Need help with inserting non-standard characters into SQL from CF
First off, happy new year all! I'm sure the answer to this is really simple but I've been banging my head against a wall for a few hours so thought I'd ask my friendly neighbourhood gurus. I have a database table that needs to store currency symbols both as HTML chars (%pound;), text code (ie. GBP) and the symbol (£) The database table has the fields as UNICODE (nvarchar) and when I manually paste the rows in via windows and SMSS I can put in currency symbols and every other strange character I could find including japanese chars and other stuff. They are all stored by SQL just fine and I can return the data in a cfquery without any issues. However when I try and run an insert query via CF, for example: insert into currencies (title,code,symbol,htmlsymbol) values ('Pounds','GBP','£','pound;') The £ gets converted to ?? When I insert it as N'£' I still get question marks but these have black diamond shaped boxes around them. I thought it was the database collation or something but as I said I can type these characters into the table in my SMSS console and they are saved without a problem. We're running a linux CF server and windows database server, could that be the problem? If so is there anyway I can get it working? I'm really struggling to understand this problem so if anyone has encountered it before and knows a solution or can point me in the right direction for some reference material then I would be most grateful. Thanks in advance ; ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353754 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Need help with inserting non-standard characters into SQL from CF
If memory serves there is a setting in your dsn you need to change to enable utf8 Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Jan 4, 2013 10:35 AM, Edward Chanter firew...@cc.uk.com wrote: First off, happy new year all! I'm sure the answer to this is really simple but I've been banging my head against a wall for a few hours so thought I'd ask my friendly neighbourhood gurus. I have a database table that needs to store currency symbols both as HTML chars (%pound;), text code (ie. GBP) and the symbol (£) The database table has the fields as UNICODE (nvarchar) and when I manually paste the rows in via windows and SMSS I can put in currency symbols and every other strange character I could find including japanese chars and other stuff. They are all stored by SQL just fine and I can return the data in a cfquery without any issues. However when I try and run an insert query via CF, for example: insert into currencies (title,code,symbol,htmlsymbol) values ('Pounds','GBP','£','pound;') The £ gets converted to ?? When I insert it as N'£' I still get question marks but these have black diamond shaped boxes around them. I thought it was the database collation or something but as I said I can type these characters into the table in my SMSS console and they are saved without a problem. We're running a linux CF server and windows database server, could that be the problem? If so is there anyway I can get it working? I'm really struggling to understand this problem so if anyone has encountered it before and knows a solution or can point me in the right direction for some reference material then I would be most grateful. Thanks in advance ; ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353755 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Need help with inserting non-standard characters into SQL from CF
Thanks Russ, I was using the JTDS driver which doesn't have that setting so I changed it to the MS SQL driver and ticked the relevant box. It's still not working though. Given that I deleted and recreated the DSN should I restart the server? On 4 January 2013 10:41, Russ Michaels r...@michaels.me.uk wrote: If memory serves there is a setting in your dsn you need to change to enable utf8 Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Jan 4, 2013 10:35 AM, Edward Chanter firew...@cc.uk.com wrote: First off, happy new year all! I'm sure the answer to this is really simple but I've been banging my head against a wall for a few hours so thought I'd ask my friendly neighbourhood gurus. I have a database table that needs to store currency symbols both as HTML chars (%pound;), text code (ie. GBP) and the symbol (£) The database table has the fields as UNICODE (nvarchar) and when I manually paste the rows in via windows and SMSS I can put in currency symbols and every other strange character I could find including japanese chars and other stuff. They are all stored by SQL just fine and I can return the data in a cfquery without any issues. However when I try and run an insert query via CF, for example: insert into currencies (title,code,symbol,htmlsymbol) values ('Pounds','GBP','£','pound;') The £ gets converted to ?? When I insert it as N'£' I still get question marks but these have black diamond shaped boxes around them. I thought it was the database collation or something but as I said I can type these characters into the table in my SMSS console and they are saved without a problem. We're running a linux CF server and windows database server, could that be the problem? If so is there anyway I can get it working? I'm really struggling to understand this problem so if anyone has encountered it before and knows a solution or can point me in the right direction for some reference material then I would be most grateful. Thanks in advance ; ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353756 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Need help with inserting non-standard characters into SQL from CF
On 1/4/2013 5:34 PM, Edward Chanter wrote: When I insert it as N'�' I still get question marks but these have black diamond shaped boxes around them. either the data input isn't unicode in the first place (ie. from a form on a page that's not UTF-8 encoding) or its that the data isn't being displayed properly (ie you're not using the correct font, more likely). btw you should be using cfqueryparam set the appropriate options in cfadmin for that DSN (ie under the advanced menu turn on the Enable High ASCII characters and Unicode for data sources configured for non-Latin characters option). ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353757 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Need help with inserting non-standard characters into SQL from CF
Thanks Paul, the data isn't coming from a form it's being manually entered in the CFM and will only be run once hence the lack of cfqueryparams, I suspect that the problem is something to do with the fonts which was why I was thinking that the linux CF and windows DB might be the problem. Interestingly your reply to this thread shows on my system with my £ replaced with a �. That suggests fonts somewhere along the line... ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353758 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Need help with inserting non-standard characters into SQL from CF
On 1/4/2013 6:08 PM, Edward Chanter wrote: Thanks Paul, the data isn't coming from a form it's being manually entered you mean from a static cf page? and is that page UTF-8? where's the pound symbol coming from? if you're not using cfqueryparam, make sure to use unicode hinting (N'text'). Interestingly your reply to this thread shows on my system with my £ replaced with a �. That suggests fonts somewhere along the line... that's the way it came thru the mail servers. if you want to short circuit this, use the unicode codepoints for those symbols ie, N'#chr(163)#' for the pound sterling symbol. N'#chr(8364)#' for the euro, etc. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353759 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Need help with inserting non-standard characters into SQL from CF
The short-circuit worked like a dream Paul, problem solved. Thank you very much for the assistance :) On 4 January 2013 11:18, Paul Hastings p...@sustainablegis.com wrote: On 1/4/2013 6:08 PM, Edward Chanter wrote: Thanks Paul, the data isn't coming from a form it's being manually entered you mean from a static cf page? and is that page UTF-8? where's the pound symbol coming from? if you're not using cfqueryparam, make sure to use unicode hinting (N'text'). Interestingly your reply to this thread shows on my system with my £ replaced with a �. That suggests fonts somewhere along the line... that's the way it came thru the mail servers. if you want to short circuit this, use the unicode codepoints for those symbols ie, N'#chr(163)#' for the pound sterling symbol. N'#chr(8364)#' for the euro, etc. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353760 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfquery results--memory resident?
A question came up recently with one of my client developers who is potentially returning a large # of rows from a query. The question was whether the result set is stored in memory or spooled to disk somewhere. I didn't know but assumed it was memory resident. Anyone know the answer to this? Can it be controlled and/or limited? (CF 9) All CF variables are stored in memory. You can limit the size of the resultset by writing your SQL accordingly, but that's it really. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353761 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CFC/JSON problem saving long text fields
Happy New Year everyone, I get a 404 error (in firebug) whenever I try to save a long text field to SQL server. I have a CFWINDOW that opens to allow editing and a save button calls the CFC. I separated out the description from the remainder of the record trying to get this to work. I ended up working around this by splitting the text into 500 char chunks and saving it that way. This solution is not working well in production. So, I would like to find a way to do it without looping. I've trapped the error on the javascript side and it just says 'undefined' for the error's message. I added a simple insert query to the top of the CFC function and that did not occur. So, the problem appears to be on the javascript side. Any ideas? I have CF 9, SQL Server 2008, description is varchar(max) Javascript call: dataproxy.saveDescription( frm.prdID.value, frm.prdDescription.value ); CFC Function: cffunction name=saveDescription cfargument name=prdID type=numeric default=0 cfargument name=prdDesc type=string default= cfquery datasource=#THIS.dsn# UPDATE tblProducts SET prdDescription= cfqueryparam cfsqltype=cf_sql_longvarchar value=#arguments.prdDesc# WHERE prdID= cfqueryparam cfsqltype=cf_sql_int value=#arguments.prdID# / /cfquery /cffunction ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353762 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFC/JSON problem saving long text fields
You are hitting a GET versus POST thing. GET has a limited size. Just switch to POST. On Fri, Jan 4, 2013 at 10:21 AM, Darla Tande da...@bis-net.net wrote: Happy New Year everyone, I get a 404 error (in firebug) whenever I try to save a long text field to SQL server. I have a CFWINDOW that opens to allow editing and a save button calls the CFC. I separated out the description from the remainder of the record trying to get this to work. I ended up working around this by splitting the text into 500 char chunks and saving it that way. This solution is not working well in production. So, I would like to find a way to do it without looping. I've trapped the error on the javascript side and it just says 'undefined' for the error's message. I added a simple insert query to the top of the CFC function and that did not occur. So, the problem appears to be on the javascript side. Any ideas? I have CF 9, SQL Server 2008, description is varchar(max) Javascript call: dataproxy.saveDescription( frm.prdID.value, frm.prdDescription.value ); CFC Function: cffunction name=saveDescription cfargument name=prdID type=numeric default=0 cfargument name=prdDesc type=string default= cfquery datasource=#THIS.dsn# UPDATE tblProducts SET prdDescription= cfqueryparam cfsqltype=cf_sql_longvarchar value=#arguments.prdDesc# WHERE prdID= cfqueryparam cfsqltype=cf_sql_int value=#arguments.prdID# / /cfquery /cffunction ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353763 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFC/JSON problem saving long text fields
FYI, it would have helped if I told you what to do. Just do this in your JS: dataproxy.setHTTPMethod(post) On Fri, Jan 4, 2013 at 10:35 AM, Raymond Camden raymondcam...@gmail.comwrote: You are hitting a GET versus POST thing. GET has a limited size. Just switch to POST. On Fri, Jan 4, 2013 at 10:21 AM, Darla Tande da...@bis-net.net wrote: Happy New Year everyone, I get a 404 error (in firebug) whenever I try to save a long text field to SQL server. I have a CFWINDOW that opens to allow editing and a save button calls the CFC. I separated out the description from the remainder of the record trying to get this to work. I ended up working around this by splitting the text into 500 char chunks and saving it that way. This solution is not working well in production. So, I would like to find a way to do it without looping. I've trapped the error on the javascript side and it just says 'undefined' for the error's message. I added a simple insert query to the top of the CFC function and that did not occur. So, the problem appears to be on the javascript side. Any ideas? I have CF 9, SQL Server 2008, description is varchar(max) Javascript call: dataproxy.saveDescription( frm.prdID.value, frm.prdDescription.value ); CFC Function: cffunction name=saveDescription cfargument name=prdID type=numeric default=0 cfargument name=prdDesc type=string default= cfquery datasource=#THIS.dsn# UPDATE tblProducts SET prdDescription= cfqueryparam cfsqltype=cf_sql_longvarchar value=#arguments.prdDesc# WHERE prdID= cfqueryparam cfsqltype=cf_sql_int value=#arguments.prdID# / /cfquery /cffunction ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353764 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
First official comment from Adobe(?) http://blogs.adobe.com/psirt/2013/01/upcoming-security-advisory-for-coldfusion.html On Thu, Jan 3, 2013 at 8:11 AM, Robert Rhodes rrhode...@gmail.com wrote: I looked into this a bit more this morning, and have realized that I may have gotten very lucky. In going through the logs again, I see that there were no POSTs to h.cfm. So the hacker never logged into h.cfm. And I see no GETs with a fuseaction, as described in Charlie's post. I ran the hacker's script again to confirm that logging in shows a POST in my logs. I also tried a some of the non destructive actions he could take, and found that those caused either a POST or GET+fuseaction. I think I dodged a bullet here. -- Forwarded message -- From: Robert Rhodes rrhode...@gmail.com Date: Thu, Jan 3, 2013 at 12:00 AM Subject: Re: New Security Issue with CF To: cf-talk@houseoffusion.com Thanks. I saw that afterwards. I was freaking out a bit there. Still am. :( I have gone through the logs on that server (windows 2008 R2 server running IIS7.5 and CF9.02) and the hacker loaded his script 1 time each on 15 different sites. They all look like this: 2013-01-02 00:15:15 192.168.55.129 GET /CFIDE/h.cfm - 80 - 178.170.124.210 python-requests/0.14.2+CPython/2.7.3+Linux/3.2.0-32-generic 200 0 0 171 But on 3 of the sites, he also loaded: help,cfm, administrator.cfc, mappings.cfm, scheduleedit.cfm, and scheduletasks.cfm but there are no scheduled tasks showing in the administrator. I checked the CF Administrator log and found nothing. Fortunately, he missed the one site (none of his crap shows up in its logs) where there was sensitive information, so assuming he could not traverse directories, I am hoping I am ok there. I ran his file (after renaming it), and none of my datasources showed up (it was an empty select). I am hoping I am good there too. It looks like his script it needs to be driven by a human (a lot of it is a form). So I am hoping that the one hit I see on most of those sites is an automated hit to see if the script is there, then he was going to come around later and do his damage -- and he never did. Wishful thinking right? I don't see any other signs of trouble anywhere, but am very worried that something bad has happened that I have just not stumbled on yet. Any suggestions or advice? Any place else I should be looking? Am I fooling my self to think I got lucky here? I have shut down CF on that server and am now searching all other servers for h.cfm. So far nothing. Tomorrow, I will completely wipe that server and reload it. -RR ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353765 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Email attachment problem
Hi folks I have an online classroom that enables participants to email each other including sending attachments. The attachments are uploaded to a private temporay directory and then attached to the email. After the email is sent i want to delete the file from the temp directory. If the file is large (several mb) and the list is large the delete function interferes with the cfmail program, by deleting the file before all the email is processed. Is there a way to tell when the email is sent to automatically delete the temporary file and/or is there a way to set up routine that would automatically delete the temp directory every day. Thanks Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353766 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
Things must be bad if they are issuing something that ominous-sounding without a solution. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353767 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFC/JSON problem saving long text fields
That did it! Thanks. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353768 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
getting CFMAIL to dance with Microsoft Exchange
Before anyone says OH MY GOD...MICROSOFT EXCHANGE..WHY??!! It's what my company uses I can't change it :) All I'm trying to do is get my ColdFusion server to talk to the mail server, which happens to be Exchange. The user names that they are giving me are in the form domain\username and a password. Every combination I've tried has gotten a connection refused error. Does the Exchange server, or the account need to be configured in a certain way for this to work? thanks -- Scott Stewart Adobe Certified Expert / Instructor ColdFusion 8, 9 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353769 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
Don't get me wrong, I detest hackers and their exploits, but i think the way this one works quite ingenious. My server did get hit, but after reviewing the log files and checking for changes, I don't think they did anything. I am thankful for that, cause they could have done some major damage. We migrated to a virtual environment and from CF7 to CF9 a few months ago. Ironically, we were protected under CF7, but I neglected to fully lock down the server after we migrated. Live an learn. I am surprised there has not been more activity on this considering the severity of the possible compromise. On Fri, Jan 4, 2013 at 12:55 PM, Money Pit websitema...@gmail.com wrote: Things must be bad if they are issuing something that ominous-sounding without a solution. -- --m@Robertson-- Janitor, The Robertson Team mysecretbase.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353770 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
but i think the way this one works quite ingenious. I'm not sure if it is as much ingenious as the breach is gross, frankly. Have you seen how the schedule task could have been set? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353771 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
Yes Sent from my iPhone On Jan 4, 2013, at 12:28 PM, Claude Schnéegans schneeg...@internetique.com wrote: but i think the way this one works quite ingenious. I'm not sure if it is as much ingenious as the breach is gross, frankly. Have you seen how the schedule task could have been set? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353772 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Email attachment problem
Use a delay between sending the file and deleting it, like CFSleep. The file is being deleted too quickly. I usually give it about 15 minutes. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -Original Message- From: Rob Voyle [mailto:robvo...@voyle.com] Sent: Friday, January 04, 2013 1:27 PM To: cf-talk Subject: Email attachment problem Hi folks I have an online classroom that enables participants to email each other including sending attachments. The attachments are uploaded to a private temporay directory and then attached to the email. After the email is sent i want to delete the file from the temp directory. If the file is large (several mb) and the list is large the delete function interferes with the cfmail program, by deleting the file before all the email is processed. Is there a way to tell when the email is sent to automatically delete the temporary file and/or is there a way to set up routine that would automatically delete the temp directory every day. Thanks Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353773 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: getting CFMAIL to dance with Microsoft Exchange
OH MY GOD...MICROSOFT EXCHANGE Exchange is a great mail system and CF integrates with it quite well. Configuration is a bear but once done it works great. It's most likely security settings or allowed connections on the Exchange server; could also be settings on the domain server. For that you may need a MCSE to give you a hand. There are a lot of settings that could be causing the problem. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353774 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Fwd: New Security Issue with CF
I apologize to the list this was not supposed to be sent. Sent from my iPhone Begin forwarded message: From: Steve Artis st...@artisdesigns.commailto:st...@artisdesigns.com Date: January 4, 2013, 12:30:16 PM MST To: cf-talk cf-talk@houseoffusion.commailto:cf-talk@houseoffusion.com Subject: Re: New Security Issue with CF Reply-To: cf-talk@houseoffusion.commailto:cf-talk@houseoffusion.com Yes Sent from my iPhone On Jan 4, 2013, at 12:28 PM, Claude Schnéegans schneeg...@internetique.commailto:schneeg...@internetique.com wrote: but i think the way this one works quite ingenious. I'm not sure if it is as much ingenious as the breach is gross, frankly. Have you seen how the schedule task could have been set? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353775 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: New Security Issue with CF
I have locked down the default /CFIDE/administrator and /CFIDE/adminapi/ folder in /inetpub/; I also locked down the virtual /CFIDE/ folders that I created for my various ColdFusion web sites. Only 127.0.0.1 can access them now. After reading Charlie's posts, I think this is a good time to review the CF 9 lockdown guide as well. I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. This might sound like a basic question, but how did that hacker place the h.cfm file in /CFIDE/ to begin with? By utilizing tools that already existed in /CFIDE/? Eric -Original Message- From: Steve Artis [mailto:st...@artisdesigns.com] Sent: Friday, January 04, 2013 1:30 PM To: cf-talk Subject: Re: New Security Issue with CF Yes Sent from my iPhone On Jan 4, 2013, at 12:28 PM, Claude Schnéegans schneeg...@internetique.com wrote: but i think the way this one works quite ingenious. I'm not sure if it is as much ingenious as the breach is gross, frankly. Have you seen how the schedule task could have been set? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353776 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: getting CFMAIL to dance with Microsoft Exchange
By default exchange uses mapi, you will pron need to ask your sysadmin to enable imap so cf can talk to it. Also the username may be any of these depending how exchange is setup. Domain\user Sam name User@domain Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Jan 4, 2013 7:03 PM, Scott Stewart webmas...@sstwebworks.com wrote: Before anyone says OH MY GOD...MICROSOFT EXCHANGE..WHY??!! It's what my company uses I can't change it :) All I'm trying to do is get my ColdFusion server to talk to the mail server, which happens to be Exchange. The user names that they are giving me are in the form domain\username and a password. Every combination I've tried has gotten a connection refused error. Does the Exchange server, or the account need to be configured in a certain way for this to work? thanks -- Scott Stewart Adobe Certified Expert / Instructor ColdFusion 8, 9 ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353777 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: getting CFMAIL to dance with Microsoft Exchange
All I'm trying to do is get my ColdFusion server to talk to the mail server, which happens to be Exchange. The user names that they are giving me are in the form domain\username and a password. Every combination I've tried has gotten a connection refused error. Does the Exchange server, or the account need to be configured in a certain way for this to work? Are you just trying to use CFMAIL? If so, the Exchange server may need to be configured to accept SMTP connections from your server. If you're trying to do something else, like read mail, you might need to use CFEXCHANGE for MAPI access. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353778 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Email attachment problem
Setup a scheduled task to delete files older than x Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Jan 4, 2013 7:34 PM, Robert Harrison rob...@austin-williams.com wrote: Use a delay between sending the file and deleting it, like CFSleep. The file is being deleted too quickly. I usually give it about 15 minutes. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -Original Message- From: Rob Voyle [mailto:robvo...@voyle.com] Sent: Friday, January 04, 2013 1:27 PM To: cf-talk Subject: Email attachment problem Hi folks I have an online classroom that enables participants to email each other including sending attachments. The attachments are uploaded to a private temporay directory and then attached to the email. After the email is sent i want to delete the file from the temp directory. If the file is large (several mb) and the list is large the delete function interferes with the cfmail program, by deleting the file before all the email is processed. Is there a way to tell when the email is sent to automatically delete the temporary file and/or is there a way to set up routine that would automatically delete the temp directory every day. Thanks Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353779 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. The file itself is some tool designed to be used by developers, probably not developed by rhe hacker himself. He just found a way to store it on servers. but how did that hacker place the h.cfm file in /CFIDE/ to begin with? I'm not going to unvail the trick here, all I can say is that there must be a programer at Adobe not very proud of him, if he is still working for Adobe today. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353780 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
The file itself is some tool designed to be used by developers, probably not developed by rhe hacker himself. He just found a way to store it on servers. I've seen this tool make the rounds before through other attack vectors. It's been around since at least ColdFusion MX 6. The undocumented servicefactory it's calling to get datasources only works on CF 6 but was deprecated in 7, if I remember correctly, which is why the datasource list is blank on more modern versions where this is dropped in. The script is old, but the insertion method is new. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353781 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: New Security Issue with CF
I agree. It is the insertion method I am intrigued by. It is that type of non linear thinking that we as developers use to create elegant solutions. The tool is ugly, and not that special, but the insertion method is clever. What I don't understand is why adobe would allow something like the scheduler to be called without authentication. Seems like a glaring oversight to me. Brian Cain On Jan 4, 2013, at 5:16 PM, Justin Scott leviat...@darktech.org wrote: The file itself is some tool designed to be used by developers, probably not developed by rhe hacker himself. He just found a way to store it on servers. I've seen this tool make the rounds before through other attack vectors. It's been around since at least ColdFusion MX 6. The undocumented servicefactory it's calling to get datasources only works on CF 6 but was deprecated in 7, if I remember correctly, which is why the datasource list is blank on more modern versions where this is dropped in. The script is old, but the insertion method is new. -Justin ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353782 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Email attachment problem
Don't use CFsleep to sleep for 15 minutes unless you want to tie up a thread for 15 minutes doing nothing. Depending on the max requests/threads settings, you could stall/crash the server just by reloading that page 10+ times... Brook -Original Message- From: Robert Harrison [mailto:rob...@austin-williams.com] Sent: January-04-13 11:34 AM To: cf-talk Subject: RE: Email attachment problem Use a delay between sending the file and deleting it, like CFSleep. The file is being deleted too quickly. I usually give it about 15 minutes. Robert Harrison Director of Interactive Services Austin Williams Advertising I Branding I Digital I Direct 125 Kennedy Drive, Suite 100 I Hauppauge, NY 11788 T 631.231.6600 X 119 F 631.434.7022 http://www.austin-williams.com Blog: http://www.austin-williams.com/blog Twitter: http://www.twitter.com/austin_williams -Original Message- From: Rob Voyle [mailto:robvo...@voyle.com] Sent: Friday, January 04, 2013 1:27 PM To: cf-talk Subject: Email attachment problem Hi folks I have an online classroom that enables participants to email each other including sending attachments. The attachments are uploaded to a private temporay directory and then attached to the email. After the email is sent i want to delete the file from the temp directory. If the file is large (several mb) and the list is large the delete function interferes with the cfmail program, by deleting the file before all the email is processed. Is there a way to tell when the email is sent to automatically delete the temporary file and/or is there a way to set up routine that would automatically delete the temp directory every day. Thanks Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353783 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: New Security Issue with CF
Claude, thank you. That's really helpful information and gives me perspective. Eric -Original Message- From: Claude Schnéegans schneeg...@internetique.com [mailto:=?ISO-8859-1?Q?Claude_Schn=E9egans schneegans@interneti=71?= =?ISO-8859-1?Q?ue.com=3E?=] Sent: Friday, January 04, 2013 4:16 PM To: cf-talk Subject: Re: New Security Issue with CF I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. The file itself is some tool designed to be used by developers, probably not developed by rhe hacker himself. He just found a way to store it on servers. but how did that hacker place the h.cfm file in /CFIDE/ to begin with? I'm not going to unvail the trick here, all I can say is that there must be a programer at Adobe not very proud of him, if he is still working for Adobe today. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353784 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm