Re: New Security Issue with CF
Another: http://blogs.coldfusion.com/post.cfm/a-new-security-advisory-for-coldfusion-is-now-available On Fri, Jan 4, 2013 at 7:55 PM, Eric Bourland e...@ebwebwork.com wrote: Claude, thank you. That's really helpful information and gives me perspective. Eric -Original Message- From: Claude Schnéegans schneeg...@internetique.com [mailto:=?ISO-8859-1?Q?Claude_Schn=E9egans schneegans@interneti=71?= =?ISO-8859-1?Q?ue.com=3E?=] Sent: Friday, January 04, 2013 4:16 PM To: cf-talk Subject: Re: New Security Issue with CF I downloaded and reviewed the h.cfm file -- yeah, it is pretty clever. The file itself is some tool designed to be used by developers, probably not developed by rhe hacker himself. He just found a way to store it on servers. but how did that hacker place the h.cfm file in /CFIDE/ to begin with? I'm not going to unvail the trick here, all I can say is that there must be a programer at Adobe not very proud of him, if he is still working for Adobe today. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353785 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfquery results--memory resident?
That's what I suspected. Much appreciated. --Ben On 1/4/2013 6:40 AM, Dave Watts wrote: A question came up recently with one of my client developers who is potentially returning a large # of rows from a query. The question was whether the result set is stored in memory or spooled to disk somewhere. I didn't know but assumed it was memory resident. Anyone know the answer to this? Can it be controlled and/or limited? (CF 9) All CF variables are stored in memory. You can limit the size of the resultset by writing your SQL accordingly, but that's it really. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353786 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfquery results--memory resident?
Actually there are ways to step through a result set using database functions so that you do bot store huge resultsets in memory, if you google it then you will find some examples. 2 simple solutions are. 1. Dont query all the data at all, instead provide a search form to get at specific records, which is usually much simpler thsn paging through hundreds or thousands of records. 2. Only query the primary keys, and then loop over that list grabbing x records at a time and doing a new query to get all rows for those keys. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Jan 5, 2013 11:12 AM, Ben Conner b...@webworldinc.com wrote: That's what I suspected. Much appreciated. --Ben On 1/4/2013 6:40 AM, Dave Watts wrote: A question came up recently with one of my client developers who is potentially returning a large # of rows from a query. The question was whether the result set is stored in memory or spooled to disk somewhere. I didn't know but assumed it was memory resident. Anyone know the answer to this? Can it be controlled and/or limited? (CF 9) All CF variables are stored in memory. You can limit the size of the resultset by writing your SQL accordingly, but that's it really. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353787 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Email attachment problem
Thanks Guys Does CFsleep pause the server, which would impact other users, or just the page. My prefernce would be for a page pause with hour glass indicating when the mail was sent, followed by a confirmation page. It seems though that the simplest ideal would be Russ' and set up a schedule to clean out the Temp directory each day. Rob ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353788 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Email attachment problem
Does CFsleep pause the server, which would impact other users, or just the page. It doesn't pause the entire server, but pausing the page does impact other users. CF has a set number of threads handling requests. You can control this number in the CF Admin. Whatever that number is set to, that's how many threads are available. To process a page, CF assigns a thread to it, and that thread can't do anything else (like service other user requests) until it has finished with that page. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353789 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfquery results--memory resident?
2. Only query the primary keys, and then loop over that list grabbing x records at a time and doing a new query to get all rows for those keys. This is a pretty good method. I tested it on a database containing about 45 records with a seach template. I give a very loose criterion on purpose, the query takes 53 sec and returns 44500 records. This is ridiculous since the user will only see ten records at a time, using startRow and maxRows in a CFOUTPUT. And for the next page, it takes another 50sec :-( A certain amount of time is also taken by CFX_highlight which highlights every occurence of the search string, again in the 44500 records! With this method, the query returns only the 10 records needed, and it takes about 5 sec the first time and 3 sec any subsequent times. And the CFX_highlight is applied on only 10 records at a time. A big difference. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353790 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: cfquery results--memory resident?
Glad it helped. Also dont forget u.can cache the original primary key query too. Regards Russ Michaels www.michaels.me.uk www.cfmldeveloper.com - Free CFML hosting for developers www.cfsearch.com - CF search engine On Jan 5, 2013 10:39 PM, wrote: 2. Only query the primary keys, and then loop over that list grabbing x records at a time and doing a new query to get all rows for those keys. This is a pretty good method. I tested it on a database containing about 45 records with a seach template. I give a very loose criterion on purpose, the query takes 53 sec and returns 44500 records. This is ridiculous since the user will only see ten records at a time, using startRow and maxRows in a CFOUTPUT. And for the next page, it takes another 50sec :-( A certain amount of time is also taken by CFX_highlight which highlights every occurence of the search string, again in the 44500 records! With this method, the query returns only the 10 records needed, and it takes about 5 sec the first time and 3 sec any subsequent times. And the CFX_highlight is applied on only 10 records at a time. A big difference. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:353791 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
