Re: Opinion: Abuse of session variables
in the case I was referring to Dave, there was no locking, and it was copying all scopes into sessions (variables, url and form) and then back again so it really was for no good reason :-) however all programmers work different and have a tendency to slate the way others have done things, thus why I suggested it would be better to just ask him rather than make assumptions.Most of time we don;t have this option as the original developer has long since gone. On Wed, Feb 1, 2012 at 3:58 AM, Dave Watts dwa...@figleaf.com wrote: I have come across some similar code also, moving variables scope into sessions and back again for no reason. There's actually a reason why that might be, in some cases. Not a good reason, but a reason nonetheless. It used to be the case (CF 5 and earlier) that you had to worry about locking a lot more than you do now. So, people would do something like this: !-- top of page -- cflock scope=session ... cfset variables.localsession = session /cflock ... do a bunch of stuff with those variables ... !-- bottom of page -- cflock scope=session ... cfset session = variables.localsession /cflock Unfortunately, it didn't work very well in practice. perhaps you could just ask him why he is doing it. I am not being sarcastic when I say this - this is a very good suggestion. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349694 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
the #2 will not print with Bar Code 39 f HR cfprint comand
I am creating a pdf file with a bar code. If I open the pdf and hit print the bar code prints fine. If i use cfprint to print the same pdf. all letters and numbers will print in the bar code font except the #2. This is driving me crazy. I did have to do this fix to get the bar code to print at all with cfprint. http://kb2.adobe.com/cps/405/kb405588.html ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349695 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Hi thanks to all the guys who have helped on this project. Most of it is working but... I am passing hidden variables to a confirmation page this line of code works: input type=hidden name=namefirst2 value=cfoutput#namefirst2#/cfoutput / I can't get the loop to work cfloop index = i from = 1 to = 50 input type=hidden name=namefirst#i# value=cfoutput#'namefirst' i#/cfoutput / /cfloop Thanks Rob Robert J. Voyle, Psy.D. Director, Clergy Leadership Institute For Coaching and Training in Appreciative Inquiry Author: Restoring Hope: Appreciative Strategies to Resolve Grief and Resentment http://www.appreciativeway.com/ 503-647-2378 or 503-647-2382 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349696 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Returning errors from MySQL to AjaxCFC
I sure thought about that Russ. The only thing is where and how to set the struct with the cfcatch errors in order to return the struct. If you have an idea let me now. I will look into that in the meantime. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349697 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
I can't get the loop to work cfloop index = i from = 1 to = 50 input type=hidden name=namefirst#i# value=cfoutput#'namefirst' i#/cfoutput / /cfloop What is this supposed to output? cfoutput#'namefirst' i#/cfoutput If you want to output the value contained in a variable whose name consists of the string namefirst1, namefirst2, etc, here's one way to do it: cfoutput#variables[namefirst i]#/cfoutput Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349698 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Escaping #
Try this: cfoutput cfloop index=I from=1 to=50 input type=hidden name=namefirst#1# value=#namefirst##i# / /cfloop /cfoutput -Original Message- From: Rob Voyle [mailto:robvo...@voyle.com] Sent: Wednesday, February 01, 2012 10:04 AM To: cf-talk Subject: Re: Escaping # Hi thanks to all the guys who have helped on this project. Most of it is working but... I am passing hidden variables to a confirmation page this line of code works: input type=hidden name=namefirst2 value=cfoutput#namefirst2#/cfoutput / I can't get the loop to work cfloop index = i from = 1 to = 50 input type=hidden name=namefirst#i# value=cfoutput#'namefirst' i#/cfoutput / /cfloop Thanks Rob Robert J. Voyle, Psy.D. Director, Clergy Leadership Institute For Coaching and Training in Appreciative Inquiry Author: Restoring Hope: Appreciative Strategies to Resolve Grief and Resentment http://www.appreciativeway.com/ 503-647-2378 or 503-647-2382 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349699 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Try this: cfoutput cfloop index=I from=1 to=50 input type=hidden name=namefirst#1# value=#namefirst##i# / /cfloop /cfoutput I don't think that's going to get the value of a variable called, say, namefirst1. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, on ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349700 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the #2 will not print with Bar Code 39 f HR cfprint comand
I am creating a pdf file with a bar code. If I open the pdf and hit print the bar code prints fine. If i use cfprint to print the same pdf. all letters and numbers will print in the bar code font except the #2. This is driving me crazy. I did have to do this fix to get the bar code to print at all with cfprint. http://kb2.adobe.com/cps/405/kb405588.html Did you install all the fonts used by this PDF on your CF server? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349701 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Escaping #
I agree, but I flipped it out quickly without knowing what he really wanted to do with value. However it did fix his issue with not having cfoutputs around #i# in name. Well it would have if I had typed i instead of 1. As always, I defer to the Master! Steve -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Wednesday, February 01, 2012 10:18 AM To: cf-talk Subject: Re: Escaping # Try this: cfoutput cfloop index=I from=1 to=50 input type=hidden name=namefirst#1# value=#namefirst##i# / /cfloop /cfoutput I don't think that's going to get the value of a variable called, say, namefirst1. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, on ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349702 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: jboss cfcontent variable xls file no lopnger working.
