It isn't always cached. Note this line:
cfset argStruct.refreshWSDL = yes
This was added in CF9 I believe. (There is also a way to do it w/ cfinvoke.)
On Tue, Mar 5, 2013 at 12:35 AM, Andrew Scott andr...@andyscott.id.auwrote:
Not sure this is the issue, but WSDL is always cached, can you
So I call a CFC to get my ZingChart data, then I put that data in as the graph
data attributeâ¦
var randomNum = Math.random();
// Call to CFC to get data
$.getJSON
(cfoutput#application.path.cfcScriptPath/cfoutputcfcs/database/dashboard/dashboar.cfc?randomNum=
+ randomNum +
That is true Ray, I forgot all about that addition to ColdFusion 9.
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/113032480415921517411
On Tue, Mar 5, 2013 at 10:10 PM, Raymond Camden raymondcam...@gmail.comwrote:
It isn't always cached. Note
I have also tried using a dataurl to the CFC. Double quotes still getting
replaced with \ ...
zingchart.render({
width: cfoutput#variables.chartWidth#/cfoutput,
height: cfoutput#variables.chartHeight#/cfoutput,
container: 'zingchart4',
dataurl:
Hello all
I am implementing salt/password hash to an application that is being
redeveloped.
Adding salt/hash to newly created accounts is going well but of course there
are hundreds of existing accounts.
What would be the best practice for adding salt/hash to all of the existing
records?
Are you perhaps re-JSONing JSON? I noticed you did not pass
returnformat=json to your CFC. How are you handling that?
On Tue, Mar 5, 2013 at 5:55 AM, Chad Baloga cbal...@gmail.com wrote:
So I call a CFC to get my ZingChart data, then I put that data in as the
graph data attribute
var
Are you perhaps re-JSONing JSON? I noticed you did not pass
returnformat=json to your CFC. How are you handling that?
My cffunction tag is:
cffunction name=get_allLRrespByMonth access=remote returntype=any
returnformat=json
Then in my function after my query...
cfsavecontent
Torrent Girl moniqueb...@gmail.com wrote:
Hello all
I am implementing salt/password hash to an application that is being
redeveloped.
Adding salt/hash to newly created accounts is going well but of course there
are hundreds of existing accounts.
What would be the best
When I performed this same task a few months ago, I basically wrote a page
that did all the salting and updating as a loop. Obviously I had decided
on the actual process for login and tested it to make sure it worked. I
just increased the size of the password column, added a salt column and ran
Same result if I use a $.get and a returnformat=plain from the CFC
Are you perhaps re-JSONing JSON? I noticed you did not pass
returnformat=json to your CFC. How are you handling that?
~|
Order the Adobe Coldfusion Anthology
Our webserver utilizing CF8 was hacked. We're not sure how (in what manner), at
least at this point, but I am in the process of moving all CF stuff to a new
server using CF10.
I am checking all #variables# used in queries to be sure cfqueryparam is used.
We are moving everything from MS
if you have the master CFIDE open to the public and have not locked that
down as per the last security alert and hotfix, then that was no doubt the
cause of your hack.
Obviously there is no hotfix for CF8 as it is EOL, but you should at least
follow the lockdown guides that were published RE
You are returning a JSON string, but you also said returnformat=json.
So you told CF to JSON-encode your JSON string. Don't do that. ;)
On Tue, Mar 5, 2013 at 6:42 AM, Chad Baloga cbal...@gmail.com wrote:
Same result if I use a $.get and a returnformat=plain from the CFC
Are you perhaps
I am looking at integrating Flying Saucer to replace CFDOCUMENT mostly to
add support for page-break-inside:avoid.
Anybody been down this road and have any advice before I get started?
Brook
~|
Order the Adobe Coldfusion
cfquery name = qGetAllPropertiesAndOpenHouses
datasource=#arguments.real_estate_dsn#
select substring_index(p.mls_number, '_', 1) as p.mls_number,
p.street_number, p.street_name, p.city, p.state,
oh.mls_number, oh.date, oh.start_time, oh.end_time,
Perhaps it's the contents on that variable? Try putting it into a
cfqueryparam.
On Tue, Mar 5, 2013 at 10:47 AM, Rick Faircloth r...@whitestonemedia.comwrote:
cfquery name = qGetAllPropertiesAndOpenHouses
datasource=#arguments.real_estate_dsn#
select substring_index(p.mls_number,
Obvious first question- what is the exact value of
#arguments.listing_office_mls_id#?
When debugging something that I can't figure out from the query, I put the
whole things within a CFOUTPUT so I can see exactly what's being sent to the
DB.
-Original Message-
From:
Thanks for the feedback, John.
I'm not sure what was wrong with that query.
The line throwing the error worked when I had the queries
separated, before I tried a left join.
Separating them again worked after I changed this line:
where substring_index(p.mls_number, '_', 1) = oh.mls_number
When I performed this same task a few months ago, I basically wrote a page
that did all the salting and updating as a loop. Obviously I had decided
on the actual process for login and tested it to make sure it worked. I
just increased the size of the password column, added a salt column and
Okay I'm really struggling with this, I really need to get this ws call
back up and running.
I'm now trying to use cfinvoke and I'm getting a slightly different
error message.
was:
Web service operation zAdvWebServOptOut with parameters
{rick.r...@gmail.com,UDVAE}
cannot be found.
with
Ate you calling a cf web service that you have written or an external web
service?
Regards
Russ Michaels
www.michaels.me.uk
www.cfmldeveloper.com - Free CFML hosting for developers
www.cfsearch.com - CF search engine
On Mar 5, 2013 6:18 PM, Rick Root rick.r...@gmail.com wrote:
Okay I'm really
On 3/5/2013 7:15 AM, Torrent Girl wrote:
Hello all
I am implementing salt/password hash to an application that is being
redeveloped.
Adding salt/hash to newly created accounts is going well but of course there
are hundreds of existing accounts.
What would be the best practice for
Use cfqueryparam to rule out the value of the arguments variable causing
syntax related issues.
When an error tells you the line number and it is in a query, it rarely is
that actual line; it just knows it is in the query somewhere.
On 3/5/13 11:47 AM, Rick Faircloth r...@whitestonemedia.com
Okay I'm really struggling with this, I really need to get this ws call
back up and running.
I'm now trying to use cfinvoke and I'm getting a slightly different
error message.
was:
Web service operation zAdvWebServOptOut with parameters
{rick.r...@gmail.com,UDVAE}
cannot be found.
Dave, that link doesn't seem to work. Updater 8 applied this weekend, so
the latestand greatest.
Russ - it's an external web service - one written by our SAP peole - whom I
don't have the greatest of access to. I am the only consumer of this web
service.
Rick
Dave, I figured out what you were missing in the URL above .. probably not
related.
But it didmake me think - what if I switched back to Axis 1 ...
I tried this and re-tested but got the same error. Is this something I'd
need to re-start Coldfusion to take effect?
Rick
Not concerned with the sql syntax as much as I am about not using
cfqueryparam.
Please please please take the time to convert every query you have to use
that.
Based on your cfarguments and db permissions for your dsn, a bad bad user
might be able to delete everything from your database.
Byron
FYI, our recent break-in was through the fckeditor bug that we didn't have
patched. Look for a directory called Userfiles ...
We migrated to a whole new server rather than upgrading :)
There is no need to eliminate cfajaximport and cfform and other such
things, just set up a virtual directory
But it did make me think - what if I switched back to Axis 1 ...
Yeah, that was my thought - not that you necessarily needed to upgrade
to the latest patch, but you might add that switch to your web service
call. I don't know if a restart is required.
Dave Watts, CTO, Fig Leaf Software
I guess I didn't make myself clear. I wrote a routine that salted and
hashed all of the plain text passwords that were in the system. It was a
simple routine that only needed to run once. There was no inconvenience to
the users, as their passwords didn't change, they just were secure from
DING DING DING!
Adding the following to the original code did the trick.
cfset argStruct.wsVersion = 1
To those interested, who have seen the WSDL and wondered... note that the
WSDL has two input parameters and two response parameters, but I have to
pass FOUR parameters, the latter two just
Thanks for the tips and feedback, everyone!
Rick
-Original Message-
From: Byron Mann [mailto:byronos...@gmail.com]
Sent: Tuesday, March 05, 2013 2:05 PM
To: cf-talk
Subject: Re: Anyone see anything wrong with the syntax of the query?
Not concerned with the sql syntax as much as I am
Btw cfqueryparam id not actually there to protect against sql injection,
rather it is for paramatising queries to create execution plans for better
performance.
You can validate data in various ways before using in your query to achieve
the same result, such as cfparam, which will sometimes be
In that case I bet it is a problem with the axis version.
When you call an external web service axis creates a bunch of java stub
files which handle all the ws function calls, sometimes it is unable to
create them due to something in the web service it doesn't understand.
Your previous version of
Hi Folks,
We use client variables in our client databases and I've seen some
information that you can get better performance by creating indexes on
those tables. For instance this page
(http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=sharedVar
s_08.html) says the
We use client variables in our client databases and I've seen some
information that you can get better performance by creating indexes on
those tables. For instance this page
(http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=sharedVar
s_08.html) says the following:To
Protecting against sql injection also requires more than simply validating
datatypes, relying on cfqueryparam to do this will only protect you from
the basic drive by injections that rely on numeric fields accepting
strings, not advanced injections which can be done on any text field.
This
Thanks Dave.
A quick follow up. We are only keeping data in these tables for 1-3 days,
and it's obviously changing a lot as the site is used. So, does that mean
that once the indexes are created, they should be re-indexed / rebuilt
frequently (because of the frequent changes in the data)?
Sadly I cannot provide any links as proof, so I wont argue with you, but I
am sure I have seen someone on this list provide some advanced sql
injection examples that got through cfqueryparam
On Tue, Mar 5, 2013 at 9:50 PM, Dave Watts dwa...@figleaf.com wrote:
Protecting against sql
A quick follow up. We are only keeping data in these tables for 1-3 days,
and it's obviously changing a lot as the site is used. So, does that mean
that once the indexes are created, they should be re-indexed / rebuilt
frequently (because of the frequent changes in the data)?
No, the
Sadly I cannot provide any links as proof, so I wont argue with you, but I
am sure I have seen someone on this list provide some advanced sql
injection examples that got through cfqueryparam
The only way for this to be possible is to do something with the data
in your SQL after receiving the
Indexes can become fragmented over time, however. If you add the
indexes and note degradation of performance after a while, then you may
need to look at rebuilding indexes and statistics. If you are using SQL
Server, there are tools built-in to set up automated maintenance plans
which can
Is anybody using SCAN (Single Client Access Name) with Oracle RAC 11g R2 ?
We're not able to connect to the SCAN address itself, only the individual
servers.
- CF 9.01,
- using the Other driver and JDBC URL (from connecting to Oracle RAC 10g
(Oracle driver supports only SID, and we need to use
I guess I didn't make myself clear. I wrote a routine that salted and
hashed all of the plain text passwords that were in the system.
Ah, that is a good thing then. I took it that you were adding salts
to an existing hash like the original poster.
-Justin
The original poster never said they were adding salts to existing hashes.
They laid out the same scenario of converting plaintext passwords to
salted hashes.
On 3/5/13 7:06 PM, Justin Scott leviat...@darktech.org wrote:
I guess I didn't make myself clear. I wrote a routine that salted and
The original poster never said they were adding salts to existing hashes.
They laid out the same scenario of converting plaintext passwords to
salted hashes.
I'm just on a roll of misreading today. When she said adding salt
my brain stopped there and didn't register the /hash after that.
You may also see a slight performance boost if you change the data fields
from text to varchar(max) if you are on sql 2005+, plus storage size is
better. Pretty sure this was ok to do with CF8 plus.
Also be mindful of how much data you put into the client scope. Less the
better, since every
I'd have to agree with Dave.
The only time I've seen an issue (with cfqueryparam) was with something
like a sql string generated based on say a search form and then that being
passed to a stored procedure that executes the statement in the procedure.
Not to say it's impossible, for there are
48 matches
Mail list logo