Hi! Does anyone know of a free/cheap Web-based time off tracker to allow
employees to request time off, have it approved by supervisor, show
calendar of vacations to all users, etc. Could be written in CF, but not
required. Could be hosted or install-able.
--
John Bliss - http://about.me/jbliss
Hi,
We store user passwords as a hash value with a salt phrase using CF. However,
we have recently had a penetration test done on our servers and they have
advised that when the password gets sent to the server, the actual password
gets stored in the browser memory. They have suggested adding
There are quite a few, though none I've reviewed in the past have been in
CF. Most have been built around a Time Attendance solution... at least
the ones that I've looked at have been.
Contact me directly and I can email you a comparison chart of the ones I
last looked at (can't do attachments
Hi,
What methods do you guys use to prevent cross-site scripting in a CF9 and
JavaScript application?
I have seen the scriptprotect attribute in the administrator, but have also
seen that this doesnt fully protect.
Thanks,
Richard
See Jason Dean's presentation on Practical Ajax Security
http://ow.ly/2prk5
Steve 'Cutter' Blades
Adobe Community Professional
Adobe Certified Expert
Advanced Macromedia ColdFusion MX 7 Developer
http://cutterscrossing.com
Co-Author Learning Ext JS 3.2 Packt Publishing 2010
I recently discovered this when I signed up for lastpass and it shows you
all the login details stored in your browser and i'm quite sure most these
I have not intentionally saved. So if lastpass can do it, then any web app
can do it.
This is interesting reading:
On Fri, Feb 7, 2014 at 2:37 PM, Richard White wrote:
1) is this best practise as if the salt phrase is contained within
Javascript it will be easy for anyone to see what it is
Why would it be a problem if somebody saw it? It still increases the
complexity for a would-be attacker. Just make
Hey All,
I've got an issue where an external program written in Adobe AIR is
passing a pipe delimited list of values to CF via a webservice and that
list may contain strings like so #94; (a caret symbol)or just a
straight up # (like someone saying x# of y - short form for x number of
y).
Run a Replace on the string of data, and change the single # to a double ##
that then CF would process as a single one?
On Fri, Feb 7, 2014 at 11:58 AM, Bryan Stevenson
br...@electricedgesystems.com wrote:
Hey All,
I've got an issue where an external program written in Adobe AIR is
BTWI forgot to mention that I control the Adobe AIR application and
can alter it. This is all about a comments field in that application
and I suppose one solution would be to ensure that my special list
delimiter characters and # are kept out of the comments and this whole
issue goes
if you control the air app, then just send ## instead of #
On Fri, Feb 7, 2014 at 5:09 PM, Bryan Stevenson
br...@electricedgesystems.com wrote:
BTWI forgot to mention that I control the Adobe AIR application and
can alter it. This is all about a comments field in that application
and
Thanks Robsorry I should have mentioned that was the first thing I
tried (ye old double up the #), but the issue seems to be that when a
variable arrives on CF's door with a single # in it, CF bombs when
attempting to run the replace. Now I did say seemsthe way my day
has goneI
I thought the #'s were inside the list. If not and you control the AIR
app, then just add the replace on the other end, as Russ suggested.
On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson
br...@electricedgesystems.com wrote:
Thanks Robsorry I should have mentioned that was the first
Thanks Rob/Russstarting to think I will either do as you both
suggested and replace # with ## in the AIR app or do as I also mentioned
and not allow the few characters I'd have issues with (most users don't
need ~,|,^, or # in comments# being the most likely, but they can
use No. or
There are a few formatting functions in cf you might want to try that
spring top mind. UrlEncodedFormat, htmlEditFormat I think. Look at the
string and list functions on live docs.
On Feb 7, 2014 12:29 PM, Rob Parkhill robert.parkh...@gmail.com wrote:
I thought the #'s were inside the list.
Encode/serialize the data prior to hand off to cf?
On Feb 7, 2014 12:37 PM, Bryan Stevenson br...@electricedgesystems.com
wrote:
Thanks Rob/Russstarting to think I will either do as you both
suggested and replace # with ## in the AIR app or do as I also mentioned
and not allow the few
Bryan,
For clarification, how are the comments content being evaluated by CF and
causing it to choke? It seems to me that those should be handled as strings
and that they wouldnt be evaluated by CF, unless they are wrapped in an
eval(). If the whole string from a user comment is being
On 7 February 2014 18:07, Jon Clausen jon_clau...@silowebworks.com wrote:
Bryan,
For clarification, how are the comments content being evaluated by CF and
causing it to choke? It seems to me that those should be handled as
strings and that they wouldn't be evaluated by CF, unless they are
My guess is much like Tim Healt's. If you're calling a web service like a
WSDL/SOAP service, the # should be fine. If you're calling it directly via
URL params, like ?method=xargument1=v#riable, the # is a sign to your web
server that the URL params stop there - it's a href hash, which goes to
Hi All,
Thanks for the additional ideas and requests for clarification - I'm
stopping this by not allowing a few special characters in the comments...
That said
CF appears to error out when it receives the string of data that
contains single # or two # separated by string text being
It's a virtulized linux box running on the same subnet as desktops that can
successfully update the scheduled tasks.
When I vpn into the network as the IP discussed above only the scheduled
task update fails.
For now I am directing them via telephone and email how to update and set
the tasks but
are you connecting to the server using the same IP on each subnet to access
the cfadmin ?
On Fri, Feb 7, 2014 at 9:20 PM, Gonzo Rock gonzor...@gmail.com wrote:
It's a virtulized linux box running on the same subnet as desktops that can
successfully update the scheduled tasks.
When I vpn
Thanks... Like this Russ
The CF server is @ 192.168.11.30
The local desktop is @ 192.168.11.123
I phone in and speak to the person at the desktop and guide them to set
Scheduled Tasks
My VPN connection assigns my desktop 192.168.13.102
and when I connect to the CF admin for the server it runs
I have had Server closed the connection without sending any data and it has
usually been browser related.
I think this is more likely a problem being caused by your VPN connection
interfering with the browser response.
Is your cfadmin running over SSL by any chance ?
On Sat, Feb 8, 2014 at
24 matches
Mail list logo