well this was an easy fix. in CfAdmin there is a setting under the Advanced Settings to Enable binary large object retrieval (BLOB). In my case, it was unchecked. On the New server instance. On Jan 30, 2012 7:13 PM, morchella morchella.delici...@gmail.com wrote: so we have our file data stored in a blob. upgrading from websphere cf7 to jboss. cf9 for some reason i cant for the life of me trouble shoot correctly. some/most xls are no longer downloading correctly. if i upload a simple xls it works. so does an xls. but existing binary data from a blob field is not consistently downloading. pdfs are all good. any idea how i can debug the issue? thanks guys -p ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349703 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Crossed Accounts Issue
I have an issue that I am hoping one of you can help me out with. The issue is caused when more than one user logs in with a few tenths of a second of each other. This happens maybe once every few weeks on a high volume application. The problem is with user information getting mixed up when authenticating. As you can see from the code below the authenticate component is called right before setting the session username. The authenticate component does all the basic checks and returns the user info. In these rare instances the session.RetAuth.username and all the info returned from the component are for another user that is logging in at the same time. CFSCRIPT if(NOT IsDefined(APPLICATION.oUser)){ APPLICATION.oUser=CreateObject(component,#APPLICATION.G.CFC_PATH#User); } APPLICATION.oUser.DSN=this.DSN; /CFSCRIPT CFSET session.RetAuth=APPLICATION.oUser.authenticate(form.Login,form.Password) CFSET SESSION.UserName=FORM.Login ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349704 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Returning errors from MySQL to AjaxCFC
This sure worked Russ, but I noticed that I made a mistake earlier in my function. I placed the cftry tags in the wrong place. Anyway, here is what I did returning a struct and a string. USING A STRING: cffunction name=NAME returntype=any cfset var result = / cftry cfquery name=qryName ... ... /cfquery cfset result= Information was successfully saved! / !--- Use cfcatch to test for database errors.--- !--- Print error messages. --- !--- Block executes only if a Database exception is thrown. --- cfcatch type=database cfset result= #cfcatch.Detail#/ /cfcatch /cftry cfreturn result /cffunction USING STRUCT: cffunction name=NAME returntype=any cfset var result = structnew() / cftry cfquery name=qryName ... ... /cfquery cfset result={err_msg = Information was successfully saved!} / !--- Use cfcatch to test for database errors.--- !--- Print error messages. --- !--- Block executes only if a Database exception is thrown. --- cfcatch type=database cfset result = { err_msg = #cfcatch.Message#, err_code = #cfcatch.NativeErrorCode#, err_sql = #cfcatch.SQLState#, err_det = #cfcatch.Detail# } / /cfcatch /cftry cfreturn result /cffunction Thank you ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349705 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the ##2 will not print with Bar Code 39 f HR cfprint comand
Yes, it prints from the server fine if I open the pdf and print from acrobat reader. it just wont print the #2 with the cfprint command. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349706 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the ##2 will not print with Bar Code 39 f HR cfprint comand
Yes, it prints from the server fine if I open the pdf and print from acrobat reader. it just wont print the #2 with the cfprint command. If you go into the fonts list in CF Administrator, are all the fonts used by your PDF listed there? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349707 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Crossed Accounts Issue
I have an issue that I am hoping one of you can help me out with. The issue is caused when more than one user logs in with a few tenths of a second of each other. This happens maybe once every few weeks on a high volume application. The problem is with user information getting mixed up when authenticating. As you can see from the code below the authenticate component is called right before setting the session username. The authenticate component does all the basic checks and returns the user info. In these rare instances the session.RetAuth.username and all the info returned from the component are for another user that is logging in at the same time. CFSCRIPT if(NOT IsDefined(APPLICATION.oUser)){ APPLICATION.oUser=CreateObject(component,#APPLICATION.G.CFC_PATH#User); } APPLICATION.oUser.DSN=this.DSN; /CFSCRIPT CFSET session.RetAuth=APPLICATION.oUser.authenticate(form.Login,form.Password) CFSET SESSION.UserName=FORM.Login This is a race condition issue. You can solve it by implementing locking, either around this code or perhaps within your component. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our t ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349708 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the ####2 will not print with Bar Code 39 f HR cfprint comand
Yes they are there Yes, it prints from the server fine if I open the pdf and print from acrobat reader. it just wont print the #2 with the cfprint command. If you go into the fonts list in CF Administrator, are all the fonts used by your PDF listed there? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349709 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Crossed Accounts Issue
try using the cflock tag. It helps to isolate profiles. Also, consider allowing client to have unique usernames such as email addresses or something, then get the profile based on these unique usernames. in this case, no one will have another's profile. From: Eric Williams e99...@gmail.com To: cf-talk cf-talk@houseoffusion.com Sent: Wednesday, February 1, 2012 4:28 PM Subject: Crossed Accounts Issue I have an issue that I am hoping one of you can help me out with. The issue is caused when more than one user logs in with a few tenths of a second of each other. This happens maybe once every few weeks on a high volume application. The problem is with user information getting mixed up when authenticating. As you can see from the code below the authenticate component is called right before setting the session username. The authenticate component does all the basic checks and returns the user info. In these rare instances the session.RetAuth.username and all the info returned from the component are for another user that is logging in at the same time. CFSCRIPT if(NOT IsDefined(APPLICATION.oUser)){ APPLICATION.oUser=CreateObject(component,#APPLICATION.G.CFC_PATH#User); } APPLICATION.oUser.DSN=this.DSN; /CFSCRIPT CFSET session.RetAuth=APPLICATION.oUser.authenticate(form.Login,form.Password) CFSET SESSION.UserName=FORM.Login ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349710 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Crossed Accounts Issue
I have an issue that I am hoping one of you can help me out with. The issue is caused when more than one user logs in with a few tenths of a second of each other. This happens maybe once every few weeks on a high volume application. The problem is with user information getting mixed up when authenticating. As you can see from the code below the authenticate component is called right before setting the session username. The authenticate component does all the basic checks and returns the user info. In these rare instances the session.RetAuth.username and all the info returned from the component are for another user that is logging in at the same time. CFSCRIPT if(NOT IsDefined(APPLICATION.oUser)){ APPLICATION.oUser=CreateObject(component, #APPLICATION.G.CFC_PATH#User); } APPLICATION.oUser.DSN=this.DSN; /CFSCRIPT CFSET session.RetAuth=APPLICATION.oUser.authenticate(form. Login,form.Password) CFSET SESSION.UserName=FORM.Login This is a race condition issue. You can solve it by implementing locking, either around this code or perhaps within your component. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our Dave, I already have a lock in the component, I create a unique uuid on each request for the lock. Did not solve the problem. Might try a lock around the entire login code. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349711 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the ##2 will not print with Bar Code 39 f HR cfprint comand
Yes they are there Yes, it prints from the server fine if I open the pdf and print from acrobat reader. it just wont print the #2 with the cfprint command. If you go into the fonts list in CF Administrator, are all the fonts used by your PDF listed there? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349712 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the ##2 will not print with Bar Code 39 f HR cfprint comand
Yes they are all in CF Administrator Yes, it prints from the server fine if I open the pdf and print from acrobat reader. it just wont print the #2 with the cfprint command. If you go into the fonts list in CF Administrator, are all the fonts used by your PDF listed there? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349713 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: the ##2 will not print with Bar Code 39 f HR cfprint comand
Yes they are all in CF Administrator Then, I got nothin. Sorry. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349714 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Hi Dave and Steve Thanks for the help What I am doing is creating a series of pages to register students for a class. I have a set of variables namefirst1 namefirst2 namefirst3 etc. which yield names such as Fred, Sam, Mary etc. that evenutally get passed by hidden input to a confirmation page after the person pays Here is what I got to work cfloop index = i from = 2 to = 20 cfoutput input type=hidden name=namefirst#i# value=#Evaluate('namefirst' i)# / /cfoutput /cfloop I needed the cfoutput tag because it wasn't reading the name=namefirst#i# and then needed to evaluate the variable which gets rid of the multiple ## . Thanks for your help. Rob On 1 Feb 2012 at 10:10, Dave Watts wrote: I can't get the loop to work cfloop index = i from = 1 to = 50 input type=hidden name=namefirst#i# value=cfoutput#'namefirst' i#/cfoutput / /cfloop What is this supposed to output? cfoutput#'namefirst' i#/cfoutput If you want to output the value contained in a variable whose name consists of the string namefirst1, namefirst2, etc, here's one way to do it: cfoutput#variables[namefirst i]#/cfoutput Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349715 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Extending App.cfc and file paths
I have a setup where I grab the root path of my application in app.cfc using GetDirectoryFromPath(GetCurrentTemplatePath()) and set it in the application scope through OnApplicationStart. This works great for most of the site, but I have one subfolder where I've extended app.cfc to add a login script to OnRequestStart. The problem I'm having is if the application starts up from that subfolder, the extended app.cfc sets the root path from the subfolder instead of the root folder where the original app.cfc is located. Anyone know a way to fix this? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349716 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Here is what I got to work cfloop index = i from = 2 to = 20 cfoutput input type=hidden name=namefirst#i# value=#Evaluate('namefirst' i)# / /cfoutput /cfloop I needed the cfoutput tag because it wasn't reading the name=namefirst#i# and then needed to evaluate the variable which gets rid of the multiple ## . That will work as well, but in general it's more expensive to use evaluate (which has to do more work under the covers, to convert an arbitrary string to executable code) than the solution I proposed, which looks for a key within a structure. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349717 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Hi Dave What you had suggested didn't work as I hadn't scoped the variables so I got a not defined error message when I tried cfoutput#variables[namefirst i]#/cfoutput I tried cfoutput#[namefirst i]#/cfoutput but that didn't work. Rob On 1 Feb 2012 at 11:39, Dave Watts wrote: Here is what I got to work cfloop index = i from = 2 to = 20 cfoutput input type=hidden name=namefirst#i# value=#Evaluate('namefirst' i)# / /cfoutput /cfloop I needed the cfoutput tag because it wasn't reading the name=namefirst#i# and then needed to evaluate the variable which gets rid of the multiple ## . That will work as well, but in general it's more expensive to use evaluate (which has to do more work under the covers, to convert an arbitrary string to executable code) than the solution I proposed, which looks for a key within a structure. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349718 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
What you had suggested didn't work as I hadn't scoped the variables so I got a not defined error message when I tried cfoutput#variables[namefirst i]#/cfoutput You can use whatever scope the variables are in, though: #form[namefirst i]# I tried cfoutput#[namefirst i]#/cfoutput but that didn't work. Right. The brackets indicate membership in a structure, but you didn't specify the structure structure[key] Variable scopes are exposed as structures. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349719 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Hi Dave My forms up until this time have been very simple and I have never defined or specified the scope or structure of variables. Is there a syntax for the cfloop if no structure is defined or is that when i would need to use evaluate? Thanks Rob On 1 Feb 2012 at 12:46, Dave Watts wrote: What you had suggested didn't work as I hadn't scoped the variables so I got a not defined error message when I tried cfoutput#variables[namefirst i]#/cfoutput You can use whatever scope the variables are in, though: #form[namefirst i]# I tried cfoutput#[namefirst i]#/cfoutput but that didn't work. Right. The brackets indicate membership in a structure, but you didn't specify the structure structure[key] Variable scopes are exposed as structures. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag= houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:34 9719 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349720 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
A variable will *always* live in a scope. If you POST a form to your server, the form's inputs will be available in the FORM scope. If you send the form using GET or if you hit a page with URL parameters (in effect the same thing), the form inputs / url parameters will be available in the URL scope. Now, the fun part. If you don't specify a scope when addressing variables, ColdFusion will search all the scopes until it finds your variable. Addressing variables without scope can lead to unexpected behaviour should you have the same variable name in different scopes. This seems to explain it well: http://www.garyrgilbert.com/tutorials/coldfusion/beginner/scope.cfm In short though, it is good practice to always declare the scope of your variables when accessing them. You should never need to use Eval() in this situation. HTH Dominic On 1 February 2012 18:03, Rob Voyle robvo...@voyle.com wrote: Hi Dave My forms up until this time have been very simple and I have never defined or specified the scope or structure of variables. Is there a syntax for the cfloop if no structure is defined or is that when i would need to use evaluate? Thanks Rob On 1 Feb 2012 at 12:46, Dave Watts wrote: What you had suggested didn't work as I hadn't scoped the variables so I got a not defined error message when I tried cfoutput#variables[namefirst i]#/cfoutput You can use whatever scope the variables are in, though: #form[namefirst i]# I tried cfoutput#[namefirst i]#/cfoutput but that didn't work. Right. The brackets indicate membership in a structure, but you didn't specify the structure structure[key] Variable scopes are exposed as structures. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag= houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:34 9719 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349721 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Escaping #
Is there a syntax for the cfloop if no structure is defined or is that when i would need to use evaluate? When you create variables, they are in one scope or another. Those structures are always defined. Just use the one that happens to contain your variables. If you submit a form, variables from that form are in the Form scope. If you have variables retrieved from a URL, they're URL variables. Etc, etc. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349722 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Opinion: Abuse of session variables
I would agree with what some others have written, in that an apparent over-use of session variables is not inherently bad, unless it is causing server instability or memory problems. Make sure the programmer is using session variables for a specific reason, and that he is aware of the issues that using session variables can cause. Out of all the faults one can find when examining a Web site, using too many session variables is fairly low on the priority list. 1000 users on a site at a time with 250 session variables per user doesn't seem that bad to me on the surface. Storing frequently accessed database data in the session scope is often used as a caching optimization technique to reduce the database bottleneck. It is a technique I use and recommend, especially for very busy Web applications. In general, the busier the Web application, the more you are going to want to store in-memory to reduce the database usage, assuming your server has sufficient RAM. Really giant Web sites, like Facebook and YouTube, make extensive use of in-memory databases, like memcached. http://en.wikipedia.org/wiki/Memcached One thing most developers neglect to do when using lots of session variables is making the session code thread safe, which takes a relatively high skill and experience level to accomplish. Unless you see a lot of cflock tags to mitigate the possible problems, a site with 1000 simultaneous users and 250 session variables might have random problems that could be traced back to the use of session variables. Threading problems can be hard to diagnose and are usually not discovered until the code gets put into a production environment. If the programmer is aware of the memory usage and threading issues, using lots of session variables is likely a minor concern, and potentially is a good thing if he is using them as a technique to speed up the Web application. You wrote I see no scope referencing in these Vars, which I find odd if you are referring to variables in the session scope. All the in-memory variables should have their scope referenced when they are used. -Mike Chabot On Tue, Jan 31, 2012 at 11:37 AM, Robert Harrison rob...@austin-williams.com wrote: Thanks for all the input. Besides the fact that the application could conceivably have hundreds of thousands of session Vars in memory, I'm concerned about collision too. I see no scope referencing in these Vars and see they are all 'common names'. I also see no routines to clear any vars after completion of an operation is over. Oh well. Robert B. Harrison Director of Interactive Services Austin Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.co ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349723 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Opinion: Abuse of session variables
On Wed, Feb 1, 2012 at 1:55 PM, Mike Chabot mcha...@gmail.com wrote: One thing most developers neglect to do when using lots of session variables is making the session code thread safe, which takes a relatively high skill and experience level to accomplish. Unless you see a lot of cflock tags to mitigate the possible problems, a site with 1000 simultaneous users and 250 session variables might have random problems that could be traced back to the use of session variables. This is largely false since the release of CF6. Race conditions being the primary exception. -Cameron ... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349724 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Opinion: Abuse of session variables
Fyi cf officially did away with need for manual locking some time ago. The only sitation where you need to lock now is where you have potential race conditions. Some folks still like to lock anyway though. Regards Russ Michaels From my mobile On 1 Feb 2012 18:57, Mike Chabot mcha...@gmail.com wrote: I would agree with what some others have written, in that an apparent over-use of session variables is not inherently bad, unless it is causing server instability or memory problems. Make sure the programmer is using session variables for a specific reason, and that he is aware of the issues that using session variables can cause. Out of all the faults one can find when examining a Web site, using too many session variables is fairly low on the priority list. 1000 users on a site at a time with 250 session variables per user doesn't seem that bad to me on the surface. Storing frequently accessed database data in the session scope is often used as a caching optimization technique to reduce the database bottleneck. It is a technique I use and recommend, especially for very busy Web applications. In general, the busier the Web application, the more you are going to want to store in-memory to reduce the database usage, assuming your server has sufficient RAM. Really giant Web sites, like Facebook and YouTube, make extensive use of in-memory databases, like memcached. http://en.wikipedia.org/wiki/Memcached One thing most developers neglect to do when using lots of session variables is making the session code thread safe, which takes a relatively high skill and experience level to accomplish. Unless you see a lot of cflock tags to mitigate the possible problems, a site with 1000 simultaneous users and 250 session variables might have random problems that could be traced back to the use of session variables. Threading problems can be hard to diagnose and are usually not discovered until the code gets put into a production environment. If the programmer is aware of the memory usage and threading issues, using lots of session variables is likely a minor concern, and potentially is a good thing if he is using them as a technique to speed up the Web application. You wrote I see no scope referencing in these Vars, which I find odd if you are referring to variables in the session scope. All the in-memory variables should have their scope referenced when they are used. -Mike Chabot On Tue, Jan 31, 2012 at 11:37 AM, Robert Harrison rob...@austin-williams.com wrote: Thanks for all the input. Besides the fact that the application could conceivably have hundreds of thousands of session Vars in memory, I'm concerned about collision too. I see no scope referencing in these Vars and see they are all 'common names'. I also see no routines to clear any vars after completion of an operation is over. Oh well. Robert B. Harrison Director of Interactive Services Austin Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.co ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349725 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Santizing User Input
I recently received a notice that my PCI security scan failed. One further review it seems we have a PDF that we use to show some of our products and the PDF was created from a POWERPOINT Presentation. It appears there is a single HTM page that caused the alert. The company stated the following (see below). What I am looking for is a way to control user input within CF. I found an MS page that has a VB script but would prefer something in CF. http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx From the Security Company You will need to make sure all user input is being sanitized of all special characters. This may not be bringing up the alert, but because the special characters are not sanitized, it leaves open the possibility that a malicious attacker could get their scripts to execute. Thanks so much for any assistance Doug ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349726 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Santizing User Input
That VB script just uses a regular expression (already written for you). All you need to do is use it in conjunction with ColdFusion's built-in `reFind()` or `reFindNoCase()` functions. http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7e9a.html http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e0811cbec22c24-7e99.html So, something like so: if ( reFind( ^[\w\.:\?=/]*$ , myString ) ) { // oops, they failed... handle appropriately } HTH On Wed, Feb 1, 2012 at 3:33 PM, douglas cohn douglas.c...@gmail.com wrote: I recently received a notice that my PCI security scan failed. One further review it seems we have a PDF that we use to show some of our products and the PDF was created from a POWERPOINT Presentation. It appears there is a single HTM page that caused the alert. The company stated the following (see below). What I am looking for is a way to control user input within CF. I found an MS page that has a VB script but would prefer something in CF. http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx From the Security Company You will need to make sure all user input is being sanitized of all special characters. This may not be bringing up the alert, but because the special characters are not sanitized, it leaves open the possibility that a malicious attacker could get their scripts to execute. Thanks so much for any assistance Doug ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349727 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Opinion: Abuse of session variables
Race conditions are what I am referring to and they are a problem, even in CF9. Many developers either heard or read that the earlier problems with session variables have been fixed and that they no longer need to ever lock them, but this is not true. It is one of the most common CF misconceptions, even among experienced CF programmers. The problem generally only shows up on high-traffic data intensive sites, but even with 1000 simultaneous users and 250 session variables I would expect that the application will at some point have a seemingly random and rare issue when updating large structures of session variables or processing giant form submissions that could ultimately be traced back to a race condition where competing code execution process are accessing the same shared resource on different threads. The cflock tag still exists, and it is usually not used as frequently as it needs to be used, which is why I mentioned the problem. The use of the cflock tag is not simply a matter of preference. It solves an actual problem related to the multi-threaded code accessing shared resources, such as session variables. From the CF9 manual: ColdFusion lets you lock access to sections of code to ensure that ColdFusion does not attempt to run the code, or access the data that it uses, simultaneously or in an unpredictable order. This locking feature is important for ensuring the consistency of all shared data, including data in external sources in addition to data in persistent scopes. I think many developers would prefer to ignore the issue because locking isn't fun and race conditions are a challenging issue to understand. -Mike Chabot On Wed, Feb 1, 2012 at 3:03 PM, Cameron Childress camer...@gmail.com wrote: This is largely false since the release of CF6. Race conditions being the primary exception. -Cameron ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349728 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Working with an API - help
Hey everyone, I've been asked to work on a website that interacts with a database via an API. I have the manual to the API and think I may be in over my head, but would like to explore this a little more. Is it as Daunting as it looks? The database is set up and the current old website (php) uses this API to interact with the website, mostly letting customers update account info from the website. I don't have access to the current website files. About the API: This ... API is a COM+ application. It provides a set of COM objects that can be manipulated by COM- compliant development tools such as Visual Basic, Visual C++, Visual C#, VSTA and so on. The manual lists classes with input paramaters and return values like: Example The following example shows how to create a new user profile once the account has been validated: Dim objUserProfile as Object Dim lRetCode as Integer â Set objUserProfile = CreateObject(API.cUserInfo) I've been using CF for years, but don't know how to integrate with this. Any tips or suggestions on where to look for help on this? Or does this require knowledge of a different language altogether? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349729 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Working with an API - help
You're on the right path with using CreateObject(). First off, your server of course has to be Windows and can't be 64bit which doesn't have COM support. Then you install and register the COM object on your server. Once that's done, you instantiate it the way you're getting at: API = createObject(com, registeredComObjectNameHere); then access the methods on it: userProfile = API.cUserInfo(); On 2/1/12 3:04 PM, jack Lemay wrote: Hey everyone, I've been asked to work on a website that interacts with a database via an API. I have the manual to the API and think I may be in over my head, but would like to explore this a little more. Is it as Daunting as it looks? The database is set up and the current old website (php) uses this API to interact with the website, mostly letting customers update account info from the website. I don't have access to the current website files. About the API: This ... API is a COM+ application. It provides a set of COM objects that can be manipulated by COM- compliant development tools such as Visual Basic, Visual C++, Visual C#, VSTA and so on. The manual lists classes with input paramaters and return values like: Example The following example shows how to create a new user profile once the account has been validated: Dim objUserProfile as Object Dim lRetCode as Integer â Set objUserProfile = CreateObject(API.cUserInfo) I've been using CF for years, but don't know how to integrate with this. Any tips or suggestions on where to look for help on this? Or does this require knowledge of a different language altogether? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349730 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Working with an API - help
the cf syntax isn't much different. cfset objUserProfile = CreateObject(COM,API.cUserInfo) http://cfquickdocs.com/cf9/#createobject.comobject then you just call the methods of objUserProfile cfset foo = objUserProfile.method(params) On Wed, Feb 1, 2012 at 11:04 PM, jack Lemay surfinginath...@yahoo.comwrote: Hey everyone, I've been asked to work on a website that interacts with a database via an API. I have the manual to the API and think I may be in over my head, but would like to explore this a little more. Is it as Daunting as it looks? The database is set up and the current old website (php) uses this API to interact with the website, mostly letting customers update account info from the website. I don't have access to the current website files. About the API: This ... API is a COM+ application. It provides a set of COM objects that can be manipulated by COM- compliant development tools such as Visual Basic, Visual C++, Visual C#, VSTA and so on. The manual lists classes with input paramaters and return values like: Example The following example shows how to create a new user profile once the account has been validated: Dim objUserProfile as Object Dim lRetCode as Integer Set objUserProfile = CreateObject(API.cUserInfo) I've been using CF for years, but don't know how to integrate with this. Any tips or suggestions on where to look for help on this? Or does this require knowledge of a different language altogether? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349731 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Working with an API - help
the cf syntax isn't much different. +1 Here is an example of some of the syntax. The code is really similar so if you have examples in VB,C# etc you can pretty much harvest it and tweak it to work with CFScript. cfscript oMailbox.Postoffice = domainname; oMailbox.Mailbox = mailname ; oMailbox.Limit = -1; oMailbox.RedirectAddress = ; oMailbox.RedirectStatus = 0; oMailbox.Status = 1; MailboxResult = oMailbox.AddMailbox(); oAUTHLogin.Account = domainname; oAUTHLogin.Description = ; oAUTHLogin.Password = mailpass; oAUTHLogin.Rights = USER; oAUTHLogin.Status = 1 ; oAUTHLogin.UserName = UserName; LoginResult = oAUTHLogin.AddLogin(); oAddressMap.Account = domainname; oAddressMap.DestinationAddress = [SF: domainname / mailname ]; oAddressMap.Scope = ; oAddressMap.SourceAddress = sTemp; oAddressMapResult = oAddressMap.AddAddressMap(); /cfscript On Wed, Feb 1, 2012 at 6:18 PM, Russ Michaels r...@michaels.me.uk wrote: the cf syntax isn't much different. cfset objUserProfile = CreateObject(COM,API.cUserInfo) http://cfquickdocs.com/cf9/#createobject.comobject then you just call the methods of objUserProfile cfset foo = objUserProfile.method(params) On Wed, Feb 1, 2012 at 11:04 PM, jack Lemay surfinginath...@yahoo.com wrote: Hey everyone, I've been asked to work on a website that interacts with a database via an API. I have the manual to the API and think I may be in over my head, but would like to explore this a little more. Is it as Daunting as it looks? The database is set up and the current old website (php) uses this API to interact with the website, mostly letting customers update account info from the website. I don't have access to the current website files. About the API: This ... API is a COM+ application. It provides a set of COM objects that can be manipulated by COM- compliant development tools such as Visual Basic, Visual C++, Visual C#, VSTA and so on. The manual lists classes with input paramaters and return values like: Example The following example shows how to create a new user profile once the account has been validated: Dim objUserProfile as Object Dim lRetCode as Integer Set objUserProfile = CreateObject(API.cUserInfo) I've been using CF for years, but don't know how to integrate with this. Any tips or suggestions on where to look for help on this? Or does this require knowledge of a different language altogether? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349732 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Opinion: Abuse of session variables
Race conditions in session variables can only occur when two requests from the same session execute concurrently. This is more likely with ajax requests or framesets. Since everyone uses ajax requests these days (even though no-one uses framesets any more), it is still an issue, as you say. -- Shu Ha Ri: Agile and .NET blog http://www.bifrost.com.au/ On 2 February 2012 05:53, Mike Chabot mcha...@gmail.com wrote: Race conditions are what I am referring to and they are a problem, even in CF9. Many developers either heard or read that the earlier problems with session variables have been fixed and that they no longer need to ever lock them, but this is not true. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349733 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Crossed Accounts Issue
Best thing to do is to cflock the db action so that you can get a unique record. If the call to the cfc is what hands the entirety of the user authentication...put a lock around that call so that no other users are taking action until the first is done. -Original Message- From: Eric Williams [mailto:e99...@gmail.com] Sent: Wednesday, February 01, 2012 9:44 AM To: cf-talk Subject: Re: Crossed Accounts Issue I have an issue that I am hoping one of you can help me out with. The issue is caused when more than one user logs in with a few tenths of a second of each other. This happens maybe once every few weeks on a high volume application. The problem is with user information getting mixed up when authenticating. As you can see from the code below the authenticate component is called right before setting the session username. The authenticate component does all the basic checks and returns the user info. In these rare instances the session.RetAuth.username and all the info returned from the component are for another user that is logging in at the same time. CFSCRIPT if(NOT IsDefined(APPLICATION.oUser)){ APPLICATION.oUser=CreateObject(component, #APPLICATION.G.CFC_PATH#User); } APPLICATION.oUser.DSN=this.DSN; /CFSCRIPT CFSET session.RetAuth=APPLICATION.oUser.authenticate(form. Login,form.Password) CFSET SESSION.UserName=FORM.Login This is a race condition issue. You can solve it by implementing locking, either around this code or perhaps within your component. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our Dave, I already have a lock in the component, I create a unique uuid on each request for the lock. Did not solve the problem. Might try a lock around the entire login code. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349734 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Escaping #
All forms are in the form scope... It's always a good idea to scope your variables for security reasons. It ensures that you know exactly where the data is coming from and not potentially from a misnamed variable that is higher up in the scope order of precendence... Eric -Original Message- From: Rob Voyle [mailto:robvo...@voyle.com] Sent: Wednesday, February 01, 2012 12:03 PM To: cf-talk Subject: Re: Escaping # Hi Dave My forms up until this time have been very simple and I have never defined or specified the scope or structure of variables. Is there a syntax for the cfloop if no structure is defined or is that when i would need to use evaluate? Thanks Rob On 1 Feb 2012 at 12:46, Dave Watts wrote: What you had suggested didn't work as I hadn't scoped the variables so I got a not defined error message when I tried cfoutput#variables[namefirst i]#/cfoutput You can use whatever scope the variables are in, though: #form[namefirst i]# I tried cfoutput#[namefirst i]#/cfoutput but that didn't work. Right. The brackets indicate membership in a structure, but you didn't specify the structure structure[key] Variable scopes are exposed as structures. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag= houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:34 9719 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349735 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Opinion: Abuse of session variables
In addition to AJAX (and Flex/Flash remoting calls) and framesets (and iframes), issues with session variables can also occur if a user has two separate browser tabs open, double clicks links or form submit buttons (some users double click everything), rapidly and repeatedly presses a submit button or the refresh button because a page is slow to load, submits a form, then makes a quick change before the form disappears from the screen, and submits again, requests a page but presses the browser back button before the page loads, rapidly toggles through multiple pages using a fast-loading navigation element (possibly controlled by a URL variable), starts running a page that takes so long to process that they hit the browser timeout before the code finishes processing, so they run it again, and likely some other scenarios. -Mike Chabot On Wed, Feb 1, 2012 at 7:37 PM, James Holmes james.hol...@gmail.com wrote: Race conditions in session variables can only occur when two requests from the same session execute concurrently. This is more likely with ajax requests or framesets. Since everyone uses ajax requests these days (even though no-one uses framesets any more), it is still an issue, as you say. -- Shu Ha Ri: Agile and .NET blog http://www.bifrost.com.au/ On 2 February 2012 05:53, Mike Chabot mcha...@gmail.com wrote: Race conditions are what I am referring to and they are a problem, even in CF9. Many developers either heard or read that the earlier problems with session variables have been fixed and that they no longer need to ever lock them, but this is not true. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349736 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Santizing User Input
You can wrap any user input in xmlformat() to rid yourself of any special characters. I would use that around the function that sends the stuff to your security software. -Original Message- From: Matt Quackenbush [mailto:quackfu...@gmail.com] Sent: Wednesday, February 01, 2012 3:46 PM To: cf-talk Subject: Re: Santizing User Input That VB script just uses a regular expression (already written for you). All you need to do is use it in conjunction with ColdFusion's built-in `reFind()` or `reFindNoCase()` functions. http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08 11cbec22c24-7e9a.html http://help.adobe.com/en_US/ColdFusion/9.0/CFMLRef/WSc3ff6d0ea77859461172e08 11cbec22c24-7e99.html So, something like so: if ( reFind( ^[\w\.:\?=/]*$ , myString ) ) { // oops, they failed... handle appropriately } HTH On Wed, Feb 1, 2012 at 3:33 PM, douglas cohn douglas.c...@gmail.com wrote: I recently received a notice that my PCI security scan failed. One further review it seems we have a PDF that we use to show some of our products and the PDF was created from a POWERPOINT Presentation. It appears there is a single HTM page that caused the alert. The company stated the following (see below). What I am looking for is a way to control user input within CF. I found an MS page that has a VB script but would prefer something in CF. http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx From the Security Company You will need to make sure all user input is being sanitized of all special characters. This may not be bringing up the alert, but because the special characters are not sanitized, it leaves open the possibility that a malicious attacker could get their scripts to execute. Thanks so much for any assistance Doug ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349737 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Santizing User Input
The AntiSamy project is maybe the best way to sanitize any user input out there. -- Regards, Andrew Scott WebSite: http://www.andyscott.id.au/ Google+: http://plus.google.com/108193156965451149543 On Thu, Feb 2, 2012 at 8:33 AM, douglas cohn douglas.c...@gmail.com wrote: I recently received a notice that my PCI security scan failed. One further review it seems we have a PDF that we use to show some of our products and the PDF was created from a POWERPOINT Presentation. It appears there is a single HTM page that caused the alert. The company stated the following (see below). What I am looking for is a way to control user input within CF. I found an MS page that has a VB script but would prefer something in CF. http://msdn.microsoft.com/en-us/library/ms525361%28v=vs.90%29.aspx From the Security Company You will need to make sure all user input is being sanitized of all special characters. This may not be bringing up the alert, but because the special characters are not sanitized, it leaves open the possibility that a malicious attacker could get their scripts to execute. Thanks so much for any assistance Doug ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:349738 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm