ColdFusion 7 is no longer supported by Adobe. Therefore only customers
who have extended support, which you pay for, are entitled to a fix
for CF7.
But has already been pointed out, just restrict your /CFIDE.
Andy
On 11 August 2010 22:17, Gerald Guido gerald.gu...@gmail.com wrote:
Wait a
This has been out for a few weeks but I don't remember it being announced
here so, just in case...
http://www.amazon.com/ColdFusion-Developer-Tutorial-John-Farrar/dp/1849690243/
--
John Bliss
IT Professional
@jbliss (t) / http://www.brandiandjohn.com
Hi,
I'm running the CF9.0.1 updater and it seems to be taking a long time doing
this:
Installing... C:\Coldfusion9$$stubs
Does anyone recall seeing this message for a long time? Does it eventually
finish or is it stuck?
Thank you.
Thanks everybody for your helps.
I'm confused, I didn't answered your questions because i thought that a mail
was sent for every answer, for me no mail = no answer.
I found today my stupid mistake : the name of the application was
CFAPPLICATION NAME=Xx in then first Application.cfm and
Here's a great beginner guide:
http://www.addedbytes.com/for-beginners/url-rewriting-for-beginners/
http://www.addedbytes.com/for-beginners/url-rewriting-for-beginners/
On Wed, Aug 11, 2010 at 5:58 PM, Matthew P. Smith
m...@smithwebdesign.netwrote:
Any way you could provide an example?
I
John,
I was one of the technical editors of the book. If people are curious it
was almost completely rewritten and additional chapters were added on things
like unit testing (MXUnit) and ORM.
I'm happy to see CF books selling well enough that their number is
increasing ;). I just bought the
Millions of sites applying one patch is better than Millions of sites
applying Millions of patches ^^
http://www.digitaltrends.com/computing/microsoft-issues-record-number-of-patches/
~|
Order the Adobe Coldfusion Anthology
I am working with a SOAP web service in CF 8.0.1 and the filecontent
attribute of the cfhttp response is a java.io.ByteArrayOutputStream. If
I use the toString() method to convert this to text, I can see the XML
response data plus the binary image strings that I was expecting. The
problem
null=#!isDefined('myVar') OR !ListLen('myVar')#
Thanks Carl, I haven't actually tried both together, I've tried them by
themselves (as well as isNumeric and was unsuccessful 100% of the time. I'll
give this one a try next time I find a spot it could be used and tested. Thank
you!
Just a reminder, we published a ColdFusion 9 Server Lockdown Guide back in
June. It provides details and instructions for securing the ColdFusion
Administrator. While the guide was written for ColdFusion 9 specifically,
most of the tips will apply to version 6+.
I am working with a SOAP web service in CF 8.0.1 and the filecontent
attribute of the cfhttp response is a java.io.ByteArrayOutputStream. If
I use the toString() method to convert this to text, I can see the XML
response data plus the binary image strings that I was expecting. The
problem
Dave,
Per my message earlier this week
(http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:336189),
when I try cfinvoke or createObject( webservice ..., I am getting an
AxisFault error that I cannot get around. When I use cfhttp to post, I am
getting the expected response
hi guys,
now before i get the use a dedicated vps response, i am fully aware a
shared hosting account isn't going to be as solid as a vps...
however, hostek.com... we are getting cannot read response from
server errors multiple times a day across several websites. the
queries
Ok...I worked with application.cfc's for awhile
and things seemed to work fine, but then I had some
issues and went back to old reliable application.cfm.
Now, however, I'd like to try again to get a grasp on
how to use application.cfc's.
First question:
Why can I set the application.website
I do exactly that, Rick, and it works fine. All my app vars are set in
onApplicationStart, except for the constants like 'name', which I set
outside the methods:
cfcomponent output=false
cfscript
this.name = myAppName;
this.applicationTimeout =
Same here... restricted by internal IP address and username/password.
-Original Message-
From: Andrew Grosset [mailto:rushg...@yahoo.com]
Sent: Wednesday, August 11, 2010 2:08 PM
To: cf-talk
Subject: Re: Millions of Coldfusion sites need to apply patches
phew!! for a moment I was
Thanks for the reply, Jason...
Well...I swear, the first time I tried to set application.website
inside onApplicationStart, I got an error saying application.website
wasn't defined. Now, for some reason, it works.
The only thing I added was output=false as you have in your example.
At first,
Is it sufficient to restrict access to /cfide/administrator?
The easiest solution is to restrict access to /CFIDE/, which
unfortunately only a slight majority of Coldfusion sites have done.
~|
Order the Adobe Coldfusion
You should be able to set that variable in OnApplicationStart() with no
problems. In fact, as you said, that's the preferred place to set it.
You must have something else going on that's causing the problem.
Thanks,
Eric Cobb
ECAR Technologies, LLC
http://www.ecartech.com
Rick,
Is it highly possible that you had run the application, and then placed that
code into onApplicationStart? If this is the case then the undefined
variable would make sense, and why it works for you now.
Regards,
Andrew Scott
http://www.andyscott.id.au/
-Original Message-
From:
Is it sufficient to restrict access to /cfide/administrator?
You may also want to restrict access to /CFIDE/adminapi.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
http://training.figleaf.com/
Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on
GSA Schedule, and
Rick,
One thing I do is to place a piece of code into the onRequestStart method to
reinit the application variables. This will let you set variables in the
onApplicationStart method and be able to change them without having to restart
ColdFusion or wait for the application to timeout.
In you
That's most likely what happened...
-Original Message-
From: Andrew Scott [mailto:andr...@andyscott.id.au]
Sent: Thursday, August 12, 2010 2:31 PM
To: cf-talk
Subject: RE: Trying to understand application.cfc...
Rick,
Is it highly possible that you had run the application, and then
Thanks for the tip!
-Original Message-
From: Paul Day [mailto:p...@nucomsolutions.com]
Sent: Thursday, August 12, 2010 2:36 PM
To: cf-talk
Subject: RE: Trying to understand application.cfc...
Rick,
One thing I do is to place a piece of code into the onRequestStart method to
reinit
Secunia advisory: http://secunia.com/advisories/40909/
Being stuck on CF 7, does anyone know if locking down the CF administrator
pages via Windows authentication is sufficient? (Versus the alternative of ...
?)
Thanks,
~James
I believe it addresses a potential vulnerability in
test
On Thu, Aug 12, 2010 at 11:44 AM, James Skemp jsk...@wisbar.org wrote:
Secunia advisory: http://secunia.com/advisories/40909/
Being stuck on CF 7, does anyone know if locking down the CF administrator
pages via Windows authentication is sufficient? (Versus the alternative of
... ?)
Being stuck on CF 7, does anyone know if locking down the CF
administrator pages via Windows authentication is sufficient? (Versus the
alternative of ... ?)
As a related question, If I wanted to restrict access to the CF Admin would
.htaccess on Centos Linux/Apache be sufficient? Or should I put
I get 2,800,000,000 results.
If you google for inurl:*.cfm
You get 259 million results.
andy
Richard Brain of ProCheckUp commented ââ¬ÅThis is a trivial attack which
can be performed easily by a competent engineer; ProCheckUp thanks
Adobe for consciously working with us to produce a
For the bare minimum restrict access to the following directories:-
/CFIDE/adminapi/
/CFIDE/administrator/
/CFIDE/componentutils/
/CFIDE/wizards/
~|
Order the Adobe Coldfusion Anthology now!
On Thu, Aug 12, 2010 at 3:13 PM, Gerald Guido gerald.gu...@gmail.com wrote:
As a related question, If I wanted to restrict access to the CF Admin would
.htaccess on Centos Linux/Apache be sufficient?
Any method of securing /CFIDE/Administrator/* so that CFM pages are
not executed until after
null=#!isDefined('myVar') OR !ListLen('myVar')#
Thanks Carl, I haven't actually tried both together, I've tried them
by themselves (as well as isNumeric and was unsuccessful 100% of the
time. I'll give this one a try next time I find a spot it could be
used and tested. Thank you!
Can someone pass me the Perl regex to allow the scripts folder? I'm just not
getting it on my own. So the rule would match anything that contains /CFIDE/
*except /CFIDE/SCRIPTS/ case insensitive.
Thanks in advance for saving me hours and hours of trial and error.
On Thu, Aug 12, 2010 at 4:21 PM, Tony Bentley
cascadefreehee...@gmail.comwrote:
Can someone pass me the Perl regex to allow the scripts folder? I'm just
not getting it on my own. So the rule would match anything that contains
/CFIDE/ *except /CFIDE/SCRIPTS/ case insensitive.
You can put
Thanks Pete. Unfortunately, I'm dealing with a virtual directory issue and
ghetto architecture in IIS. I was able to figure out how to lock it down
using the firewall and http proxy rules.
On Thu, Aug 12, 2010 at 2:09 PM, Pete Freitag p...@foundeo.com wrote:
On Thu, Aug 12, 2010 at 4:21 PM,
34 matches
Mail list logo