Hi All,
I'd like to know which kind of security trick do you use to develop CF
Application with the Ajax Request to CFCs (for example with jquery request
$.get('MyComp.cfc?method=mymethod'))
My doubts are mainly prevent a cross-site scripting and to prevent the cfc
methods with
thanks
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:326081
Subscription:
On Monday 07 Sep 2009, Mike Chabot wrote:
it states in cfadmin the update level is hf801-1875.jar
Yeah, but that lies. The only way to tell for sure is look along the class
path, as you spotted.
It's a mess.
The cumulative hotfix 3 contains all the prior hotfixes, so delete
contains all
On Tuesday 08 Sep 2009, Scott Stroz wrote:
The bindings will call the onRequest in App.cfc as that is juts a
regular ole HTTP request.
Are you saying even on HTTPS pages, CFAJAX calls go over HTTP, not HTTPS ?
--
Helping to preemptively generate synergistic infrastructures as part of the IT
On Mon, Sep 7, 2009 at 4:52 PM, Richard
McKennarichardofmcke...@googlemail.com wrote:
Also I take it any cfincludes will automatically be called over https as
these are done before the file is sent to the browser?
You've gotten replies for the other issues, so Ill just handle the
cfinclude
Besides the code being reusable, is there a specific reason why I
should use a CFC rather then a CFM file?
I mean, from what I understand about CFC's, they use the same
processing power as a file cfincluded. Am I incorrect in this? Is
there a compelling reason to use CFCs instead of normal code?
Just a quick thought: If, for example, you are building reusable,
singleton components (sorry for the OO buzzwords, but it is descriptive
terminology), then you can load those CFCs into Application scope and have
them exist in memory only once but still be used across all requests in the
Gotcha. Thanks. :)
On Tue, Sep 8, 2009 at 7:49 AM, Jason Fisherja...@wanax.com wrote:
Just a quick thought: If, for example, you are building reusable,
singleton components (sorry for the OO buzzwords, but it is descriptive
terminology), then you can load those CFCs into Application scope
Hi Tom how are you?
That makes sense, its a mess! anyhow spent the time doing a bit of research
this is what I have installed...
chf8010003.jar - latest hotfix
hf801-71634.jar- a fix for CFLAYOUT which came with new CSS so cannot be
deleted
hf801-1875.jar - JRun Security Hotfixes
Sorry for the confusion...what I meant was that since AJAX requests
are just HTTP requests, they too should follow the same guidelines. I
believe if you are using SSL on the page, any AJAX calls form the CF
stuff should also use SSL.
On Tue, Sep 8, 2009 at 9:29 AM, Tom
Thanks brad! We use Oracle but I should be able to adapt your solution to it.
I'd like to see a CF solution mainly to see the speed difference. The
database solution should blow away the CF solution but I'm curious
none-the-less.
Maybe using your solution I can manage something like that too
On
I'd sure hate to write a SOAP webservice in a .cfm file.
Also, cfm files don't give you objects that can be passed around,
provide encapsulation of data, and support code re-use via inheritance
and method overriding. I mean, you can do anything you want in cfm
files, but there are some things
like starting your microwave on fire to cook your supper over it
That is a wonderfully expressive metaphor (and accurate to the example,
too!)
~|
Want to reach the ColdFusion community with something they want? Let them
Jason Fisher said the following on 9/5/2009 11:19 AM:
[snip]
If it's still not flying, give us a quick overview of the file
locations, including the template and the files above, and we'll see
what we can see from there. Good luck!
Jason, et. al.,
I did finally get this to work on my
Just a quick thought: If, for example, you are building reusable,
singleton components (sorry for the OO buzzwords, but it is descriptive
terminology), then you can load those CFCs into Application scope and have
them exist in memory only once but still be used across all requests in the
Am not familiar with Mura's setup, but my guess is that a baseURL or
something is being defined somewhere that is causing trouble for the
relative paths to player and/or video source files.
Glad you got it working, though!
If the request is coming from a logged in user, it would be validated
onRequest(). If the request is not from a logged in user, then abort or output
something else.
~|
Want to reach the ColdFusion community with something
Brad, I love the microwave analogy.
Phillip, CFCs as a fancy include tends to be the first step on your way to
really understanding components and objects. I've been with a few groups who
have gone (and taken me) through the course. The evolution is like this:
---
CFC as
Since Ajax requests are just like any other HTTP request your browser
sends, they come with all the cookies your application has set. With
that in mind, I secure them just like any other page on my site. A
decent framework like ColdBox can be handy here since I use an event
interceptor to
Peter,
I understand the singleton pattern. It's lovely, on a cloudy day or sipping
some tea or whatever, but in CF, don't you think that implementing the true
singleton pattern is overkill and generally unnecessary? Consider our lack
of true constructors, the stateless nature of the web, and
I would suggest watching Simon Free's excellent presentation on Creating
Public Facing API's, which would apply to Ajax applications, Flex and
Flash based applications, AIR applications, and more. He presented this
to the Nashville CFUG a while back, and I seem to remember some very
nice ideas
Thanks for the replies guys. I have currently the task of converting
over a straight forward web app to fusebox. The app already has allot
of repeat code and this isn't something that is going to be easy at
all.
One thing I have going on is that I have LOTS of cfcs. I mean, LOTS of
them (over
What is the best/proper way (using CF8) to clear all session variables in
the onSessionEnd method of Application.cfc? Should I clear the variables
individually? Should I clear the entire session scope? Or, since I have a
default session timeout, do I need any of this code at all? See below.
IIRC, by the time onSessionEnd() is triggered, the session struct has
already been cleared.
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
I would think that those references would be garbage collected at the next
GC run, so no need to do that.
-- Josh
-Original Message-
From: Che Vilnonis [mailto:ch...@asitv.com]
Sent: Tuesday, September 08, 2009 12:15 PM
To: cf-talk
Subject: onSessionEnd clearing session scoped
On average, how often should a CF server be rebooted, assuming the server is
not being rebooted to fix a problem. I have an app that runs once, each time
function OnApplicationStart runs, and I'm trying to get an idea of how often
the app may run. Any info from any CF Admins would be
Thanks all. I just wasn't sure about the best practice...
-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com]
Sent: Tuesday, September 08, 2009 4:27 PM
To: cf-talk
Subject: Re: onSessionEnd clearing session scoped variables
What is the best/proper way (using CF8) to
Hi Nathan,
Yes, this bit:
Or, are you just saying we throw the word around like candy at a parade and
should stop before we hit someone in the eye?
Though this one is not just the CF community - plenty of people all round don't
really know what Singletons (and even design patterns in general)
If you set the Application timeout to 14 days, then your server will hold
the application variables in memory for up to 14 days of absolutely no
activity without clearing them. Setting it to 14 days does not mean that
after two weeks your application will restart.
If you want to set an auto
Phillip,
One of the things that CFC's can do is encapsulate repetitive code, you can
write a function one time and call it multiple times.
One of the other big things is that CFC's and OO in general, allow you to
build apps that are more easily scaled...
It sounds like CFC's aren't the issue
Thanks for the info. So do you think it would be out of the ordinary for most
CF Admins to set createTimeSpan for 14 or more
days?
I do think this would be out of the ordinary. That's not to say that
it shouldn't be done in some cases. But usually, most CF admins tend
to stick fairly close
Usually there's an applicationTimeout flag set. I often set it to 2 days
(createTimeSpan(2,0,0,0)).
If that is the case, onApplicationStart will run the first time your
application is accessed after that timeout. You'd want to factor that into
it as well.
You could also write out a file
Hello,
I would like to create a cfc using CFFILE that has a CFFILE tag in it.
Some lines of the cfc will always be the same when the file is created.
For example:
cfargument name=class type=string required=yes
cfargument name=labelData type=query required=yes
cfargument name=bpcsData
I would use a cfcontent... tag to build a string that is the entire
body of the CFC.
Then I would write this string to a file with the cfile... tag.
But there are other equally good ways.
~|
Want to reach the ColdFusion
On average, how often should a CF server be rebooted, assuming the server is
not being rebooted to fix a problem. I have an app
that runs once, each time function OnApplicationStart runs, and I'm trying to
get an idea of how often the app may run. Any info
from any CF Admins would be
What is the best/proper way (using CF8) to clear all session variables in
the onSessionEnd method of Application.cfc? Should I clear the variables
individually? Should I clear the entire session scope? Or, since I have a
default session timeout, do I need any of this code at all? See below.
Thanks for the info. So do you think it would be out of the ordinary for most
CF Admins to set createTimeSpan for 14 or more days?
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House
I'm not sure how this affects your discussion.
But we commonly go months and months between server reboots.
Also it should be understood that the application timeout value is how
long the server waits for another request. I.E if your timeout is 14
days, then the application will with that
On Tue, Sep 8, 2009 at 1:38 PM, Peter Boughtonbought...@gmail.com wrote:
Though this one is not just the CF community - plenty of people all round
don't really know what Singletons (and even design patterns in general)
actually are.
Remember that Singleton is a DESIGN pattern. The
It all depends on the application.
Jake Churchill
CF Webtools
11204 Davenport, Ste. 100
Omaha, NE 68154
http://www.cfwebtools.com
402-408-3733 x103
-Original Message-
From: Byte Me [mailto:byteme...@verizon.net]
Sent: Tuesday, September 08, 2009 3:02 PM
To: cf-talk
Subject: Re:
Alan Rother wrote:
If you want to set an auto refresh on your application variables, to force
them to refresh, then I would create a scheduled tasks that passes in a url
var which could trigger the onApplicationStart from the onRequestStart
I find it can be extremely helpful to do that with
I think that one of the best uses of CFC's (and UDFs and custom tags) is to
abstract or hide a lot of code behind simple function calls or custom
tags so you can make changes in one place and have of in effect globally. Or
if you abstract part of your code, like the database layer, you can make
On Tue, Sep 8, 2009 at 4:39 PM, Scott Stewart sstwebwo...@bellsouth.netwrote:
Phillip,
One of the things that CFC's can do is encapsulate repetitive code, you can
write a function one time and call it multiple times.
I personally like knowing what I actually send to a cfc. With an
Remember that Singleton is a DESIGN pattern. The complexities we see
in much of the published literature are based on Java's inability to
cleanly implement a secure Singleton design because it doesn't have a
global scope and any real sense of application startup. Don't mix
design and
How would I use cfcontent to build a string that doesn't output to the page?
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
How would I use cfcontent to build a string that doesn't output to the
page?
hehe... I'm pretty sure Ian meant
cfSAVEcontent
=]
--
Alan Rother
Adobe Certified Advanced ColdFusion MX 7 Developer
Manager, Phoenix Cold Fusion User Group, AZCFUG.org
Use the .cfm extension instead of .js.
mxAjax / CFAjax docs and other useful articles:
http://www.bifrost.com.au/blog/
2009/9/9 Rick Faircloth r...@whitestonemedia.com:
Hi, all.
I've decided to try to use some external .js files for a login routine for a
site management area
instead
Now I know why you make the big bucks, James! :o)
Thanks...
-Original Message-
From: James Holmes [mailto:james.hol...@gmail.com]
Sent: Tuesday, September 08, 2009 9:47 PM
To: cf-talk
Subject: Re: How to handle CF variables in JS (jQuery) external files...
Use the .cfm extension
Hi, all.
I've decided to try to use some external .js files for a login routine for a
site management area
instead of repeating the jQuery code on every page checking for login status
and running ajax
login routines.
I just realized, however, that when I put my jQuery code into an
values = { dsn: 'cfoutput#application.dsn#/cfoutput' }
So lemme get this straight... you are going to put your dsn into a js var?
You might as well just output it on the page for all to see ;)
You can change extension or output the cfm into a dummy container and then have
jquery pick it up
50 matches
Mail list logo
