Decrypting MD5
Hey all sorry if this has been asked before. I did Google and didn't come up with a result. I want to know if I can decrypt passwords stored as MD5 in a SQL Server database using the Decrypt function? There are online tools out there that decrypt MD5 so I'm hoping that I can do this in CF. Thanks. Kind regards, Rick ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360234 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Can you use a CFTHREAD inside an Ajax routine?
When you say it doesn¹t generate any errors, do you mean that you¹ve looked through the exception logs? Unless you are trapping it with try/catch or a custom error handler, that¹s the only place you would discover that an error happened in a cfthread that you are spawning and forgetting. On 3/5/15, 3:47 PM, John Pullam jpul...@mcleansystems.com wrote: It seems to me that the CFTHREAD I attempt to start from inside an Ajax routine (triggered by a CFWINDOW) never runs and doesn't generate any error message. Can anyone advise if this is a legitimate thing to do? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360243 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360247 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360249 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360245 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Decrypting MD5
Hashes have other uses as well. I pull data from a source database that has over 3 gigs of data in it and every hour the owners of that database flag all the rows as updated even if they weren't. I need to pick up just the changed rows, so I pull down the primary key and a hash of all of the rest of the fields (but not the changed flag) and compare it to what I have in my database. If the key matches and the hash doesn't then I pull down that row. I went from pulling down 3 gigs every hour to just a few hundred rows ( 1 meg). Hashes have all sorts of uses! -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Thursday, March 12, 2015 9:09 AM To: cf-talk Subject: Re: Decrypting MD5 So basically MD5 is useless if you can't decrypt the value! That sucks. I don't know about useless. Hashing is not the same as encryption. They're intended to solve different problems. Let's say you're using a Windows network, with Active Directory. Active Directory doesn't actually know your password, because it doesn't need to know. All it needs to know is, did you enter the correct password when you hit Ctrl+Alt+Delete this morning - and it doesn't need to know what the password is in that case. Your workstation takes your plaintext password, generates a hash, and sends it to AD. AD compares the hash to the one it stored when you set your password in the first place. If they match, there's an extremely high likelihood that the plaintext passwords match as well. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360241 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Decrypting MD5
Just for reference. Here's a pretty good article on how to hash properly. https://crackstation.net/hashing-security.htm Hashing is often done incorrectly, even if it's being salted you never want to use the same salt across the board. Simple thing is, compute power is so available, brute forcing MD5 hashes is fairly easy these days. I wouldn't even recommend using MD5 for anything secure like a hash of a password. Stick to that for simple things like file compares, etc. Cheers, ~Byron ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360248 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Decrypting MD5
Yeah checking hashed values of software is used to confirm changes or lack there of. I use a piece of a hashed value in encrypted url qury strings to make sure the value wasn't changed between requests. Hash has a ton of uses. On Mar 12, 2015 9:15 AM, DURETTE, STEVEN J sd1...@att.com wrote: Hashes have other uses as well. I pull data from a source database that has over 3 gigs of data in it and every hour the owners of that database flag all the rows as updated even if they weren't. I need to pick up just the changed rows, so I pull down the primary key and a hash of all of the rest of the fields (but not the changed flag) and compare it to what I have in my database. If the key matches and the hash doesn't then I pull down that row. I went from pulling down 3 gigs every hour to just a few hundred rows ( 1 meg). Hashes have all sorts of uses! -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Thursday, March 12, 2015 9:09 AM To: cf-talk Subject: Re: Decrypting MD5 So basically MD5 is useless if you can't decrypt the value! That sucks. I don't know about useless. Hashing is not the same as encryption. They're intended to solve different problems. Let's say you're using a Windows network, with Active Directory. Active Directory doesn't actually know your password, because it doesn't need to know. All it needs to know is, did you enter the correct password when you hit Ctrl+Alt+Delete this morning - and it doesn't need to know what the password is in that case. Your workstation takes your plaintext password, generates a hash, and sends it to AD. AD compares the hash to the one it stored when you set your password in the first place. If they match, there's an extremely high likelihood that the plaintext passwords match as well. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360242 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Decrypting MD5
no it certainly is not useless. The whole point in hashing a value is so that it cannot be decrypted, typically this is used for passwords. Imagine a hacker gets into your web app, which is extremely common, then all your encrypted data is useless, because he has access to your code and can decrypt it all at leisure. This is how all your personal data gets stolen or your identity. You signed up on some website that had poor security, the hackers got in and got their database, decrypted all the data, and got all your personal details including username/password.They will then typically take the username/password you used on this site and try it on other sites as well, so anywhere else you used the same login is now also compromised. Most decent websites these days will hash sensitive data so that it cannot be decrypted and stolen. Any code you do have which decrypts data, should be protected from prying eyes, in the case of CF you could compile the CFML to a java class and only upload that to the server, don;t think there is anything much better than that for CF sadly. Or with PHP you would use somehting like Ioncube. On Thu, Mar 12, 2015 at 12:59 PM, Rick Sanders r...@webenergy.ca wrote: So basically MD5 is useless if you can't decrypt the value! That sucks. Kind regards, Rick -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Thursday, March 12, 2015 9:57 AM To: cf-talk Subject: Re: Decrypting MD5 I want to know if I can decrypt passwords stored as MD5 in a SQL Server database using the Decrypt function? There are online tools out there that decrypt MD5 so I'm hoping that I can do this in CF. There are no tools that actually decrypt MD5 hashes, to the best of my knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It lets you take a plaintext value and generates a hashed value, which cannot be decrypted. These online tools don't decrypt MD5 hashes. Instead, they have large databases of plaintext values and their corresponding MD5 hashes. When you hash a value, you should always get the same hash, so these tools compare the hash you provide against their database of existing hash values, and then lookup the corresponding plaintext value. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360244 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
So is this still a Windows 2003 server too? :D Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:59 AM, Scott Stewart webmas...@sstwebworks.com wrote: Wil, that's what I'm pushing for. The powers that be having been dragging their feet on upgrading. This may be just the thing to push them over. On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote: Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. â Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion â Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youâre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360251 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Decrypting MD5
Brute forcing MD5 hashes is really only going to work if you are still using weak passwords to begin with and just hashing them. This then works in exactly the same way as a brute force dictionary attack on a plain password, except they try the hashed version of the same password. You should always allow strong passwords and pass phrases, sadly so many sites still do not do this. On Thu, Mar 12, 2015 at 2:43 PM, Byron Mann byronos...@gmail.com wrote: Just for reference. Here's a pretty good article on how to hash properly. https://crackstation.net/hashing-security.htm Hashing is often done incorrectly, even if it's being salted you never want to use the same salt across the board. Simple thing is, compute power is so available, brute forcing MD5 hashes is fairly easy these days. I wouldn't even recommend using MD5 for anything secure like a hash of a password. Stick to that for simple things like file compares, etc. Cheers, ~Byron ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360252 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
Wil, that's what I'm pushing for. The powers that be having been dragging their feet on upgrading. This may be just the thing to push them over. On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote: Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. â Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion â Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youâre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360250 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
No, they seem to keep up with Microsoft releases :) On Thu, Mar 12, 2015 at 11:01 AM, Wil Genovese jugg...@trunkful.com wrote: So is this still a Windows 2003 server too? :D Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:59 AM, Scott Stewart webmas...@sstwebworks.com wrote: Wil, that's what I'm pushing for. The powers that be having been dragging their feet on upgrading. This may be just the thing to push them over. On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote: Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. â Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion â Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youâre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360253 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
It's a COTS app (CommonSpot) They've already produced a code base that will support 11. On Thu, Mar 12, 2015 at 12:12 PM, Dan G. Switzer, II dswit...@pengoworks.com wrote: You may find the jump from CF9 to CF10/11 to require changes to your app. I know the change for us was not straightforward. Make sure you plan for an extensive QA cycle after upgrading. One of the biggest issues we ran into was with date/time conversions. We store everything in UTC. Adobe changed the internals of the way that dates converted to UTC work that can cause issues with some types of date mathematical operations (like using the results of a createTimeSpan() to adjust a date.) We found a number of things that made our upgrade from CF9 to CF10 slow. On Thu, Mar 12, 2015 at 10:59 AM, Scott Stewart webmas...@sstwebworks.com wrote: Wil, that's what I'm pushing for. The powers that be having been dragging their feet on upgrading. This may be just the thing to push them over. On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote: Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. â Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion â Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youâre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360255 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Can you use a CFTHREAD inside an Ajax routine?
Steven, What is it that is telling you that the thread is not running? What is it supposed to do that it is not, manipulate the file system, execute a stored procedure? Is it supposed to return a value that you are not seeing? Remember that a function that initiates a thread will continue to run without waiting for the thread to finish unless a join action is performed. Dave -Original Message- From: Bobby [mailto:bo...@acoderslife.com] Sent: Thursday, March 12, 2015 10:49 AM To: cf-talk Subject: Re: Can you use a CFTHREAD inside an Ajax routine? When you say it doesn¹t generate any errors, do you mean that you¹ve looked through the exception logs? Unless you are trapping it with try/catch or a custom error handler, that¹s the only place you would discover that an error happened in a cfthread that you are spawning and forgetting. On 3/5/15, 3:47 PM, John Pullam jpul...@mcleansystems.com wrote: It seems to me that the CFTHREAD I attempt to start from inside an Ajax routine (triggered by a CFWINDOW) never runs and doesn't generate any error message. Can anyone advise if this is a legitimate thing to do? ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360256 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
You may find the jump from CF9 to CF10/11 to require changes to your app. I know the change for us was not straightforward. Make sure you plan for an extensive QA cycle after upgrading. One of the biggest issues we ran into was with date/time conversions. We store everything in UTC. Adobe changed the internals of the way that dates converted to UTC work that can cause issues with some types of date mathematical operations (like using the results of a createTimeSpan() to adjust a date.) We found a number of things that made our upgrade from CF9 to CF10 slow. On Thu, Mar 12, 2015 at 10:59 AM, Scott Stewart webmas...@sstwebworks.com wrote: Wil, that's what I'm pushing for. The powers that be having been dragging their feet on upgrading. This may be just the thing to push them over. On Thu, Mar 12, 2015 at 10:48 AM, Wil Genovese jugg...@trunkful.com wrote: Unless I missed it, Adobe has not certified ColdFusion 9.0.x on Java 8. â Remember this as I continue Also, Adobe ColdFusion 9.x.x reached End Of Life back on December 31st, 2014. http://www.trunkful.com/index.cfm/2014/11/24/ColdFusion-9-Reaches-End-Of-Life-Long-Live-ColdFusion â Remember this too Now, that I got those two items out of the way I will say that while researching and testing ColdFusion potential POODLE issues via CFHTTP I did happen to successfully attempt to run ColdFusion 9.0.2 fully patched on Java 1.8. (This blog post BTW: http://www.trunkful.com/index.cfm/2014/12/8/Preventing-SSLv3-Fallback-in-ColdFusion - The note at the bottom) There were no errors or warnings. I was able to run some code. I by no means tried to test all the functionality because I had a different goal to achieve when I was doing my research. So it could very well be possible. However I do have another concern. The company/agency youâre working for is requiring Java to be up to date, but not ColdFusion? I would embrace the Java 8 upgrade and say then we need to buy ColdFusion 11 and make the migration. (IMHO) Regards, Wil Wil Genovese Sr. Web Application Developer/ Systems Administrator CF Webtools www.cfwebtools.com wilg...@trunkful.com www.trunkful.com On Mar 12, 2015, at 9:37 AM, Scott Stewart webmas...@sstwebworks.com wrote: This is googleable uhmmm.. thanks Captain Obvious, here's your cape :P From what I was able to dig up ColdFusion 9 is a no go with Java 8. There are hotfixes available for 10 and 11... of course there's always Railo/Lucee .. On Thu, Mar 12, 2015 at 10:16 AM, Eric Roberts ow...@threeravensconsulting.com wrote: This is googleable...i was just looking for a similar solution with 10...you ar going to have to move several files from the sdk jre directory...one is tools.jar and msvcr1000.dll (I think)...you also have to change the java home setting in cfadmin to the jre directory in the sdk as well. Charlie Airheart has a page that describes pretty much everything you need to know. I don;t have the link handy, but I am sure you can easily find it via google. Eric On Thu, Mar 12, 2015 at 8:07 AM, Scott Stewart webmas...@sstwebworks.com wrote: Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360254 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Decrypting MD5
I want to know if I can decrypt passwords stored as MD5 in a SQL Server database using the Decrypt function? There are online tools out there that decrypt MD5 so I'm hoping that I can do this in CF. There are no tools that actually decrypt MD5 hashes, to the best of my knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It lets you take a plaintext value and generates a hashed value, which cannot be decrypted. These online tools don't decrypt MD5 hashes. Instead, they have large databases of plaintext values and their corresponding MD5 hashes. When you hash a value, you should always get the same hash, so these tools compare the hash you provide against their database of existing hash values, and then lookup the corresponding plaintext value. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360235 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Decrypting MD5
It looks like you can if you know the salt: http://www.hashkiller.co.uk/md5-decrypter.aspx http://www.md5online.org/ http://md5decryption.com/ http://www.md5decrypter.com/ Robert Harrison Full Stack Developer AIMG rharri...@aimg.com Main Office: 704-321-1234 ext.118 Direct Line: 516-302-4345 www.aimg.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360237 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Decrypting MD5
So basically MD5 is useless if you can't decrypt the value! That sucks. Kind regards, Rick -Original Message- From: Dave Watts [mailto:dwa...@figleaf.com] Sent: Thursday, March 12, 2015 9:57 AM To: cf-talk Subject: Re: Decrypting MD5 I want to know if I can decrypt passwords stored as MD5 in a SQL Server database using the Decrypt function? There are online tools out there that decrypt MD5 so I'm hoping that I can do this in CF. There are no tools that actually decrypt MD5 hashes, to the best of my knowledge. MD5 is a hashing algorithm, not an encryption algorithm. It lets you take a plaintext value and generates a hashed value, which cannot be decrypted. These online tools don't decrypt MD5 hashes. Instead, they have large databases of plaintext values and their corresponding MD5 hashes. When you hash a value, you should always get the same hash, so these tools compare the hash you provide against their database of existing hash values, and then lookup the corresponding plaintext value. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360236 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
RE: Decrypting MD5
So basically MD5 is useless if you can't decrypt the value! That sucks. Maybe, if you're storing data you need to retrieve. Generally I use if for data I need to compare (like passwords), then I just encrypt the values the same way and compare the encrypted values. Robert Harrison Full Stack Developer AIMG rharri...@aimg.com Main Office: 704-321-1234 ext.118 Direct Line: 516-302-4345 www.aimg.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360238 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
ColdFusion 9 on Java 8
Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360239 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: Decrypting MD5
So basically MD5 is useless if you can't decrypt the value! That sucks. I don't know about useless. Hashing is not the same as encryption. They're intended to solve different problems. Let's say you're using a Windows network, with Active Directory. Active Directory doesn't actually know your password, because it doesn't need to know. All it needs to know is, did you enter the correct password when you hit Ctrl+Alt+Delete this morning - and it doesn't need to know what the password is in that case. Your workstation takes your plaintext password, generates a hash, and sends it to AD. AD compares the hash to the one it stored when you set your password in the first place. If they match, there's an extremely high likelihood that the plaintext passwords match as well. Dave Watts, CTO, Fig Leaf Software 1-202-527-9569 http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Service-Disabled Veteran-Owned Small Business (SDVOSB) on GSA Schedule, and provides the highest caliber vendor- authorized instruction at our training centers, online, or onsite. ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360240 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: ColdFusion 9 on Java 8
Also, don't forget that with Java 8 you will not have access to any ODBC datasources as they have removed the JDBC-ODBC bridge in Java 1.8. This is a non-issue for most, but for company's like ours that provide middleware for legacy applications using older dBase, FoxPro, etc. back ends, you're stuck on Java 7 or need to pay a not so small amount of money on a pure JDBC driver (we've experimented with all of them and they all have inconsistencies and compatibility issues) or there are some not so inexpensive JDBC-ODBC bridge drivers, but if you're going to pay for drivers, you may as well use a pure JDBC version... Anyways, just a reminder for anyone else whose stuck having to support these old db's. Oracle is EOL'ing Java 7 in February. The agency that I work for is going to require upgrades to Java 8. Does anyone know definitively whether or not ColdFusion 9 will work on Java 8. We are in deep poop if it doesn't. Thanks sas -- -- Scott Stewart Adobe Certified Instructor, ColdFusion 8 9 Adobe Certified Expert, ColdFusion 8 9 Blog: http://www.sstwebworks.com Email: webmas...@sstwebworks.com ~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:360257 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm