ubject: Re: pseudo-memory leak
Ill give you another. Just to make sure its all kosher.
Lets say a normal password string, could include numbers and letters,
max length of 20, min length of 6. That should narrow it down some
for you. No spaces either.
997DA8FE4C40296C21CE8E1EB9BDC5B6
On 11/2
Hey.. you started it (lol)
-Original Message-
From: Terry Ford [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 07, 2005 2:45 PM
To: CF-Talk
Subject: Re: pseudo-memory leak
Well if you're going to go to all the trouble (and performance hit) of
building your own session scop
Then, everywhere you currently use "session" you would use
>"localcopyofsession".
>
>This would cause the bots to all share the same session values
>
>-Mark
>
>
>-Original Message-
>From: Mark A Kruger [mailto:[EMAIL PROTECTED]
>S
-Mark
-Original Message-
From: Mark A Kruger [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 07, 2005 3:22 PM
To: CF-Talk
Subject: RE: pseudo-memory leak
Regarding my "application name" approach - you could then try the following
in "botapplication"
sessio
>
>
>
>
>
>
>
>this code will in effect create 2 applications - botApplication and
>regularuserapplication - one with mangement "ON" and one with mangement
>"OFF".
>
>-Mark
>
>
>-Original Message-
>From: Terry Ford
Regarding my "application name" approach - you could then try the following
in "botapplication"
session = structnew();
session.user = 0
session.id = 0
. etc
It would actually be "variables.session" - but it would allow your code to
work (assuming you can come up with defaults for
ions - botApplication and
regularuserapplication - one with mangement "ON" and one with mangement
"OFF".
-Mark
-Original Message-
From: Terry Ford [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 07, 2005 12:57 PM
To: CF-Talk
Subject: Re: pseudo-memory leak
Correct, th
Correct, that's what I'm trying to do -- disable session management entirely
for bots so that thousands of sessions dont get needlessly created and
destroyed every 15 minutes.
Just to put this in perspective as to why I'm experimenting with this, Google
has over 500,000 pages from my site in
ugh, you have sessionmanagement="no"
DK
On 12/7/05, Terry Ford <[EMAIL PROTECTED]> wrote:
> Nope, still doesn't work. Even though the "session.pid" test is never
> reached, the error is still thrown. Try the following code:
>
> clientmanagement="no">
>
>
>
>An error i
Nope, still doesn't work. Even though the "session.pid" test is never reached,
the error is still thrown. Try the following code:
An error is thrown by the above statement each time
>Add in checker code to see if a session exists before using the sessio
Add in checker code to see if a session exists before using the session var.
IsDefined('session')
> Just tried your approach (sessionmanagement=no for bots) but every bot
> that hits a page that references a session variable (even in a check) then
> throws an error:
>
> "Before session variable
Just tried your approach (sessionmanagement=no for bots) but every bot that
hits a page that references a session variable (even in a check) then throws an
error:
"Before session variables can be used, the session state management system must
be enabled using the CFAPPLICATION tag."
Any
Interesting topic.
We gave up using client variables a while back when they started severely
impacting performance under load. It's incredibly important to avoid client
variables on systems under load. When we switched from client vars to a cookie
(hashed user ID & password combo) and used s
> -Original Message-
> From: Kerry [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 30, 2005 11:35 AM
> To: CF-Talk
> Subject: RE: pseudo-memory leak
>
> are you saying if it takes 2 weeks to hack a website, its less hacked than
> if it takes 2 hours?
>
are you saying if it takes 2 weeks to hack a website, its less hacked than
if it takes 2 hours?
:P
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: 30 November 2005 16:09
To: CF-Talk
Subject: RE: pseudo-memory leak
Clocks ticking
ed into MX7. Dang those UDF authors!
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Thursday, 1 December 2005 2:09 AM
To: CF-Talk
Subject: RE: pseudo-memory leak
Clocks ticking. ;-)
-Original Message-
From: Russ [mailto:[EMAIL PROTECTED]
) 6284 2727
Mobile: 0432 897 437
Email: [EMAIL PROTECTED]
WWW: http://www.coldgen.com/
http://www.actcfug.com
-Original Message-
From: Russ [mailto:[EMAIL PROTECTED]
Sent: Thursday, 1 December 2005 2:22 AM
To: CF-Talk
Subject: RE: pseudo-memory leak
Well turns out that CF
: Wednesday, November 30, 2005 9:31 AM
To: CF-Talk
Subject: RE: pseudo-memory leak
Seems like it is taking him a while ;-)
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: 29 November 2005 21:52
To: CF-Talk
Subject: Re: pseudo-memory leak
Ill give you another. Just to
Clocks ticking. ;-)
-Original Message-
From: Russ [mailto:[EMAIL PROTECTED]
Sent: 30 November 2005 16:22
To: CF-Talk
Subject: RE: pseudo-memory leak
Well turns out that CF uses MD5, which is a little different then LM hashes
used for windows passwords. I just need to get (or
: Wednesday, November 30, 2005 9:31 AM
To: CF-Talk
Subject: RE: pseudo-memory leak
Seems like it is taking him a while ;-)
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: 29 November 2005 21:52
To: CF-Talk
Subject: Re: pseudo-memory leak
Ill give you another. Just to
Seems like it is taking him a while ;-)
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: 29 November 2005 21:52
To: CF-Talk
Subject: Re: pseudo-memory leak
Ill give you another. Just to make sure its all kosher.
Lets say a normal password string, could include
Sent: Tuesday, November 29, 2005 4:36 PM
> To: CF-Talk
> Subject: Re: pseudo-memory leak
>
> Tell you what. See how long it takes you to brute force this hash.
> Post the cleartext when you get it.
>
> 6AF59B04BA48B18C15E3CB3ACB2BA75B
>
> I want to see how long it takes yo
o: CF-Talk
Subject: Re: pseudo-memory leak
Tell you what. See how long it takes you to brute force this hash.
Post the cleartext when you get it.
6AF59B04BA48B18C15E3CB3ACB2BA75B
I want to see how long it takes you.
On 11/29/05, Russ <[EMAIL PROTECTED]> wrote:
> The passwords in windows
lnerable to foul play.
>
>
>
> -Original Message-
> From: Ryan Guill [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 4:14 PM
> To: CF-Talk
> Subject: Re: pseudo-memory leak
>
> If you are an admin on the machine you could get the passwords even if they
much more vulnerable to foul play.
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 4:14 PM
To: CF-Talk
Subject: Re: pseudo-memory leak
If you are an admin on the machine you could get the passwords even if they
weren't in cookies!
-Original Message-
> From: Robertson-Ravo, Neil (RX)
> [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 3:22 PM
> To: CF-Talk
> Subject: RE: pseudo-memory leak
>
> LOL, isnt that just like saying - I can get in
lways need
to have a login on the system (or physical access to the machine) to get
people's passwords off of it.
-Original Message-
From: Robertson-Ravo, Neil (RX)
[mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 3:22 PM
To: CF-Talk
Subject: RE: pseudo-memory leak
LOL,
LOL, isnt that just like saying - I can get into any computer which is
locked..if you give me the password?
-Original Message-
From: Russ
To: CF-Talk
Sent: 29/11/2005 18:22
Subject: RE: pseudo-memory leak
Yea, I mentioned that before in the thread. Theoretically, hashing
should
me the password?
-Original Message-
From: Russ
To: CF-Talk
Sent: 29/11/2005 18:22
Subject: RE: pseudo-memory leak
Yea, I mentioned that before in the thread. Theoretically, hashing
should
be 1 way (so there is no way to turn the hash back into the value). But
you
could run a bruteforce against a h
> FYI, hashing something doesnt mean that it cant be extracted,
> why just the
> other day my little 2Ghz workstation extracted a 5 character
> password from a
> hash in about 5 minutes...
That's only if you have a weak password. I used a brute force on a 7
character password that had upper/low
ee why you would ever want to store sensitive information like
userid and password in a cookie, even if it's hashed.
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 1:40 PM
To: CF-Talk
Subject: Re: pseudo-memory leak
Alright, so y
; complete rainbow tables for windows passwords, and is able to find any
> password within a few hours, I believe, if he's got the hash).
>
>
>
> -Original Message-
> From: Kerry [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 1:14 PM
> To: CF-Talk
&g
> -Original Message-
> From: Kerry [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 1:14 PM
> To: CF-Talk
> Subject: RE: pseudo-memory leak
>
> FYI, hashing something doesnt mean that it cant be extracted, why just the
> other day my little 2Ghz w
t: Tuesday, November 29, 2005 1:14 PM
To: CF-Talk
Subject: RE: pseudo-memory leak
FYI, hashing something doesnt mean that it cant be extracted, why just the
other day my little 2Ghz workstation extracted a 5 character password from a
hash in about 5 minutes...
-Original Message-
From: Sna
: pseudo-memory leak
Normally you would HASH the data so it cannot be extracted and used or
changed.
-Original Message-
From: Russ [mailto:[EMAIL PROTECTED]
Sent: 28 November 2005 23:40
To: CF-Talk
Subject: RE: pseudo-memory leak
Cookies are not very secure now, are they? Lets say I was
-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:35 AM
To: CF-Talk
Subject: Re: pseudo-memory leak
You would still use a hashed password that you wouldnt be able to guess,
plus you could also seed the userid before the hash.
or like I said before, use a uuid for the
-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 10:35 AM
To: CF-Talk
Subject: Re: pseudo-memory leak
You would still use a hashed password that you wouldnt be able to guess,
plus you could also seed the userid before the hash.
or like I said before, use a uuid for
? Much easier then trying to guess the
> password.
>
>
>
> -Original Message-
> From: Snake [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 4:43 AM
> To: CF-Talk
> Subject: RE: pseudo-memory leak
>
> Normally you would HASH the data so it canno
easier then trying to guess the
password.
-Original Message-
From: Snake [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 4:43 AM
To: CF-Talk
Subject: RE: pseudo-memory leak
Normally you would HASH the data so it cannot be extracted and used or
changed.
-Origina
Normally you would HASH the data so it cannot be extracted and used or
changed.
-Original Message-
From: Russ [mailto:[EMAIL PROTECTED]
Sent: 28 November 2005 23:40
To: CF-Talk
Subject: RE: pseudo-memory leak
Cookies are not very secure now, are they? Lets say I was going to let the
but at least
he wouldn't be able to figure out the password.
-Original Message-
From: Matthew Walker [mailto:[EMAIL PROTECTED]
Sent: Monday, November 28, 2005 8:05 PM
To: CF-Talk
Subject: RE: pseudo-memory leak
> why can't a smart user has a userID 123457 using CF an
that case, it would
be better to use client variables instead of session variables.
-Original Message-
From: Justin D. Scott [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 29, 2005 12:07 AM
To: CF-Talk
Subject: RE: pseudo-memory leak
> Client.userId=123456
>
> Now, the u
> Client.userId=123456
>
> Now, the user has no way to change that... Now, lets
> say I store it in the cookie...
If your site is running on any kind of traffic, you should probably be using
session variables for this kind of thing anyway.
>
>
> Now, the user can examine their cookies and kno
> why can't a smart user has a userID 123457 using CF and set the
cookie?
Because you'd hash the password and store that too.
~|
Logware (www.logware.us): a new and convenient web-based time tracking
application. Start tracki
ing it in his cookie, but this is easily guessable...
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: Monday, November 28, 2005 7:03 PM
To: CF-Talk
Subject: Re: pseudo-memory leak
You would always hash any information that the user could mess with, no
matter wh
ailto:[EMAIL PROTECTED]
> Sent: Monday, November 28, 2005 2:04 PM
> To: CF-Talk
> Subject: Re: pseudo-memory leak
>
> I have never really found a need for client variables. What benefit do they
> really offer? The only time I could see using them is when you had
> something
In that case, wouldn't you want to store the password in the cookie too?
Perhaps hashed?
-Original Message-
From: Russ [mailto:[EMAIL PROTECTED]
Sent: Tuesday, 29 November 2005 12:46 p.m.
To: CF-Talk
Subject: RE: pseudo-memory leak
Cookies are not very secure now, are they? Lets
and know their userid. Worse, they
can change the userid, and be logged in as a different user.
Russ
-Original Message-
From: Ryan Guill [mailto:[EMAIL PROTECTED]
Sent: Monday, November 28, 2005 2:04 PM
To: CF-Talk
Subject: Re: pseudo-memory leak
I have never really found a need for
Not a worry. :)
Once I have some more information on specifics I'll have a full paper
written up for Fusion Authority.
> Ohh, nevermind, I see it now.
>
> My applogies.
>
> On 11/28/05, Ryan Guill <[EMAIL PROTECTED]> wrote:
>> sorry, guess I haven't gotten the second email.. and no, i didnt look
Ohh, nevermind, I see it now.
My applogies.
On 11/28/05, Ryan Guill <[EMAIL PROTECTED]> wrote:
> sorry, guess I haven't gotten the second email.. and no, i didnt look
> at the blog.
>
> On 11/28/05, Michael Dinowitz <[EMAIL PROTECTED]> wrote:
> > That's exactly what my example code did. It was in
sorry, guess I haven't gotten the second email.. and no, i didnt look
at the blog.
On 11/28/05, Michael Dinowitz <[EMAIL PROTECTED]> wrote:
> That's exactly what my example code did. It was in the second email and in
> the blog.
>
> > Well in that case couldnt you look for the robot in the userage
That's exactly what my example code did. It was in the second email and in
the blog.
> Well in that case couldnt you look for the robot in the useragent
> string? I know googlebot at least has a specific user agent you can
> look for. Im sure yahoo does too.
>
> If you find that useragent, then
still running another server on BD? How is BD handling this issue?
> >
> > -Original Message-
> > From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
> > Sent: Monday, November 28, 2005 1:38 PM
> > To: CF-Talk
> > Subject: pseudo-memory leak
> >
>
wrote:
> > -Original Message-
> > From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
> > Sent: Monday, November 28, 2005 2:10 PM
> > To: CF-Talk
> > Subject: Re: pseudo-memory leak
> >
> > I use them for a persisted signin when someone comes to
> -Original Message-
> From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 28, 2005 2:10 PM
> To: CF-Talk
> Subject: Re: pseudo-memory leak
>
> I use them for a persisted signin when someone comes to the site. I can
> use
> a cookie instead
D handling this
>> issue?
>>
>> -Original Message-
>> From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
>> Sent: Monday, November 28, 2005 1:38 PM
>> To: CF-Talk
>> Subject: pseudo-memory leak
>>
>> I've written up my thoughts on wha
: Monday, November 28, 2005 1:38 PM
> To: CF-Talk
> Subject: pseudo-memory leak
>
> I've written up my thoughts on what looks like the problem that the House of
> Fusion server was facing for the last few weeks. It's a problem that
> probably affects others but I'm not
clean out
faster than I think.
> Are you still running another server on BD? How is BD handling this
> issue?
>
> -Original Message-
> From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 28, 2005 1:38 PM
> To: CF-Talk
> Subject: pseudo-
Are you still running another server on BD? How is BD handling this issue?
-Original Message-
From: Michael Dinowitz [mailto:[EMAIL PROTECTED]
Sent: Monday, November 28, 2005 1:38 PM
To: CF-Talk
Subject: pseudo-memory leak
I've written up my thoughts on what looks like the pr
I've written up my thoughts on what looks like the problem that the House of
Fusion server was facing for the last few weeks. It's a problem that probably
affects others but I'm not going to comment on how wide spread it is until the
full write-up on Fusion Authority. These are just my notes and
Sorry, meant to post the whole thing. :)
For the last few weeks I've been having some problems with House of Fusion.
The memory for the JRun.exe has been going through the roof and I didn't know
why. The code was tight, nothing had really changed on the site, so what was
up? The answer was Yah
61 matches
Mail list logo
