SOT: time off tracker
Hi! Does anyone know of a free/cheap Web-based time off tracker to allow employees to request time off, have it approved by supervisor, show calendar of vacations to all users, etc. Could be written in CF, but not required. Could be hosted or install-able. -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357607 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Hash SHA-512 equivalent in JS
Hi, We store user passwords as a hash value with a salt phrase using CF. However, we have recently had a penetration test done on our servers and they have advised that when the password gets sent to the server, the actual password gets stored in the browser memory. They have suggested adding the salt phrase and hashing using javascript before we send it to the server. However, I am wondering: 1) is this best practise as if the salt phrase is contained within Javascript it will be easy for anyone to see what it is 2) if this is best practise then how can i obfuscate the salt phrase and also is there a JS equivalent to coldfusions SHA-512 hash function? Many thanks, Richard ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357608 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: time off tracker
There are quite a few, though none I've reviewed in the past have been in CF. Most have been built around a Time Attendance solution... at least the ones that I've looked at have been. Contact me directly and I can email you a comparison chart of the ones I last looked at (can't do attachments here). My research was a bit skewed because I was looking for a time attendance solution first and a PTO request solution second. Hatton Until Later! C. Hatton Humphrey http://www.eastcoastconservative.com Every cloud does have a silver lining. Sometimes you just have to do some smelting to find it. On Fri, Feb 7, 2014 at 8:16 AM, John M Bliss bliss.j...@gmail.com wrote: Hi! Does anyone know of a free/cheap Web-based time off tracker to allow employees to request time off, have it approved by supervisor, show calendar of vacations to all users, etc. Could be written in CF, but not required. Could be hosted or install-able. -- John Bliss - http://about.me/jbliss ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357609 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Cross-site Scripting
Hi, What methods do you guys use to prevent cross-site scripting in a CF9 and JavaScript application? I have seen the scriptprotect attribute in the administrator, but have also seen that this doesnt fully protect. Thanks, Richard ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357610 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Cross-site Scripting
See Jason Dean's presentation on Practical Ajax Security http://ow.ly/2prk5 Steve 'Cutter' Blades Adobe Community Professional Adobe Certified Expert Advanced Macromedia ColdFusion MX 7 Developer http://cutterscrossing.com Co-Author Learning Ext JS 3.2 Packt Publishing 2010 https://www.packtpub.com/learning-ext-js-3-2-for-building-dynamic-desktop-style-user-interfaces/book The best way to predict the future is to help create it ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357611 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hash SHA-512 equivalent in JS
I recently discovered this when I signed up for lastpass and it shows you all the login details stored in your browser and i'm quite sure most these I have not intentionally saved. So if lastpass can do it, then any web app can do it. This is interesting reading: http://raidersec.blogspot.co.uk/2013/06/how-browsers-store-your-passwords-and.html Hash is a one way process btw, you cannot un-hash something. However you can use rainbow tables to find the original string that was hashed, so if people use crappy passwords then they are still hackable using this method. So enforcing strong passwords is really a requirement these days. the best solution is to randomly generate long pass phrases and then encourage users to use a password manager such as lastpass. this may help also: http://stackoverflow.com/questions/1240852/is-it-possible-to-decrypt-md5-hashes On Fri, Feb 7, 2014 at 1:37 PM, Richard White rich...@re-base.net wrote: Hi, We store user passwords as a hash value with a salt phrase using CF. However, we have recently had a penetration test done on our servers and they have advised that when the password gets sent to the server, the actual password gets stored in the browser memory. They have suggested adding the salt phrase and hashing using javascript before we send it to the server. However, I am wondering: 1) is this best practise as if the salt phrase is contained within Javascript it will be easy for anyone to see what it is 2) if this is best practise then how can i obfuscate the salt phrase and also is there a JS equivalent to coldfusions SHA-512 hash function? Many thanks, Richard ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357612 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Hash SHA-512 equivalent in JS
On Fri, Feb 7, 2014 at 2:37 PM, Richard White wrote: 1) is this best practise as if the salt phrase is contained within Javascript it will be easy for anyone to see what it is Why would it be a problem if somebody saw it? It still increases the complexity for a would-be attacker. Just make sure you hash again with a secret salt on the server. Even if the public salt was fully available in a rainbow table somewhere, you still haven't lost any security. And to increase the cost of generating rainbow tables against your salt make sure you use a salt that is the combination of something long and something unique, such as the username. (Just make sure you lowercase and trim the username before using it in the salt.) 2) if this is best practise then how can i obfuscate the salt phrase and also is there a JS equivalent to coldfusions SHA-512 hash function? There are several Javascript crypto libraries available with SHA-512 implementations, which you can find through a search engine. Jochem -- Jochem van Dieten http://jochem.vandieten.net/ ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357613 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
# in variables
Hey All, I've got an issue where an external program written in Adobe AIR is passing a pipe delimited list of values to CF via a webservice and that list may contain strings like so #94; (a caret symbol)or just a straight up # (like someone saying x# of y - short form for x number of y). BTW in Adobe AIR caret symbols in the data values in the list are being replaced with #94; because the caret is a special character in the pipe delimited list (it's used as a sub-list delimiter). CF chokes on the single pound in the variable (or confuses everything between 2 # as a variable name instead of simple values). I'm having quite the brain fart day and so I'm looking for a way to deal with this reality - any thoughts? TIA Take care -Bryan -- *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto:br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357614 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? On Fri, Feb 7, 2014 at 11:58 AM, Bryan Stevenson br...@electricedgesystems.com wrote: Hey All, I've got an issue where an external program written in Adobe AIR is passing a pipe delimited list of values to CF via a webservice and that list may contain strings like so #94; (a caret symbol)or just a straight up # (like someone saying x# of y - short form for x number of y). BTW in Adobe AIR caret symbols in the data values in the list are being replaced with #94; because the caret is a special character in the pipe delimited list (it's used as a sub-list delimiter). CF chokes on the single pound in the variable (or confuses everything between 2 # as a variable name instead of simple values). I'm having quite the brain fart day and so I'm looking for a way to deal with this reality - any thoughts? TIA Take care -Bryan -- *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto: br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357615 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
BTWI forgot to mention that I control the Adobe AIR application and can alter it. This is all about a comments field in that application and I suppose one solution would be to ensure that my special list delimiter characters and # are kept out of the comments and this whole issue goes away ;-) but if there is a workable solution I always prefer to not restrict user entry in that way. Cheers *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto:br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. On 14-02-07 08:58 AM, Bryan Stevenson wrote: Hey All, I've got an issue where an external program written in Adobe AIR is passing a pipe delimited list of values to CF via a webservice and that list may contain strings like so #94; (a caret symbol)or just a straight up # (like someone saying x# of y - short form for x number of y). BTW in Adobe AIR caret symbols in the data values in the list are being replaced with #94; because the caret is a special character in the pipe delimited list (it's used as a sub-list delimiter). CF chokes on the single pound in the variable (or confuses everything between 2 # as a variable name instead of simple values). I'm having quite the brain fart day and so I'm looking for a way to deal with this reality - any thoughts? TIA Take care -Bryan ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357616 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
if you control the air app, then just send ## instead of # On Fri, Feb 7, 2014 at 5:09 PM, Bryan Stevenson br...@electricedgesystems.com wrote: BTWI forgot to mention that I control the Adobe AIR application and can alter it. This is all about a comments field in that application and I suppose one solution would be to ensure that my special list delimiter characters and # are kept out of the comments and this whole issue goes away ;-) but if there is a workable solution I always prefer to not restrict user entry in that way. Cheers *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto: br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. On 14-02-07 08:58 AM, Bryan Stevenson wrote: Hey All, I've got an issue where an external program written in Adobe AIR is passing a pipe delimited list of values to CF via a webservice and that list may contain strings like so #94; (a caret symbol)or just a straight up # (like someone saying x# of y - short form for x number of y). BTW in Adobe AIR caret symbols in the data values in the list are being replaced with #94; because the caret is a special character in the pipe delimited list (it's used as a sub-list delimiter). CF chokes on the single pound in the variable (or confuses everything between 2 # as a variable name instead of simple values). I'm having quite the brain fart day and so I'm looking for a way to deal with this reality - any thoughts? TIA Take care -Bryan ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357617 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
Thanks Robsorry I should have mentioned that was the first thing I tried (ye old double up the #), but the issue seems to be that when a variable arrives on CF's door with a single # in it, CF bombs when attempting to run the replace. Now I did say seemsthe way my day has goneI will re-test that to make dang sure ;-) Cheers On 14-02-07 09:08 AM, Rob Parkhill wrote: Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357618 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
I thought the #'s were inside the list. If not and you control the AIR app, then just add the replace on the other end, as Russ suggested. On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Robsorry I should have mentioned that was the first thing I tried (ye old double up the #), but the issue seems to be that when a variable arrives on CF's door with a single # in it, CF bombs when attempting to run the replace. Now I did say seemsthe way my day has goneI will re-test that to make dang sure ;-) Cheers On 14-02-07 09:08 AM, Rob Parkhill wrote: Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357619 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
Thanks Rob/Russstarting to think I will either do as you both suggested and replace # with ## in the AIR app or do as I also mentioned and not allow the few characters I'd have issues with (most users don't need ~,|,^, or # in comments# being the most likely, but they can use No. or Num or Number or pounds or lbs as acceptable replacements). Sometimes you just have to back away one step from perfect and become practical ;-) Cheers *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto:br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. On 14-02-07 09:28 AM, Rob Parkhill wrote: I thought the #'s were inside the list. If not and you control the AIR app, then just add the replace on the other end, as Russ suggested. On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Robsorry I should have mentioned that was the first thing I tried (ye old double up the #), but the issue seems to be that when a variable arrives on CF's door with a single # in it, CF bombs when attempting to run the replace. Now I did say seemsthe way my day has goneI will re-test that to make dang sure ;-) Cheers On 14-02-07 09:08 AM, Rob Parkhill wrote: Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357620 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
There are a few formatting functions in cf you might want to try that spring top mind. UrlEncodedFormat, htmlEditFormat I think. Look at the string and list functions on live docs. On Feb 7, 2014 12:29 PM, Rob Parkhill robert.parkh...@gmail.com wrote: I thought the #'s were inside the list. If not and you control the AIR app, then just add the replace on the other end, as Russ suggested. On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Robsorry I should have mentioned that was the first thing I tried (ye old double up the #), but the issue seems to be that when a variable arrives on CF's door with a single # in it, CF bombs when attempting to run the replace. Now I did say seemsthe way my day has goneI will re-test that to make dang sure ;-) Cheers On 14-02-07 09:08 AM, Rob Parkhill wrote: Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357621 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
Encode/serialize the data prior to hand off to cf? On Feb 7, 2014 12:37 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Rob/Russstarting to think I will either do as you both suggested and replace # with ## in the AIR app or do as I also mentioned and not allow the few characters I'd have issues with (most users don't need ~,|,^, or # in comments# being the most likely, but they can use No. or Num or Number or pounds or lbs as acceptable replacements). Sometimes you just have to back away one step from perfect and become practical ;-) Cheers *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto: br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. On 14-02-07 09:28 AM, Rob Parkhill wrote: I thought the #'s were inside the list. If not and you control the AIR app, then just add the replace on the other end, as Russ suggested. On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Robsorry I should have mentioned that was the first thing I tried (ye old double up the #), but the issue seems to be that when a variable arrives on CF's door with a single # in it, CF bombs when attempting to run the replace. Now I did say seemsthe way my day has goneI will re-test that to make dang sure ;-) Cheers On 14-02-07 09:08 AM, Rob Parkhill wrote: Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
Bryan, For clarification, how are the comments content being evaluated by CF and causing it to choke? It seems to me that those should be handled as strings and that they wouldnt be evaluated by CF, unless they are wrapped in an eval(). If the whole string from a user comment is being evaluated, that seems like a possible security issue. Since youre dealing with a pipe-delimited list, can you migrate them to a variable-safe array with listToArray(mypipelist,|,true) and process them that way? It seems to me that a regex replacement of #([^;]*); with #chr(\1)# should allow for the characters to be rendered correctly and then re-run the replacement to double # the remaining pound symbols - even if CF is evaluating them. Jon On Feb 7, 2014, at 12:36 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Rob/Russstarting to think I will either do as you both suggested and replace # with ## in the AIR app or do as I also mentioned and not allow the few characters I'd have issues with (most users don't need ~,|,^, or # in comments# being the most likely, but they can use No. or Num or Number or pounds or lbs as acceptable replacements). Sometimes you just have to back away one step from perfect and become practical ;-) Cheers *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto:br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. On 14-02-07 09:28 AM, Rob Parkhill wrote: I thought the #'s were inside the list. If not and you control the AIR app, then just add the replace on the other end, as Russ suggested. On Fri, Feb 7, 2014 at 12:20 PM, Bryan Stevenson br...@electricedgesystems.com wrote: Thanks Robsorry I should have mentioned that was the first thing I tried (ye old double up the #), but the issue seems to be that when a variable arrives on CF's door with a single # in it, CF bombs when attempting to run the replace. Now I did say seemsthe way my day has goneI will re-test that to make dang sure ;-) Cheers On 14-02-07 09:08 AM, Rob Parkhill wrote: Run a Replace on the string of data, and change the single # to a double ## that then CF would process as a single one? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357623 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
On 7 February 2014 18:07, Jon Clausen jon_clau...@silowebworks.com wrote: Bryan, For clarification, how are the comments content being evaluated by CF and causing it to choke? It seems to me that those should be handled as strings and that they wouldn't be evaluated by CF, unless they are wrapped in an eval(). Seconded. I think people are suggesting treating a symptom here, rather than the problem. How is this problem of yours manifesting itself? CF chokes on the single pound in the variable is not a very clear description of what's going wrong. Can you pls clarify? -- Adam ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357624 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
My guess is much like Tim Healt's. If you're calling a web service like a WSDL/SOAP service, the # should be fine. If you're calling it directly via URL params, like ?method=xargument1=v#riable, the # is a sign to your web server that the URL params stop there - it's a href hash, which goes to the browser not the server. If that's the case, then URL encoding on the client would be necessary. The bad news is URL encoding may pass on this because # is a valid URL parameter, just not what you want. In that case, you may have to manually replace # with %23. nathan strutz [www.dopefly.com] [about.me/nathanstrutz] On Fri, Feb 7, 2014 at 12:14 PM, Adam Cameron dacc...@gmail.com wrote: On 7 February 2014 18:07, Jon Clausen jon_clau...@silowebworks.com wrote: Bryan, For clarification, how are the comments content being evaluated by CF and causing it to choke? It seems to me that those should be handled as strings and that they wouldn't be evaluated by CF, unless they are wrapped in an eval(). Seconded. I think people are suggesting treating a symptom here, rather than the problem. How is this problem of yours manifesting itself? CF chokes on the single pound in the variable is not a very clear description of what's going wrong. Can you pls clarify? -- Adam ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357625 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: # in variables
Hi All, Thanks for the additional ideas and requests for clarification - I'm stopping this by not allowing a few special characters in the comments... That said CF appears to error out when it receives the string of data that contains single # or two # separated by string text being confused as a CF variable. It errors out when attempting to run a replace() on the entire received string (again I need to double check that is in fact what I am seeing). There is no time that I use eval() on the received data - no worries on security issues as was mentioned. I decided to not allow these few characters because the chance of them being used in the context of the application is VERY slimand for the one character (#) that has a greater chance of being used, there are acceptable alternatives to the use of #. This comments field is optional and rarely usedfurther lessening the chances of these special characters being entered - just not the hill to die on ;-) Code is already changed - compiling now ;-) Have a great weekend everyone - thanks again! *Bryan Stevenson*B.Comm. President CEO Electric Edge Systems Group Inc. - makers of FACTS^(TM) phone: 250.480.0642 cell: 250.920.8830 e-mail: br...@electricedgesystems.com mailto:br...@electricedgesystems.com web: www.electricedgesystems.com http://www.electricedgesystems.com and www.fisheryfacts.com http://www.fisheryfacts.com Please consider the environment before printing this e-mail -CONFIDENTIALITY-- This message, including any attachments, is confidential and may contain information that is privileged or exempt from disclosure. It is intended only for the person to whom it is addressed unless expressly authorized otherwise by the sender. If you are not an authorized recipient, please notify the sender immediately and permanently destroy all copies of this message and attachments. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357626 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFAdmin failing to set up a Scheduled Task
It's a virtulized linux box running on the same subnet as desktops that can successfully update the scheduled tasks. When I vpn into the network as the IP discussed above only the scheduled task update fails. For now I am directing them via telephone and email how to update and set the tasks but this is not an ideal workaround. On Thu, Jan 30, 2014 at 2:26 PM, Russ Michaels r...@michaels.me.uk wrote: certainly sounds a bit odd, if you are connecting to CF on the same address as if you were logged on locally then it should make no difference. what if you remote into the server and do it directly form the server desktop ? On Thu, Jan 30, 2014 at 8:20 PM, Gonzo Rock gonzor...@gmail.com wrote: More Info: First... this is all on a remote server via VPN connection. So attempting to get the scheduled task running I called someone onsite and directed them to the CFAdmin pages where they were able to setup the Scheduled Task... while I am still not... regardless of browser I am using. CF server is @ 192.168.11.30 The local desktop is @ 192.168.11.123 My VPN connection is @ 192.168.13.102 So I'm on a different subnet ? since I first set up the scheduled tasks months ago? And it only affects Tasks? Everything else I've tried in the CFAdmin works as expected. Perplexed. On Thu, Jan 30, 2014 at 8:48 AM, Gonzo Rock gonzor...@gmail.com wrote: Re permissions: So the neo-cron.xml file is owned by user nobody as is normal for these linux installs and the permissions are set properly. If I click the suspend/resume button on a scheduled task the neo-cron.xml file is updated and the .bak file is created. Did it several time this morning watching the time stamps adjust on the two files as I do it. The lib folder that the xml file sits in is also owned by nobody permissions set properly... rwxr-xr-x Off to see what I can find in the Adobe forums. On Wed, Jan 29, 2014 at 7:07 PM, Byron Mann byronos...@gmail.com wrote: We have had similar. Where we run the CF service under a local user, and the user did not have file create permissions for the lib folder to create the .bak files. When you do a save does the new-cron.xml file get updated? Window event viewer may provide some insight. Also might run procmon, to see if you are getting any access denied errors when doing the update. http://technet.microsoft.com/en-us/sysinternals/bb896645 Byron Mann Lead Engineer Architect HostMySite.com On Jan 29, 2014 6:49 PM, Gonzo Rock gonzor...@gmail.com wrote: Any ideas on why attempts to set a scheduled task would cause a Server closed the connection without sending any data message. When I reload the scheduled tasks... the new one is not there. When I edit a task... not really edit... I just pull it up... and click Submit I get the same result. And get this... If instead of hitting Submit I hit Cancel I get the same result. I can create data sources and edit the mail setting and other such things... just scheduled tasks is suddenly having a problem. I have confirmed scheduled tasks are running... I can see the logs for them updating. This is a linux box running CF 9 Any ideas? Unfortunately the Google is not helping :( ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357627 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFAdmin failing to set up a Scheduled Task
are you connecting to the server using the same IP on each subnet to access the cfadmin ? On Fri, Feb 7, 2014 at 9:20 PM, Gonzo Rock gonzor...@gmail.com wrote: It's a virtulized linux box running on the same subnet as desktops that can successfully update the scheduled tasks. When I vpn into the network as the IP discussed above only the scheduled task update fails. For now I am directing them via telephone and email how to update and set the tasks but this is not an ideal workaround. On Thu, Jan 30, 2014 at 2:26 PM, Russ Michaels r...@michaels.me.uk wrote: certainly sounds a bit odd, if you are connecting to CF on the same address as if you were logged on locally then it should make no difference. what if you remote into the server and do it directly form the server desktop ? On Thu, Jan 30, 2014 at 8:20 PM, Gonzo Rock gonzor...@gmail.com wrote: More Info: First... this is all on a remote server via VPN connection. So attempting to get the scheduled task running I called someone onsite and directed them to the CFAdmin pages where they were able to setup the Scheduled Task... while I am still not... regardless of browser I am using. CF server is @ 192.168.11.30 The local desktop is @ 192.168.11.123 My VPN connection is @ 192.168.13.102 So I'm on a different subnet ? since I first set up the scheduled tasks months ago? And it only affects Tasks? Everything else I've tried in the CFAdmin works as expected. Perplexed. On Thu, Jan 30, 2014 at 8:48 AM, Gonzo Rock gonzor...@gmail.com wrote: Re permissions: So the neo-cron.xml file is owned by user nobody as is normal for these linux installs and the permissions are set properly. If I click the suspend/resume button on a scheduled task the neo-cron.xml file is updated and the .bak file is created. Did it several time this morning watching the time stamps adjust on the two files as I do it. The lib folder that the xml file sits in is also owned by nobody permissions set properly... rwxr-xr-x Off to see what I can find in the Adobe forums. On Wed, Jan 29, 2014 at 7:07 PM, Byron Mann byronos...@gmail.com wrote: We have had similar. Where we run the CF service under a local user, and the user did not have file create permissions for the lib folder to create the .bak files. When you do a save does the new-cron.xml file get updated? Window event viewer may provide some insight. Also might run procmon, to see if you are getting any access denied errors when doing the update. http://technet.microsoft.com/en-us/sysinternals/bb896645 Byron Mann Lead Engineer Architect HostMySite.com On Jan 29, 2014 6:49 PM, Gonzo Rock gonzor...@gmail.com wrote: Any ideas on why attempts to set a scheduled task would cause a Server closed the connection without sending any data message. When I reload the scheduled tasks... the new one is not there. When I edit a task... not really edit... I just pull it up... and click Submit I get the same result. And get this... If instead of hitting Submit I hit Cancel I get the same result. I can create data sources and edit the mail setting and other such things... just scheduled tasks is suddenly having a problem. I have confirmed scheduled tasks are running... I can see the logs for them updating. This is a linux box running CF 9 Any ideas? Unfortunately the Google is not helping :( ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357628 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFAdmin failing to set up a Scheduled Task
Thanks... Like this Russ The CF server is @ 192.168.11.30 The local desktop is @ 192.168.11.123 I phone in and speak to the person at the desktop and guide them to set Scheduled Tasks My VPN connection assigns my desktop 192.168.13.102 and when I connect to the CF admin for the server it runs fine with the exception of failing as described earlier ... can not click Submit or even Cancel without the error being displayed. ~still a perplexed Gonzo On Fri, Feb 7, 2014 at 2:43 PM, Russ Michaels r...@michaels.me.uk wrote: are you connecting to the server using the same IP on each subnet to access the cfadmin ? On Fri, Feb 7, 2014 at 9:20 PM, Gonzo Rock gonzor...@gmail.com wrote: It's a virtulized linux box running on the same subnet as desktops that can successfully update the scheduled tasks. When I vpn into the network as the IP discussed above only the scheduled task update fails. For now I am directing them via telephone and email how to update and set the tasks but this is not an ideal workaround. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357629 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CFAdmin failing to set up a Scheduled Task
I have had Server closed the connection without sending any data and it has usually been browser related. I think this is more likely a problem being caused by your VPN connection interfering with the browser response. Is your cfadmin running over SSL by any chance ? On Sat, Feb 8, 2014 at 1:14 AM, Gonzo Rock gonzor...@gmail.com wrote: Thanks... Like this Russ The CF server is @ 192.168.11.30 The local desktop is @ 192.168.11.123 I phone in and speak to the person at the desktop and guide them to set Scheduled Tasks My VPN connection assigns my desktop 192.168.13.102 and when I connect to the CF admin for the server it runs fine with the exception of failing as described earlier ... can not click Submit or even Cancel without the error being displayed. ~still a perplexed Gonzo On Fri, Feb 7, 2014 at 2:43 PM, Russ Michaels r...@michaels.me.uk wrote: are you connecting to the server using the same IP on each subnet to access the cfadmin ? On Fri, Feb 7, 2014 at 9:20 PM, Gonzo Rock gonzor...@gmail.com wrote: It's a virtulized linux box running on the same subnet as desktops that can successfully update the scheduled tasks. When I vpn into the network as the IP discussed above only the scheduled task update fails. For now I am directing them via telephone and email how to update and set the tasks but this is not an ideal workaround. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:357630 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm