apache rewrite. This wuold keep it from reaching CF. Of course
that still might mean changing for every site in your pool of sites. I have
a post on it... The comments are pretty useful as well:
http://www.col
> I am new to the post, but I have been programming in CF for over 10 years and
> know some of you from the CF Forums.
>
> I am getting slammed with this crud as well on over 30 of my websites. Any
> suggestions as how to handle this for multuple sites on 1 server? I just
> discovered the >issue
>I can't vouch for php, .Net but at least in the Java world ORM reduces that
>risk to nil. And its built into the ORM, so if the ORM can't work out your
>polymorphic function in the database then how does it do it?
php is as ColdFusion and Java; you can use a plain query string or use
a parametise
On Fri, Aug 15, 2008 at 3:21 PM, Barney Boisvert wrote:
> You could attempt to load one of it's classes and catch the resulting
> exception if it's missing. Based on whether that exception is raised
> you'll know whether it's available.
Yes, that sounds like a good way to do it.
FWIW, when I've
I am new to the post, but I have been programming in CF for over 10 years and
know some of you from the CF Forums.
I am getting slammed with this crud as well on over 30 of my websites. Any
suggestions as how to handle this for multuple sites on 1 server? I just
discovered the issue as it seems
> I haven't mentioned this before because I do believe that filtering
>> request URLs is the wrong approach
>
> Care to elaborate on this?
Denstar, dig out your neo-security.xml file. In my Windows CF8 standalong
install it is located in C:\ColdFusion8\lib\neo-security.xml
Look at the following
>Sorry for the problems with the House of Fusion site. We've been under
>massive attack by sql injection bots and I've just been able to get a handle
>on it. A fast solution to the problem is this:
>
>It works unless you have a few hundred attacks at a time. In that case,
>place a cfmail before the
CF8 Exam Buster from CentraSoft (http://centrasoft.com)
CF8 Exam Buster is the ultimate testing tool specifically designed to help
ColdFusion developers earn their Adobe ColdFusion 8 Certification through the
Adobe Certified Professional Program.
CF8 Exam Buster has 384 questions designed to he
Man your about 6 months late with that news
--
Senior Coldfusion Developer
Aegeon Pty. Ltd.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
-Original Message-
From: James Holmes [mailto:[EMAIL PROTECTED]
Sent: Sunday, 17 August 2008 1:35 AM
To: CF-Talk
Subject: Re:
Have you ever done any GORM work?
Now technically embedding hibernate into ColdFusion would technically be
under the hood as far as ColdFuison is concerned.
I mean, I might as well by your reasoning say that ajaxUI is not under the
hood in ColdFusion because it uses a 3rd part library to do its w
You'll be happy to know that CF9 is rumoured to include Hibernate with
a corresponding set of tags, so CF should indeed be able to deal with
this under the hood.
On Sat, Aug 16, 2008 at 11:12 PM, Andrew Scott
<[EMAIL PROTECTED]> wrote:
> --
> Senior Coldfusion Developer
> Aegeon Pty. Ltd.
> www.ae
Andrew Scott wrote:
> I stand by the fact that cfqueryparam, can and should be taken care of under
> the hood. Other languages are doing it, so what does that tell you?
It tells me that they need additional configuration or convention.
I have 2 functions with the following signatures in my datab
Actually,
That should have been the reverse on URL filtering:-( In other words, I
should or could write a filter to do the checking of SQL injections. Sorry
my bad there. But it is only one way to do it.
Anyway as I do grails work I dug this link up for you all...
http://docs.codehaus.org/displa
On Sat, Aug 16, 2008 at 6:15 AM, Jochem van Dieten wrote:
> Andrew Scott wrote:
>> Ever heard of IP spoofing? Sure you need to complain about it, but the one
>> thing they need to do is track the packets.
>
> IP spoofing is really only a significant problem with UDP. With TCP any
> decent ISP will
--
Senior Coldfusion Developer
Aegeon Pty. Ltd.
www.aegeon.com.au
Phone: +613 9015 8628
Mobile: 0404 998 273
And you haven't seen grails then, you can't get any more of a dyanmic
language than that:-)
It uses GORM, which is a entry point to hibernate and guess what it takes
care of eveything I s
Hmm,
I wasn't trying to compare ColdFusion to Grails, I used grails as an example
because it relies heavily on an ORM. The ORM has the needed datatypes for
the DB (or bind / prepared Statements), but when it comes to SQL injection,
it doesn't appear to be an issue.
Please read what I said, I wasn
>>they are back.
Yeah, here too.
--
___
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
~
Andrew Scott wrote:
> I believe IP spoofing is still a huge problem. I know little about it, so no
> more comment on that but a quick google shows that it is still a huge
> problem.
AIDS is a huge problem too. It is also about equally relevant for the
current wave of SQL injection attacks.
> As
Hmmm,
I believe IP spoofing is still a huge problem. I know little about it, so no
more comment on that but a quick google shows that it is still a huge
problem.
As for polymorphic functions, that is not the issue. SQL injection is mainly
passed via the URL, header or some form of post to the ser
Thanks for all of the input. It really is helpful.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;203748912;27390454;j
Archive:
http://www
>1) I am not worried about what you think, the reason being is that I have
>clearly stated that on a few occasions everyone is different.
Neither me you. You have clearly stated that everyone is different but
that no one should ever use SVN in production. I would like to know
the concrete reasons
Andrew Scott wrote:
> Ever heard of IP spoofing? Sure you need to complain about it, but the one
> thing they need to do is track the packets.
IP spoofing is really only a significant problem with UDP. With TCP any
decent ISP will catch spoofs in their egress filters. Even your cheap,
Taiwanese
LOL...
Ever heard of IP spoofing? Sure you need to complain about it, but the one
thing they need to do is track the packets. This will only work if all paths
along the way, have log capturing to traverse the mac address to get the
correct IP address.
But yes start with your IP, give them as much
Ok,
As you directed the response to me
1) I am not worried about what you think, the reason being is that I have
clearly stated that on a few occasions everyone is different.
2) Even when I did Coldfusion development full time, I had one client that
asked us to quote a job. This job resulted
Mark Mandel wrote:
> What I'm curious about, is that there seems to be noone you can report this
> to?
You can report it to the abuse department of the ISP of the originating
IP. Just look up the IP delegation and the abuse address is usually
right there.
Jochem
~
Andrew, your initial point (that you made redundantly clear by way of
caps and repetition) was to never use subversion to move code to
production. You then make your detailed case that demonstrates your
reasons not to. I agree, in your situation you would not do so. But I
fail to see how you can be
Oh dear.
The JRun webserver is the inbuilt webserver that, if enabled, allows
JRun to serve web requests instead of using Apache or another server.
It's the same webserver that runs on port 8500 in standalone mode.
It the JWS mentioned in articles like:
http://www.bpurcell.org/blog/index.cfm?mod
On Fri, Aug 15, 2008 at 11:56 PM, Brad Wood <[EMAIL PROTECTED]> wrote:
> They completely stopped on the 11th, but they are back to day spelling it
> like "DeCLARE".
>
We're seeing the same - we're using RegExp to pick 'em up now.
--
mac jordan
www.webhorus.net | www.reactivecooking.com | www.n
On Fri, Aug 15, 2008 at 10:58 PM, Mark Mandel wrote:
> What I'm curious about, is that there seems to be noone you can report this
> to?
Well, I'm pretty sure there is something we could do, but the general
attitude seems to be to just suck it up.
And buy some stocks in the tech hardware/broadba
53 matches
Mail list logo
