date:20150312

Decrypting MD5

2015-03-12 Thread Rick Sanders


Hey all sorry if this has been asked before. I did Google and didn't come up 
with a result.

I want to know if I can decrypt passwords stored as MD5 in a SQL Server 
database using the Decrypt function? There are online tools out there that 
decrypt MD5 so I'm hoping that I can do this in CF. Thanks.

Kind regards,

Rick


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360234
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Can you use a CFTHREAD inside an Ajax routine?

2015-03-12 Thread Bobby


When you say it doesn¹t generate any errors, do you mean that you¹ve
looked through the exception logs? Unless you are trapping it with
try/catch or a custom error handler, that¹s the only place you would
discover that an error happened in a cfthread that you are spawning and
forgetting.

On 3/5/15, 3:47 PM, John Pullam jpul...@mcleansystems.com wrote:


It seems to me that the CFTHREAD I attempt to start from inside an Ajax
routine (triggered by a CFWINDOW) never runs and doesn't generate any
error message. Can anyone advise if this is a legitimate thing to do?



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360243
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Scott Stewart


This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P

From what I was able to dig up ColdFusion 9 is a no go with Java 8. There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts 
ow...@threeravensconsulting.com wrote:


 This is googleable...i was just looking for a similar solution with
 10...you ar going to have to move several files from the sdk jre
 directory...one is tools.jar and msvcr1000.dll (I think)...you also have to
 change the java home setting in cfadmin to the jre directory in the sdk as
 well.  Charlie Airheart has a page that describes pretty much everything
 you need to know.  I don;t have the link handy, but I am sure you can
 easily find it via google.

 Eric

 On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com
 wrote:

 
  Oracle is EOL'ing Java 7 in February. The agency that I work for is going
  to require upgrades to Java 8.
 
  Does anyone know definitively whether or not ColdFusion 9 will work on
 Java
  8. We are in deep poop if it doesn't.
 
  Thanks
 
  sas
 
  --
  --
  Scott Stewart
  Adobe Certified Instructor, ColdFusion 8  9
  Adobe Certified Expert, ColdFusion 8  9
 
  Blog: http://www.sstwebworks.com
  Email: webmas...@sstwebworks.com
 
 
 

 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360247
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Wil Genovese

Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8.
Remember this as I continue

Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014.
http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion
Remember this too

Now, that I got those two items out of the way I will say that while
researching and testing ColdFusion potential POODLE issues via CFHTTP I did
happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java
1.8. (This blog post BTW:
http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
- The note at the bottom)

There were no errors or warnings. I was able to run some code. I by no means
tried to test all the functionality because I had a different goal to achieve
when I was doing my research.

So it could very well be possible. However I do have another concern. The
company/agency youre working for is requiring Java to be up to date, but not
ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy
ColdFusion 11 and make the migration. (IMHO)

Regards,
Wil

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote:

This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P

From what I was able to dig up ColdFusion 9 is a no go with Java 8. There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts
ow...@threeravensconsulting.com wrote:

This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also have to
change the java home setting in cfadmin to the jre directory in the sdk as
well. Charlie Airheart has a page that describes pretty much everything
you need to know. I don;t have the link handy, but I am sure you can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

Oracle is EOL'ing Java 7 in February. The agency that I work for is going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work on
Java
8. We are in deep poop if it doesn't.

Thanks

sas

--
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8 9
Adobe Certified Expert, ColdFusion 8 9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360249
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Eric Roberts


This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also have to
change the java home setting in cfadmin to the jre directory in the sdk as
well.  Charlie Airheart has a page that describes pretty much everything
you need to know.  I don;t have the link handy, but I am sure you can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com
wrote:


 Oracle is EOL'ing Java 7 in February. The agency that I work for is going
 to require upgrades to Java 8.

 Does anyone know definitively whether or not ColdFusion 9 will work on Java
 8. We are in deep poop if it doesn't.

 Thanks

 sas

 --
 --
 Scott Stewart
 Adobe Certified Instructor, ColdFusion 8  9
 Adobe Certified Expert, ColdFusion 8  9

 Blog: http://www.sstwebworks.com
 Email: webmas...@sstwebworks.com


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360245
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypting MD5

2015-03-12 Thread DURETTE, STEVEN J


Hashes have other uses as well.  I pull data from a source database that has 
over 3 gigs of data in it and every hour the owners of that database flag all 
the rows as updated even if they weren't.  I need to pick up just the changed 
rows, so I pull down the primary key and a hash of all of the rest of the 
fields (but not the changed flag) and compare it to what I have in my database. 
 If the key matches and the hash doesn't then I pull down that row.  I went 
from pulling down 3 gigs every hour to just a few hundred rows ( 1 meg).

Hashes have all sorts of uses!

-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com] 
Sent: Thursday, March 12, 2015 9:09 AM
To: cf-talk
Subject: Re: Decrypting MD5


 So basically MD5 is useless if you can't decrypt the value! That sucks.

I don't know about useless. Hashing is not the same as encryption.
They're intended to solve different problems.

Let's say you're using a Windows network, with Active Directory.
Active Directory doesn't actually know your password, because it
doesn't need to know. All it needs to know is, did you enter the
correct password when you hit Ctrl+Alt+Delete this morning - and it
doesn't need to know what the password is in that case. Your
workstation takes your plaintext password, generates a hash, and sends
it to AD. AD compares the hash to the one it stored when you set your
password in the first place. If they match, there's an extremely high
likelihood that the plaintext passwords match as well.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
(SDVOSB) on GSA Schedule, and provides the highest caliber vendor-
authorized instruction at our training centers, online, or onsite.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360241
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypting MD5

2015-03-12 Thread Byron Mann


Just for reference. Here's a pretty good article on how to hash properly.

https://crackstation.net/hashing-security.htm

Hashing is often done incorrectly, even if it's being salted you never want
to use the same salt across the board. Simple thing is, compute power is so
available, brute forcing MD5 hashes is fairly easy these days. I wouldn't
even recommend using MD5 for anything secure like a hash of a password.
Stick to that for simple things like file compares, etc.

Cheers,
~Byron


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360248
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypting MD5

2015-03-12 Thread LRS Scout


Yeah checking hashed values of software is used to confirm changes or lack
there of.

I use a piece of a hashed value in encrypted url qury strings to make sure
the value wasn't changed between requests.

Hash has a ton of uses.
On Mar 12, 2015 9:15 AM, DURETTE, STEVEN J sd1...@att.com wrote:


 Hashes have other uses as well.  I pull data from a source database that
 has over 3 gigs of data in it and every hour the owners of that database
 flag all the rows as updated even if they weren't.  I need to pick up just
 the changed rows, so I pull down the primary key and a hash of all of the
 rest of the fields (but not the changed flag) and compare it to what I have
 in my database.  If the key matches and the hash doesn't then I pull down
 that row.  I went from pulling down 3 gigs every hour to just a few hundred
 rows ( 1 meg).

 Hashes have all sorts of uses!

 -Original Message-
 From: Dave Watts [mailto:dwa...@figleaf.com]
 Sent: Thursday, March 12, 2015 9:09 AM
 To: cf-talk
 Subject: Re: Decrypting MD5


  So basically MD5 is useless if you can't decrypt the value! That sucks.

 I don't know about useless. Hashing is not the same as encryption.
 They're intended to solve different problems.

 Let's say you're using a Windows network, with Active Directory.
 Active Directory doesn't actually know your password, because it
 doesn't need to know. All it needs to know is, did you enter the
 correct password when you hit Ctrl+Alt+Delete this morning - and it
 doesn't need to know what the password is in that case. Your
 workstation takes your plaintext password, generates a hash, and sends
 it to AD. AD compares the hash to the one it stored when you set your
 password in the first place. If they match, there's an extremely high
 likelihood that the plaintext passwords match as well.

 Dave Watts, CTO, Fig Leaf Software
 1-202-527-9569
 http://www.figleaf.com/
 http://training.figleaf.com/

 Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
 (SDVOSB) on GSA Schedule, and provides the highest caliber vendor-
 authorized instruction at our training centers, online, or onsite.



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360242
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypting MD5

2015-03-12 Thread Russ Michaels


no it certainly is not useless.
The whole point in hashing a value is so that it cannot be decrypted,
typically this is used for passwords.

Imagine a hacker gets into your web app, which is extremely common, then
all your encrypted data is useless, because he has access to your code and
can decrypt it all at leisure. This is how all your personal data gets
stolen or your identity. You signed up on some website that had poor
security, the hackers got in and got their database, decrypted all the
data, and got all your  personal details including username/password.They
will then typically take the username/password you used on this site and
try it on other sites as well, so anywhere else you used the same login is
now also compromised.

Most decent websites these days will hash sensitive data so that it cannot
be decrypted and stolen.

Any code you do have which decrypts data, should be protected from prying
eyes, in the case of CF you could compile the CFML to a java class and only
upload that to the server, don;t think there is anything much better than
that for CF sadly. Or with PHP you would use somehting like Ioncube.




On Thu, Mar 12, 2015 at 12:59 PM, Rick Sanders r...@webenergy.ca wrote:


 So basically MD5 is useless if you can't decrypt the value! That sucks.

 Kind regards,

 Rick

 -Original Message-
 From: Dave Watts [mailto:dwa...@figleaf.com]
 Sent: Thursday, March 12, 2015 9:57 AM
 To: cf-talk
 Subject: Re: Decrypting MD5


  I want to know if I can decrypt passwords stored as MD5 in a SQL
  Server database using the Decrypt function? There are online tools out
 there that decrypt MD5 so I'm hoping that I can do this in CF.

 There are no tools that actually decrypt MD5 hashes, to the best of my
 knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It lets
 you take a plaintext value and generates a hashed value, which cannot be
 decrypted.

 These online tools don't decrypt MD5 hashes. Instead, they have large
 databases of plaintext values and their corresponding MD5 hashes. When you
 hash a value, you should always get the same hash, so these tools compare
 the hash you provide against their database of existing hash values, and
 then lookup the corresponding plaintext value.

 Dave Watts, CTO, Fig Leaf Software
 1-202-527-9569
 http://www.figleaf.com/
 http://training.figleaf.com/

 Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
 (SDVOSB) on GSA Schedule, and provides the highest caliber vendor-
 authorized instruction at our training centers, online, or onsite.



 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360244
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Wil Genovese

So is this still a Windows 2003 server too? :D

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:59 AM, Scott Stewart webmas...@sstwebworks.com wrote:

Wil, that's what I'm pushing for. The powers that be having been dragging
their feet on upgrading. This may be just the thing to push them over.

On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote:

Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8.
â Remember this as I continue

Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st,
2014.
http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion
â Remember this too

Now, that I got those two items out of the way I will say that while
researching and testing ColdFusion potential POODLE issues via CFHTTP I did
happen to successfully attempt to run ColdFusion 9.0.2 fully patched on
Java 1.8. (This blog post BTW:
http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
- The note at the bottom)

There were no errors or warnings. I was able to run some code. I by no
means tried to test all the functionality because I had a different goal to
achieve when I was doing my research.

So it could very well be possible. However I do have another concern. The
company/agency youâre working for is requiring Java to be up to date, but
not ColdFusion? I would embrace the Java 8 upgrade and say then we need to
buy ColdFusion 11 and make the migration. (IMHO)

Regards,
Wil

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P

From what I was able to dig up ColdFusion 9 is a no go with Java 8. There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts
ow...@threeravensconsulting.com wrote:

This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also
have to
change the java home setting in cfadmin to the jre directory in the sdk
as
well. Charlie Airheart has a page that describes pretty much everything
you need to know. I don;t have the link handy, but I am sure you can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart
webmas...@sstwebworks.com
wrote:

Oracle is EOL'ing Java 7 in February. The agency that I work for is
going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work on
Java
8. We are in deep poop if it doesn't.

Thanks

sas

--
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8 9
Adobe Certified Expert, ColdFusion 8 9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360251
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypting MD5

2015-03-12 Thread Russ Michaels


Brute forcing MD5 hashes is really only going to work if you are still
using weak passwords to begin with and just hashing them. This then works
in exactly the same way as a brute force dictionary attack on a plain
password, except they try the hashed version of the same password.
You should always allow  strong passwords and pass phrases, sadly so many
sites still do not do this.


On Thu, Mar 12, 2015 at 2:43 PM, Byron Mann byronos...@gmail.com wrote:


 Just for reference. Here's a pretty good article on how to hash properly.

 https://crackstation.net/hashing-security.htm

 Hashing is often done incorrectly, even if it's being salted you never want
 to use the same salt across the board. Simple thing is, compute power is so
 available, brute forcing MD5 hashes is fairly easy these days. I wouldn't
 even recommend using MD5 for anything secure like a hash of a password.
 Stick to that for simple things like file compares, etc.

 Cheers,
 ~Byron


 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360252
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Scott Stewart

Wil, that's what I'm pushing for. The powers that be having been dragging
their feet on upgrading. This may be just the thing to push them over.

On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote:

Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8.
â Remember this as I continue

Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st,
2014.
http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion
â Remember this too

Now, that I got those two items out of the way I will say that while
researching and testing ColdFusion potential POODLE issues via CFHTTP I did
happen to successfully attempt to run ColdFusion 9.0.2 fully patched on
Java 1.8. (This blog post BTW:
http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
- The note at the bottom)

There were no errors or warnings. I was able to run some code. I by no
means tried to test all the functionality because I had a different goal to
achieve when I was doing my research.

Regards,
Wil

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P

From what I was able to dig up ColdFusion 9 is a no go with Java 8. There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts
ow...@threeravensconsulting.com wrote:

This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also
have to
change the java home setting in cfadmin to the jre directory in the sdk
as
well. Charlie Airheart has a page that describes pretty much everything
you need to know. I don;t have the link handy, but I am sure you can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart
webmas...@sstwebworks.com
wrote:

Oracle is EOL'ing Java 7 in February. The agency that I work for is
going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work on
Java
8. We are in deep poop if it doesn't.

Thanks

sas

--
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8 9
Adobe Certified Expert, ColdFusion 8 9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360250
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Scott Stewart

No, they seem to keep up with Microsoft releases :)

On Thu, Mar 12, 2015 at 11:01 AM, Wil Genovese jugg...@trunkful.com wrote:

So is this still a Windows 2003 server too? :D

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:59 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

Wil, that's what I'm pushing for. The powers that be having been dragging
their feet on upgrading. This may be just the thing to push them over.

On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com
wrote:

Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8.
â Remember this as I continue

Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st,
2014.

http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion
â Remember this too

http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
- The note at the bottom)

There were no errors or warnings. I was able to run some code. I by no
means tried to test all the functionality because I had a different
goal to
achieve when I was doing my research.

So it could very well be possible. However I do have another concern.
The
company/agency youâre working for is requiring Java to be up to date,
but
not ColdFusion? I would embrace the Java 8 upgrade and say then we need
to
buy ColdFusion 11 and make the migration. (IMHO)

Regards,
Wil

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

This is googleable uhmmm.. thanks Captain Obvious, here's your cape
:P

From what I was able to dig up ColdFusion 9 is a no go with Java 8.
There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts
ow...@threeravensconsulting.com wrote:

This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also
have to
change the java home setting in cfadmin to the jre directory in the
sdk
as
well. Charlie Airheart has a page that describes pretty much
everything
you need to know. I don;t have the link handy, but I am sure you can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart
webmas...@sstwebworks.com
wrote:

Oracle is EOL'ing Java 7 in February. The agency that I work for is
going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work
on
Java
8. We are in deep poop if it doesn't.

Thanks

sas

--
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8 9
Adobe Certified Expert, ColdFusion 8 9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360253
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Scott Stewart

It's a COTS app (CommonSpot) They've already produced a code base that will
support 11.

On Thu, Mar 12, 2015 at 12:12 PM, Dan G. Switzer, II
dswit...@pengoworks.com wrote:

You may find the jump from CF9 to CF10/11 to require changes to your app. I
know the change for us was not straightforward. Make sure you plan for an
extensive QA cycle after upgrading. One of the biggest issues we ran into
was with date/time conversions. We store everything in UTC. Adobe changed
the internals of the way that dates converted to UTC work that can cause
issues with some types of date mathematical operations (like using the
results of a createTimeSpan() to adjust a date.) We found a number of
things that made our upgrade from CF9 to CF10 slow.

On Thu, Mar 12, 2015 at 10:59 AM, Scott Stewart webmas...@sstwebworks.com

wrote:

Wil, that's what I'm pushing for. The powers that be having been dragging
their feet on upgrading. This may be just the thing to push them over.

On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com
wrote:

Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8.
â Remember this as I continue

Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st,
2014.

http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion
â Remember this too

http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
- The note at the bottom)

There were no errors or warnings. I was able to run some code. I by no
means tried to test all the functionality because I had a different
goal
to
achieve when I was doing my research.

So it could very well be possible. However I do have another concern.
The
company/agency youâre working for is requiring Java to be up to date,
but
not ColdFusion? I would embrace the Java 8 upgrade and say then we need
to
buy ColdFusion 11 and make the migration. (IMHO)

Regards,
Wil

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:37 AM, Scott Stewart
webmas...@sstwebworks.com
wrote:

This is googleable uhmmm.. thanks Captain Obvious, here's your cape
:P

From what I was able to dig up ColdFusion 9 is a no go with Java 8.
There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts
ow...@threeravensconsulting.com wrote:

This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also
have to
change the java home setting in cfadmin to the jre directory in the
sdk
as
well. Charlie Airheart has a page that describes pretty much
everything
you need to know. I don;t have the link handy, but I am sure you
can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart
webmas...@sstwebworks.com
wrote:

Oracle is EOL'ing Java 7 in February. The agency that I work for is
going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work
on
Java
8. We are in deep poop if it doesn't.

Thanks

sas

--
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8 9
Adobe Certified Expert, ColdFusion 8 9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360255
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Can you use a CFTHREAD inside an Ajax routine?

2015-03-12 Thread David Phelan


Steven,

What is it that is telling you that the thread is not running?  What is it 
supposed to do that it is not, manipulate the file system, execute a stored 
procedure?  Is it supposed to return a value that you are not seeing?  Remember 
that a function that initiates a thread will continue to run without waiting 
for the thread to finish unless a join action is performed.

Dave

-Original Message-
From: Bobby [mailto:bo...@acoderslife.com] 
Sent: Thursday, March 12, 2015 10:49 AM
To: cf-talk
Subject: Re: Can you use a CFTHREAD inside an Ajax routine?


When you say it doesn¹t generate any errors, do you mean that you¹ve looked 
through the exception logs? Unless you are trapping it with try/catch or a 
custom error handler, that¹s the only place you would discover that an error 
happened in a cfthread that you are spawning and forgetting.

On 3/5/15, 3:47 PM, John Pullam jpul...@mcleansystems.com wrote:


It seems to me that the CFTHREAD I attempt to start from inside an Ajax 
routine (triggered by a CFWINDOW) never runs and doesn't generate any 
error message. Can anyone advise if this is a legitimate thing to do?





~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360256
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Dan G. Switzer, II

On Thu, Mar 12, 2015 at 10:59 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

Wil, that's what I'm pushing for. The powers that be having been dragging
their feet on upgrading. This may be just the thing to push them over.

On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com
wrote:

Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8.
â Remember this as I continue

Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st,
2014.

http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion
â Remember this too

http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion
- The note at the bottom)

There were no errors or warnings. I was able to run some code. I by no
means tried to test all the functionality because I had a different goal
to
achieve when I was doing my research.

So it could very well be possible. However I do have another concern. The
company/agency youâre working for is requiring Java to be up to date, but
not ColdFusion? I would embrace the Java 8 upgrade and say then we need
to
buy ColdFusion 11 and make the migration. (IMHO)

Regards,
Wil

Wil Genovese
Sr. Web Application Developer/
Systems Administrator
CF Webtools
www.cfwebtools.com

wilg...@trunkful.com
www.trunkful.com

On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com
wrote:

This is googleable uhmmm.. thanks Captain Obvious, here's your cape
:P

From what I was able to dig up ColdFusion 9 is a no go with Java 8.
There
are hotfixes available for 10 and 11... of course there's always
Railo/Lucee ..

On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts
ow...@threeravensconsulting.com wrote:

This is googleable...i was just looking for a similar solution with
10...you ar going to have to move several files from the sdk jre
directory...one is tools.jar and msvcr1000.dll (I think)...you also
have to
change the java home setting in cfadmin to the jre directory in the
sdk
as
well. Charlie Airheart has a page that describes pretty much
everything
you need to know. I don;t have the link handy, but I am sure you can
easily find it via google.

Eric

On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart
webmas...@sstwebworks.com
wrote:

Oracle is EOL'ing Java 7 in February. The agency that I work for is
going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work
on
Java
8. We are in deep poop if it doesn't.

Thanks

sas

--
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8 9
Adobe Certified Expert, ColdFusion 8 9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360254
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypting MD5

2015-03-12 Thread Dave Watts


 I want to know if I can decrypt passwords stored as MD5 in a SQL Server 
 database using the Decrypt
 function? There are online tools out there that decrypt MD5 so I'm hoping 
 that I can do this in CF.

There are no tools that actually decrypt MD5 hashes, to the best of my
knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It
lets you take a plaintext value and generates a hashed value, which
cannot be decrypted.

These online tools don't decrypt MD5 hashes. Instead, they have large
databases of plaintext values and their corresponding MD5 hashes. When
you hash a value, you should always get the same hash, so these tools
compare the hash you provide against their database of existing hash
values, and then lookup the corresponding plaintext value.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
(SDVOSB) on GSA Schedule, and provides the highest caliber vendor-
authorized instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360235
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypting MD5

2015-03-12 Thread Robert Harrison


It looks like you can if you know the salt:

http://www.hashkiller.co.uk/md5-decrypter.aspx

http://www.md5online.org/ 

http://md5decryption.com/ 

http://www.md5decrypter.com/ 


Robert Harrison
Full Stack Developer
AIMG
rharri...@aimg.com
Main Office: 704-321-1234  ext.118
Direct Line: 516-302-4345
www.aimg.com



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360237
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypting MD5

2015-03-12 Thread Rick Sanders


So basically MD5 is useless if you can't decrypt the value! That sucks.

Kind regards,

Rick 

-Original Message-
From: Dave Watts [mailto:dwa...@figleaf.com] 
Sent: Thursday, March 12, 2015 9:57 AM
To: cf-talk
Subject: Re: Decrypting MD5


 I want to know if I can decrypt passwords stored as MD5 in a SQL 
 Server database using the Decrypt function? There are online tools out there 
 that decrypt MD5 so I'm hoping that I can do this in CF.

There are no tools that actually decrypt MD5 hashes, to the best of my 
knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It lets you 
take a plaintext value and generates a hashed value, which cannot be decrypted.

These online tools don't decrypt MD5 hashes. Instead, they have large databases 
of plaintext values and their corresponding MD5 hashes. When you hash a value, 
you should always get the same hash, so these tools compare the hash you 
provide against their database of existing hash values, and then lookup the 
corresponding plaintext value.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
(SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized 
instruction at our training centers, online, or onsite.



~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360236
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

RE: Decrypting MD5

2015-03-12 Thread Robert Harrison


 So basically MD5 is useless if you can't decrypt the value! That sucks.

Maybe, if you're storing data you need to retrieve. Generally I use if for
data I need to compare (like passwords), then I just encrypt the values the
same way and compare the encrypted values. 

Robert Harrison
Full Stack Developer
AIMG
rharri...@aimg.com
Main Office: 704-321-1234  ext.118
Direct Line: 516-302-4345
www.aimg.com


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360238
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

ColdFusion 9 on Java 8

2015-03-12 Thread Scott Stewart


Oracle is EOL'ing Java 7 in February. The agency that I work for is going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work on Java
8. We are in deep poop if it doesn't.

Thanks

sas

-- 
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8  9
Adobe Certified Expert, ColdFusion 8  9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com


~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360239
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: Decrypting MD5

2015-03-12 Thread Dave Watts


 So basically MD5 is useless if you can't decrypt the value! That sucks.

I don't know about useless. Hashing is not the same as encryption.
They're intended to solve different problems.

Let's say you're using a Windows network, with Active Directory.
Active Directory doesn't actually know your password, because it
doesn't need to know. All it needs to know is, did you enter the
correct password when you hit Ctrl+Alt+Delete this morning - and it
doesn't need to know what the password is in that case. Your
workstation takes your plaintext password, generates a hash, and sends
it to AD. AD compares the hash to the one it stored when you set your
password in the first place. If they match, there's an extremely high
likelihood that the plaintext passwords match as well.

Dave Watts, CTO, Fig Leaf Software
1-202-527-9569
http://www.figleaf.com/
http://training.figleaf.com/

Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business
(SDVOSB) on GSA Schedule, and provides the highest caliber vendor-
authorized instruction at our training centers, online, or onsite.

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360240
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Re: ColdFusion 9 on Java 8

2015-03-12 Thread Andy G


Also, don't forget that with Java 8 you will not have access to any ODBC 
datasources as they have removed the JDBC-ODBC bridge in Java 1.8.
 
This is a non-issue for most, but for company's like ours that provide 
middleware for legacy applications using older dBase, FoxPro, etc. back ends, 
you're stuck on Java 7 or need to pay a not so small amount of money on a pure 
JDBC driver (we've experimented with all of them and they all have 
inconsistencies and compatibility issues) or there are some not so inexpensive 
JDBC-ODBC bridge drivers, but if you're going to pay for drivers, you may as 
well use a pure JDBC version...
 
Anyways, just a reminder for anyone else whose stuck having to support these 
old db's.
 
Oracle is EOL'ing Java 7 in February. The agency that I work for is going
to require upgrades to Java 8.

Does anyone know definitively whether or not ColdFusion 9 will work on Java
8. We are in deep poop if it doesn't.

Thanks

sas

-- 
--
Scott Stewart
Adobe Certified Instructor, ColdFusion 8  9
Adobe Certified Expert, ColdFusion 8  9

Blog: http://www.sstwebworks.com
Email: webmas...@sstwebworks.com 

~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360257
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Decrypting MD5

Re: Can you use a CFTHREAD inside an Ajax routine?

Re: ColdFusion 9 on Java 8

Re: ColdFusion 9 on Java 8

Re: ColdFusion 9 on Java 8

RE: Decrypting MD5

Re: Decrypting MD5

RE: Decrypting MD5

Re: Decrypting MD5

Re: ColdFusion 9 on Java 8

Re: Decrypting MD5

Re: ColdFusion 9 on Java 8

Re: ColdFusion 9 on Java 8

Re: ColdFusion 9 on Java 8

RE: Can you use a CFTHREAD inside an Ajax routine?

Re: ColdFusion 9 on Java 8

Re: Decrypting MD5

RE: Decrypting MD5

RE: Decrypting MD5

RE: Decrypting MD5

ColdFusion 9 on Java 8

Re: Decrypting MD5

Re: ColdFusion 9 on Java 8

23 matches

Site Navigation

Mail list logo

Footer information