CFSERVER and security
At 12:48 PM 5/8/2001 -0400, you wrote: Is this T: drive physically on your server, or is it on another server? If it is on another server, the CF Service must be run in the context of a user that would have access to that other server. Just because you can see the drive share doesn't mean CF can. This response was originally part of a discussion on accessing files using cffile, and the need to run cfserver under a user account as opposed to the system account. I'm concerned with the ramifications of running cfserver as a user account as opposed to the system account. Are there security issues that don't exist when it's run under the system account ? We've got a pretty heavily used existing live box that has been running cfserver under the system account. I'm concerned about A:breaking existing applications and B:creating security holes that didn't exist before. Any advice would be appreciated. Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] __ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Desperate for Hosting URGENT WARNING URGENT
At 10:22 AM 6/20/01, you wrote: I can second (or third) media3... We've been with them for about 4 years now, have 4 colo machines, and are very happy with their service. I unfortunately have to agree about CIHost. Their prices are pretty good but I had my site hosted there for a couple of years before I moved. It goes down constantly and there was a time (pre-ColdFusion conversion when my site was on Unix) that my site was down completely for 6 weeks. I finally moved hosts and CIHost kept denying my DNS change. There was another person who recommended media3.net and I'll agree with that...I personally think Media3 is fantastic and I have never had any downtime that lasted more than a few seconds. Support is responsive and intelligent there and the prices are very good. -Marla Jenkins Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: New CF5 Partner Hosting License
At 09:48 AM 4/27/01, you wrote: Michael, If the UK or other non-US ISPs talked to A/MM, maybe individual deals could be made. If I was at A/MM I'd talk to ISPs on a per company basis and for some wave the fee for a time to 'help get them on their feet'. ISP building is great in the long run but may cost a little in licensing in the short. But that's just me. While this may serve to put some balm on the current wound, it indicates a mindset that, if it comes to pass, will amount to a significant dropoff in the vitality of this community. Waiving the fee for a time is not the issue, it's dealing with the competitive pressures. When crossing paths with micro$oft, one misstep is all it takes... Netscape made that misstep, and never recovered. I'm afraid that if a/MM takes licensing in this direction, they will not recover from that. I know that we will switch to another platform (probably asp) if, in fact this is where the licensing is headed. We've looked forward to the features in CF5 for awhile now, but it is just not going to be a viable alternative if a/MM goes down this road. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: New CF5 Partner Hosting License
At 07:27 AM 4/27/01, you wrote: Len, I certainly can't fault them on principle if this is their approach.. Whether or not this is a valid revenue model remains to be seen. From my perspective (which is different than most g), each developer needs to decide whether this fits THEIR business model.. I'm afraid without a critical mass of lower end stuff, there will be no energy base upon which to have and develop a brand name and a viable community. and it certainly doesn't fit OUR business model. I'm about as anti-m$ as you can get, but i'm ready to jump ship to asp if this comes to pass. I used to use webboard many years ago, but switched to IIS when our business model and approach dictated it. MM could be positioning CF upmarket, abandoning the low-end web apps to PHP, open source platforms, and ASP, and targetting primarily, exclusively the corps, not the hosting services, knowing MM can´t run a business competing with free open source software, and the equally free MS security blanket. I remember Jeremy, I think, saying if you can´t get your tools adopted by the corps, strategically, you´re dead. He didn´t say anything about CF hosting shops. Len http://MenAndMice.com/DNS-training : Austin,TX: SFO,CA; 7,8 May http://BIND8NT.MEIway.com : ISC BIND 8.2.3 NT3 for NT4 W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: New CF5 Partner Hosting License
At 01:35 PM 4/27/01, you wrote: Yet ??? gg Don't panic yet. I believe a FAQ is in the works that will explain all this. that's good news... ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
CGI interface implementation help
I'm looking for the best way to deal with some cgi interaction issues. We currently have a functioning application utilizing cfhttp calls to a cgi program we've written. I'm not real comfortable with the way we've setup the interaction between cold fusion and the cgi program. We wrote the cgi program, and can modify it to produce the content in whatever format is best (i hope g) The cgi program is used for data access to proprietary databases that cold fusion cannot access directly. There are no other data sources set-up within cold fusion. We are using version 4.0.1. The cgi programs and databases are currently located on the same server as the webserver. We will be moving them to a different machine shortly as part of this speed-up process. This is the way the program is structured. cold fusion calls the cgi program through cfhttp the cgi program returns data to cold fusion in the form of cftags i.e. cfset this = that etc. the return data is stored in a variable filecontent filecontent is then sent through ben forta's execute.cfm tag as a cfinclude: cfset ExecuteTempDir=expandpath("./execute/") cfset lDeleteFile=TRUE CFSET ExecuteCode="#filecontent#" CFINCLUDE Template="#mydirectory#/cftags/Execute.cfm" The result is that all the cfsets are executed and included in the calling page right where the cfhttp call is made. While this is working well, this method seems to have some significant drawbacks: 1. by including the randomly named .cfm files which are generated by the execute.cfm tag, it seems to me, we are effectively defeating cold fusions templace caching ability. 2. I'm not comfortable with the scalability of this approach. We had a website that generated 120,000 hits over a 2 day span, and the cf service had to be cycled a couple of times a day. While we've taken a look at the cf code for memory leaks, are locking all our variables, and are also making extensive use of the request scope, we're still seeing a significant increase in memory usage on the server commensurate with with traffic. we are using very little in the way of session and application variables, and no client variables. As i was writing this, i noticed i was taking filecontent and copying it's contents to the variable executecode with the statement: CFSET ExecuteCode="#filecontent#" since the variable filecontent could contain up to 50k or 100k worth of data, i guess one of the speed-ups i could do would be to put the information that comes back from the cgi program directly into the variable executecode, thereby saving the memory that duplicating the 50 or 100k of data is taking. (duh).. Since i can structure the information returned by the cgi program in any manner we choose, i'm wondering what alternatives i might have that would not require the use of the execute tag, and could result in less load on the server. Thanks in advance for any thoughts you might have on this issue... Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: REQUEST scope
At 06:02 PM 12/12/00 , you wrote: What happens within a custom cfml tag if the tag inadvertantly refers to or redefines a variable defined in the request scope? For example, say, in application.cfm cfset request.datasource = "SomeDSN" Then, within a cfml tag, you have: cfset datasource = "AnotherDSN" i believe this creates a LOCAL variable, and the request.variable would still be available. So, if you were to issue the command: cfset newvar=datasource before the line: cfset datasource = "AnotherDSN" you would get a cferror, if you want to access the request.datasource, you'd have to specify it. cfset newvar=request.datasource ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: OT: Who's hacking around ???
At 04:00 PM 12/3/00 , you wrote: the asp file is encrypted.. i can send it directly to anyone who would like it.. Can you post the code for that ASP file eeyerulez??? Im assuming that page is connecting to the exe file by the same name eeyehack.exe. Perhaps its grabbing any information posted to your CGI programs then reporting this information back through the ASP page somehow. If indeed its doing something like that then there has to be some kinda link back to them through something. Post code for that ASP file find out what that its really doing in there. From: "Brian L. Wolfsohn" [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: CF-Talk [EMAIL PROTECTED] Subject: OT: Who's hacking around ??? Date: Sat, 02 Dec 2000 23:55:19 -0500 i've found these suspicious looking files in one of our cgi directories. Has anyone heard of these ?? can you point me to any resources for checking on them ?? eeyerulez.asp logfilename sysmng.exe sensepost.exe eeyehack.exe ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
OT: Who's hacking around ???
i've found these suspicious looking files in one of our cgi directories. Has anyone heard of these ?? can you point me to any resources for checking on them ?? eeyerulez.asp logfilename sysmng.exe sensepost.exe eeyehack.exe ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
CUS Xmas Party!!
All cf'ers are invited. This is not a recruitment ad. We have NO COLDFUSION JOB OPENINGS. There is no hidden agenda.. There will be no recruiting at the party. We are NOT a recruiting firm.. If someone tries any recruiting, that's what we have the pool for... So, throw all recruiters in the pool... The rest of you can enjoy the party and talk amongst yourselves... You're Invited To the 16th Annual C-U-S Not-So-Traditional Xmas Party Awards Presentation Saturday, December 16th, 2000 (12/22/2001) 7:30 P.M. to Whenever From All of us - to All of You - A wish for Happiness in a world at peace Please come share the spirit of this joyous season with us (It can be this way always) C-U-S Business Systems 20210 S.W. 48th Place Fort Lauderdale, FL 2-1096 Expected Weather: Temperature usually around 70, could be cooler, so bring a sweater just in case. By official edict: NO RAIN; NO HURRICANES !! Directions to Brian's 20210 SW 48th Place 1. Wear clean underwear.. (Don't ask...) 2. Get off plane in Fort Lauderdale. (Separate directions are available for those flying into Miami.) 3. Take I-595 West to I-75 South. 4. Go South on I-75 to Griffin Road West. 5. Griffin Road West 4.2 miles to 202nd Ave, immediately after the stand of pine trees in the center island. 6. Left (South) on 202nd. Go 2 blocks to S.W. 48th Place. 7. Right on S.W. 48th Place. We're the second house on the left. Park wherever you can find a spot in the surrounding 4 blocks. 8. If you see any alligators, you went about 1 mile too far (as long as you went too far, please check for the remains of my great aunt Alice who got lost on her way to the party 4 years ago.) PS You don't have to arrive by plane. Trains, boats, horseback cars are all allowed. There will be camping on-site again this year as but the rooms are full-up at the Wolfsohn Inn. So, if you have camping gear, feel free to bring it. If you're not the camping type, there are hotels in the area. Just call the office for specifics. (Dave Cambest, two young ladies who say they met you at something called treasure island were asking about your "campground tours".. Would you like to fill in the host on what you have planned here.. ) PPS The driveway is reserved for Miatas ( John McCracken ) PPPS There will be a secure room for the folk club to store their instruments and extra band members. Attire Dress Optional. (Pants also optional) Ozzie, Requests are pouring in from all over the folkincountry for your Tina Turner outfit. Heather, Your halloween outfit won't work for the xmas party. Sandy, On the other hand, YOUR halloween outfit might.. Clayton, Jeans, not those pajama things you parade around in..SFSF Donna, No, you can't wear the postman. Jack Hardy, An orange shirt would be nice.. Steve G., No, you can't wear Robby's clothes. (but, I hear Susan M. has an outfit you can wear). Kid: Even those white pants won't get you in the door. Billy M. No, you can't just wear your mandolin !! Birthday Boys and Birthdays Girls: You are NOT required to wear your birthday suits.. (this includes you, Donna) (Everyone else... You're on your own Good luck) Age Requirements 18 or Over; 100 or under Food More than you could eat in two days.. So, arrive hungry.. And take food home... Drink Of course, but don't drink drive. Designated drunks must identify themselves at check-in. Party Officially begins at 7:30 p.m. Slave labor, oops early arrivals are welcome. Awards Ceremony Approximately 10:00 p.m. I promise; this year, the awards ceremony will be finished by the time the garbage is picked up Monday morning.. Musical Entertainment Immediately after the awards, there will be a very special musical guest. Don't miss this very, very special talent. RSVP by December 8th RSVP: This means you take 5 seconds out of your busy schedule, turn down that Milli Vanilli album, Sean Williams, tell us whether or not you're coming to the party. (Even if you are just reading this and don't know us, tell us you read it and aren't coming!!) We need to know whether to get 3 or 4 suckling pigs for the roast. (Not to worry, we use only kosher pigs) We also need to know whether to order 3 or 4 virgins (mixed sexes) for sacrifice to the party gods. Please contact us at (954) 680-6545 to rsvp or to volunteer for the sacrifices, or e-mail to [EMAIL PROTECTED] Entertainment 1. Nicole will be demonstrating what she learned this year in knife throwing at the circus - 101. It's not too late to volunteer to be her
Re: CUS Xmas Party!!
At 02:29 PM 11/29/00 , you wrote: Are you sure you won't be still counting ballots? (running and ducking ;-) Actually, while there won't be any recruiting going on, we will have a ballot counting hour around 1AM.. At 02:06 PM 11/29/00 -0500, you wrote: All cf'ers are invited. This is not a recruitment ad. We have NO COLDFUSION JOB OPENINGS. There is no hidden agenda.. There will be no recruiting at the party. We are NOT a recruiting firm.. If someone tries any recruiting, that's what we have the pool for... So, throw all recruiters in the pool... The rest of you can enjoy the party and talk amongst yourselves... You're Invited To the 16th Annual C-U-S Not-So-Traditional Xmas Party Awards Presentation Saturday, December 16th, 2000 (12/22/2001) 7:30 P.M. to Whenever From All of us - to All of You - A wish for Happiness in a world at peace Please come share the spirit of this joyous season with us (It can be this way always) C-U-S Business Systems 20210 S.W. 48th Place Fort Lauderdale, FL 2-1096 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
CFLOCK and isdefined
There have been a number of discussions about cflock over the past few months, but i don't remember seeing anything about this combination. I'm locking my writes with type="Exclusive", and all my reads with type= "Readonly", but do i need a cflock around cfif isdefined("session.myvar") ?? SInce i sometimes do a cfabort within the else, what is the best way to handle this if a lock is required. I presume we don't want to do a cflock followed by a cfabort before the /cflock. TIA Brian (Breadman) Wolfsohn [EMAIL PROTECTED] CUS Business Systems - Folksites for Webbieshttp://www.cus.com Visit the Kerrville Ramblings Website: http://itcanbethiswayalways.com If i am not for me, then who will be If i am only for me, then what am i ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: CFLOCK and isdefined
At 10:30 AM 11/28/00 , you wrote: Get the value in a lock, then test the value after closing the lock. A good technique for all locking to make the locked section as quick as possible. cflock cfset variables.myvar = session.myvar /cflock cfif isdefined("variables.myvar") uh, if session.myvar is not defined, won't the line within the cflock crash ?? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFLOCK and isdefined
At 10:51 AM 11/28/00 , you wrote: Dave, Patricia, Justin, Thanks for all your suggestions.. in other languages, i've gotten into the habit of not leaving any locks "open". that's why the concern about a cfabort before the /cflock. I guess th elock would just timeout, but i'd prefer to know. In the interim, instead of cfaborting within the lock, i can re-write to set a var if there s/b a cfabort, and then do the abort after the end of the lock. When you do an isdefined, CF is attempting a read of the variable name. Yes. You do need a READ Lock around IsDefined Statements. I can't see why a CFABORT inside of the CFLOCK would cause any kind of problem. I know where your thought process is going... but I still sense no problem there. Perhaps someone else has a more definitive answer about that aspect of your question. ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
What's running on my machine
IS it possible to have a .cfm template return the names of all applications created with cfapplication currently running on a given machine ?? ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Re: please recommend cf host
At 09:42 AM 11/10/00 , you wrote: www.media3.net we colocate w/ them, but they have plans for small to large setups.. I am a fledgling cf user and am looking for a cf host. This site is the archives of a science journal, with abstracts in HTML, and full text articles in PDF. Here are the characteristics of the site: NEEDS: - Traffic: Average 250 megs transfer per month Disk space: Currently 470 megs, grows by 125 megs per year Needs: Verity collection to index PDF Needs: CFCONTENT tag to push PDF to registered users who are granted access by IP or by userid/password. Access database Site (currently unix) at: http://www.scanning.org/ If you are recommending a host, please include the address of your site located at that host. With your permission, I will run a Netmechanic Serverwatch for 8 hours to check out your host's performance. http://www.netmechanic.com/monitor.htm Thanks. --- - Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Ben Forta: Execute.cfm question
Ben, (and others) we're a heavy user of the execute.cfm tag. Since this tag creates temporary.cfm files that are then accessed by the cold fusion server, what is the effect of all these files on the caching of .cfm templates ?? It seems they would knock permanent templates out of the cache.. Is this a problem ?? if so, are there any alternatives to this approach ?? Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
cfhttp
I'm having a problem with cfhttpparam if there is an in the attributes.cClass variable, i'm either getting a connection failure response, or the page is timing out. the may be a legitimate character to be in the field, but in the meantime, i've worked around the problem by replacing the with a /. I'd like to be able to allow an in this variable. No , no problem.. Does anyone have any suggestions ?? cfhttpparam type="FORMFIELD" name="cClass" value=#attributes.cClass# Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
OT: Security issue
Last night, one of our machines was "hacked".. we're looking into how, but what we've been able to discover so far, is that the I_USE and I_WAM accounts were locked out, so all the websites were, in effect, useless at that point. It was explained to me that the I_USE and I_WAM accounts could have been locked out through the web when someone tried to access a protected directory, and got the basic windows username password box. If I_USR_MACHINENAME is entered with an incorrect password n times, the account would get locked out. same for I_WAM. While i understand about accounts being locked out, it doesn't make sense to me that i haven't head about this before. it would seem to be a major security issue if someone could use a browser to access a protected directory, or even easier, use FTP to try and access the domain, and put in I_USR_ETC as the user and lock the account out by entering bad passwords that way. Have any of you experienced this ?? does this make any sense ?? Does anyone have any suggestions about how to best prevent this ?? This seems like a very easy, and major, albeit easy to fix (nothing else appeared to have been compromised, except these 2 accounts), with minimal damage, security problem. Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists or send a message with 'unsubscribe' in the body to [EMAIL PROTECTED]
Re: TO ALL: Request for ColdFusion SP2 Input
At 08:50 AM 9/27/00 , you wrote: ColdFusion Service Pack 2 is under construction, and I'd like to get your feedback on what you believe to be Must-Be-Fixed items. i know one of the items that makes me very uncomfortable is the apparent code incompatibility on the locking issues. i.e. code written for CF server 4.5.1 locking doesn't easily work on 4.0 and vice versa.. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
CFHTTP
We've successfully used cfhttp in a cf 4.01 environment. I'm trying to run the same code on a cf 4.51 box now, and am getting the message "connection failure" being returned by the cgi program cfhttp is running. same code is working on other boxes w/ 4.01. So, i could havbe a mis-configured box, or is there some code imcompatibility between 4.5.1 and 4.0.1 in the cfhttp area ?? Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: Allaire security problem - anyone know solution?
At 01:40 PM 8/3/00 , you wrote: Dave, As always, thanks for the wealth of information, explained clearly... Your comments raise a simple question: 2. Remove the right to read files from whatever user the CF server is running as (typically SYSTEM). All CF needs to be able to do is execute. I presume this will not affect reading the contents of a file with cffile/read ?? Again, both of these are things that you should already be doing on NT production web servers! If you do these things, you won't have to worry about the vast majority of IIS "exploits". Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: More CFLOCK
At 04:27 PM 8/2/00 , you wrote: Bud, perhaps the user has 3 or 4 browser windows open, or multiple frames hitting session vars at the same time.. best regards.. I'm still trying to decipher in my own mind why it would be so important to lock session variables. Application variables I can understand, because if one person changes the value, the value will change for everyone. But what about sessions? If I have session.foo in my application, there could be 100 people that have session.foo set to 100 different values. How would person 1 changing the value of session.foo affect the other 99 people? -- Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
4.51 Ready for Prime Time ?
At 09:16 AM 8/1/00 , you wrote: Hadn't gotten much response to this question as part of the cflock threads, but here it is separately.. Is 4.51 stable enough for production environments ?? Are there any gotchas in moving from 4.01 to 4.51 we should know about in advance ?? Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
cflock - BAH! and CF 4.51 question
At 07:00 AM 7/15/00 , you wrote: Bud, (and anyone else) Was the conclusion here that the two versions are code incompatible with regards to cflocking ?? i.e. i must have the same version of cf on our test machines as our live machines ?? With that in mind, we have not yet installed the upgrade to 4.51 based upon the problems we were seeing everyone else having.. Is 4.51 stable enough for production environments ?? Are there any gotchas in moving from 4.01 to 4.51 we should know about in advance ?? Geesh. You'd think Allaire would give at least a LITTLE thought to backward compatibility. I've discovered that setting session, application variables, etc. MUST be set with a lock if CF 4.5 administration is set to make that mandatory. OK, I can live with that, but you MUST set the SCOPE in the cflock tag. But then if you try to use that template in 4.0x, scope is not understood and gives an error. What a crock. So now, everything I've developed I have to make 2 copies of, one with scope= and one without. And to develop with my CF 4.01 here at home, I have to develop everything without scope=, then add it in to all the cflock tags and upload the templates, then remove them all to do any future changes to the site, then add them back in to upload. What a mess! Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
administrator's email address setting
In the cf administrator, the following text appears under the administrator email address Type in the email address of the server administrator. This address will appear under each error message for reporting purposes. This global setting can be overriden in specific web aplications using the application framework in the application.cfm file. I can't seem to find which variable to set in application.cfm in the docs.. Can i buy a clue please.. Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
(OT) - IP # setup
I'm in the process of setting up a testing network for a small remote office. We will only be using dial up access, and i have no need for someone to be able to access the webserver. It's only for intranet testing before uploading test code to our production servers. I've set-up single box solutions before where i set everything to 127.0.0.1, but... If i'm going to have a separate NT box running IIS and cf, etc, what ip # (or series of numbers) would i assign/ should i be looking at for the two or three machines that will be in this office. 1 will be the intranet testing webserver, and there will be 2 workstations, one or both of which will use dial up access with dymanic ip #'s assigned by the dial up for the rest of their work. Hope i've explained everything clearly.. slow and confused in so fla... Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: (OT) - IP # setup
At 12:03 PM 7/24/00 , you wrote: Thanks for the reference page... Do you see any potential conflict between using this address block and using a dial-up connection on the same win98 workstation ?? Per http://194.52.182.96/rfc/rfc1597.html, you can use 192.168.* Make sure none of the machines connecting to both networks think that they should be routing between them. It's probably easiest to write a HOSTS file for the workstations so they know how to reach the CF/IIS machine. -Original Message- From: Brian L. Wolfsohn [mailto:[EMAIL PROTECTED]] Sent: Monday, July 24, 2000 11:50 AM To: [EMAIL PROTECTED] Subject: (OT) - IP # setup I'm in the process of setting up a testing network for a small remote office. We will only be using dial up access, and i have no need for someone to be able to access the webserver. It's only for intranet testing before uploading test code to our production servers. I've set-up single box solutions before where i set everything to 127.0.0.1, but... If i'm going to have a separate NT box running IIS and cf, etc, what ip # (or series of numbers) would i assign/ should i be looking at for the two or three machines that will be in this office. 1 will be the intranet testing webserver, and there will be 2 workstations, one or both of which will use dial up access with dymanic ip #'s assigned by the dial up for the rest of their work. Hope i've explained everything clearly.. slow and confused in so fla... Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Slightly OT: Lighten things up a little
At 12:11 PM 5/14/00 , you wrote: I'm just not comfortable with the term "I have to reboot the fridge"... I'm not sure I want a MS branded Fridge... what happens if it locks up, or a glitch makes it decide to re-adjust the temperature to oh say 80 degrees?/ Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
(WAY OT) Citrix Help
I wonder if there are any citrix experts out there ?? We need to get a DOS executable (published application) running on a citrix machine, (already can do this), and have it access data from another NT machine. I think it should only be a user/rights/permissions type of thing... If you have any expertise in citrix set-up, please copntact me off-list. I anticipate this can be a phone/remote type of consult. Thanks Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Media3
At 09:10 AM 5/8/00 , you wrote: We have 4 machines at media3, and are very happy with them. I know this discussion has occurred before but I missed most of it. I have a friend considering using media3 as a dedicated server (host) any bad things about them I should know about? Pros? Cons? Any advice would be appreciated. Kelly -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: CFDJ - anyone else had problems?
As long as we're all dumping on CFDJ (and appropriately so, it seems), would someone post a list of additional magazines/publications that they would recommend.. Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
RE: the definitive summary to variable scopes - correct?
At 01:45 PM 4/20/00 , you wrote: Presuming you're not using sandbox security (which i'm not familiar with), wouldn't the ip#'s that debug info will be displayed to, be a server variable ?? server variables can exist across multiple templates for an application. they're stored in the server's registry. No - that's an Application variable. Server variables exist across all applications residing on that server. Server variables are also stored in memory. Once Cold Fusion server is stopped, server variables need to be reset. -Original Message- From: Allen [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 20, 2000 1:15 PM To: [EMAIL PROTECTED] Subject: Re: the definitive summary to variable scopes - correct? server variables can exist across multiple templates for an application. they're stored in the server's registry. - Original Message - From: "Mike Amburn" [EMAIL PROTECTED] To: "Cf-Talk" [EMAIL PROTECTED] Sent: Thursday, April 20, 2000 12:08 PM Subject: RE: the definitive summary to variable scopes - correct? and what are Server variables? -Original Message- From: Mike Amburn [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 20, 2000 1:05 PM To: [EMAIL PROTECTED] Subject: the definitive summary to variable scopes - correct? please correct me if i'm wrong, but based on input over the past few days variable scope required: 1) Server 2) Application 3) Session 4) Attributes 5) Caller variable scope not required, scanned in the following order: 1) local (i.e. Variables) 2) CGI 3) File (???) 4) URL 5) Form 6) Cookie 7) Client - is the above correct? - is there any difference in using Variables.x and not using it? - what are File variables? -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=list s/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body. Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Grrr ##'s agin
This was working fine, until i tried sticking session.cname synamically into the creation of mydate. I can't seem to get the correct combination of "'s, #'s, etc etc etc... Of course, maybe it was just that i couldn't find the eye of a newt for the magic potion that makes all this clear!!! Of course, if there's a simple function that i'm missing that eliminates this need, please point out which day's class i slept through... many thanks.. cfset mydate=createdatetime(#year("#application.#session.cName#_bidstopdate#")#,#m onth("#application.#session.cName#_bidstopdate#")#,#day("#application.#sessi on.cName#_bidstopdate#")#,#hour("#application.#session.cName#_bidstoptime#") #,#minute("#application.#session.cName#_bidstoptime#")#,#second("#applicatio n.#session.cName#_bidstoptime#")#) I haven't gotten to this line of code yet, BUT, i'm sure i'll need help with this one also.. cfif application.#session.cName#bidstatus EQ "On Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Javascript Arrgh!!
Can any of you javascript gurus out there lend a helping hand ??? This works in netscape 4.x, but fails in i.e. 4 with a message that says : "object doesn't support this property or method." It looks like it's failing on the semi-colon after the word top Changing the type from button to submit, makes the onclick "work", but the cstartlot does not get passed onto the next page. fyi, there will be 3 or 4 of these buttons in the form, each with a different startlot that needs to be passed onto search.cfm. INPUT TYPE="Button" VALUE="lt;lt;nbsp;Top" Name="Top" onClick="document.CatNav.action='search.cfm?cStartLot=Top';document.CatNav. onClick="document.CatNav.action='search.cfm?cStartLot=Top';document.CatNav.s ubmit()" Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
Re: Javascript Arrgh!!
At 11:06 AM 3/31/2000 , you wrote: Tanks you vedy,vedy much. works like a charm... I don't think that the form object in ie4 has an onClick method, the button does. Also (and this is just a style thing) I think I'd break the onClick into a seperate function like this: script function SetAction(oForm, sAction){ oForm.action = sAction; }; function SetActionAndSubmit(oForm, sAction){ SetAction(oForm, sAction); oForm.submit(); }; /script INPUT TYPE="Button" VALUE="lt;lt;nbsp;Top" Name="Top" onClick="SetActionAndSubmit(this.form, 'search.cfm?cStartLot=Top');" INPUT TYPE="Button" VALUE="gt;gt;nbsp;Bottom" Name="Bottom" onClick="SetActionAndSubmit(this.form, 'search.cfm?cStartLot=Bottom');" etc... A bit more readable? HTH Larry [EMAIL PROTECTED] 03/31/00 08:53AM Can any of you javascript gurus out there lend a helping hand ??? This works in netscape 4.x, but fails in i.e. 4 with a message that says : "object doesn't support this property or method." It looks like it's failing on the semi-colon after the word top Changing the type from button to submit, makes the onclick "work", but the cstartlot does not get passed onto the next page. fyi, there will be 3 or 4 of these buttons in the form, each with a different startlot that needs to be passed onto search.cfm. INPUT TYPE="Button" VALUE="lt;lt;nbsp;Top" Name="Top" onClick="document.CatNav.action='search.cfm?cStartLot=Top';document.CatNav. onClick="document.CatNav.action='search.cfm?cStartLot=Top';document.CatNav.s ubmit()" ---------- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar Brian L. Wolfsohnhttp://www.cus.com CUS Business Systems Ft.Lauderdale,FL Software for Auctioneers (954) 565-5600 Email:[EMAIL PROTECTED] -- Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=listsbody=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.