Raymond Camden's Tips for CFMX-ifying your ColdFusion 5
Applications
(http://www.macromedia.com/devnet/mx/coldfusion/articles/updating_legacy.html)
discusses the need to only lock in case of race conditions. If your
application uses *any* persistent scopes (client vars included) you
have to
Oh and another thing. I use client vars extensively to maintain state
in my applications. Mostly out of an unfortunate need to maintain
ColdFusion 5 clustering compatibility. I have to say I can't wait to
be able o drop CF5 legacy support but those days are at least a year
away. Anyway, I have
To clarify --
I'm simply trying to set a client variable (storage type cookie), so that it
gets set and can be read from any template under *.domain.com. So I'd like
www.domain.com, hello.domain.com, and domain.com all to be able to read/set the
same client variables for a user. If the user
I don't believe that ColdFusion actually writes any of those files to
the filesystem. Rather, I think the embedded Flex engine that
generates these SWFs are routed through a Servlet that grabs the
request based on the file type requested and streams the SWF
directly to the browser.
Can you post
On Saturday 07 May 2005 20:36, Jochem van Dieten wrote:
As long as they also follow sponsored links :) I wouldn't install
it myself though.
Neither would I.
Firstly, because I don't think people I visit will like a ten fold increase in
traffic.
Secondly, because it clicks things I don't.
it is the default behavior. You are supposed to be able to fix this
by adding setdomaincookies=yes in /Application.cfm.
This is one of the server side code gotchas I was alluding to in your
other thread. I have to rely on client vars for practically
*everything* insofar as state info and I
Me neither. What wories me is what happens when some ordinary user
who thought it was cool and put it on logs into his intranet and...
*whammo*.
I'm not sure this is in fact a big deal to wory about. I can't see
Google keeping it as-is. Sure the RFC's say this and that but reality
just didn't
Hey Matt,
Hmm, setdomaincookies=YES doesn't seem to help either. Server still creating
different instances for www.domain.com and .domain.com.
My use of client variables is actually pretty minor -- I just use a couple to
store an integer key to a user table, and an encrypted password. When
Matt Robertson wrote:
Me neither. What wories me is what happens when some ordinary user
who thought it was cool and put it on logs into his intranet and...
*whammo*.
Depends on how the intranet is organised. Most intranets I know
use RFC 1918 address space or SSL so the requests will not be
On Sunday 08 May 2005 07:33, Matt Robertson wrote:
Me neither. What wories me is what happens when some ordinary user
I don't think non-techies will use it, because it isn't advertised to them
(yet).
who thought it was cool and put it on logs into his intranet and...
I'm considering writing
I would be very grateful for a copy of this.
--
mac jordan
home: www.kestrel.org http://www.kestrel.org
work: www.webhorus.net http://www.webhorus.net
them: www.jordan-cats.org http://www.jordan-cats.org
~|
Logware
Here in the UK, there are many boradband providers that cap download
capacity every month Increasing your download usage by a factor of even
just 2 or 3 for those people affected will make GWA very unpopular for
people on capped services...
Paul
On Sunday 08 May 2005 12:49, Paul Vernon wrote:
just 2 or 3 for those people affected will make GWA very unpopular for
people on capped services...
That wouldn't be very funny to find out would it...
--
Tom Chiverton
Advanced ColdFusion Programmer
I don't believe that ColdFusion actually writes any of those
files to the filesystem. Rather, I think the embedded Flex
engine that generates these SWFs are routed through a Servlet
that grabs the request based on the file type requested and
streams the SWF directly to the browser.
I
Raymond Camden's Tips for CFMX-ifying your ColdFusion 5
Applications
(http://www.macromedia.com/devnet/mx/coldfusion/articles/updating_legacy.htm
l)
discusses the need to only lock in case of race conditions. If your
application uses *any* persistent scopes (client vars included) you
have
As others have pointed out, you can't reverse the hash(), but hackers have
started using something called rainbow tables, which are huge indexes of stored
hash values, to compare hashed values against as a shortcut in the process. By
searching the rainbow tables, you can find possible matches
On Sunday 08 May 2005 16:54, Robert Munn wrote:
process. By searching the rainbow tables, you can find possible matches to
your hashed value and so find what the original string might be.
Indeed, it's a classic time/space trade of problem.
If you use several DVD's of precomputed data, you
So you might find your hash in the rainbow
tables, but the original string still might not match.
True, but in most cases where a hash is used, it doesn't matter; all you
need is some string that results in the same hash. That'd be typical for a
password system, for instance.
If the original
So you might find your hash in the rainbow
tables, but the original string still might not match.
True, but in most cases where a hash is used, it doesn't
matter; all you need is some string that results in the
same hash. That'd be typical for a password system, for
instance.
One way
I think they will continue to push it in one way or another
because it is just to important to cancel.
If users actually use Web Accellerator, Google has an even better
indicator of page quality then the number of links to it: the
number of hits and the time spend on a page. That is
Dave Watts wrote:
If it ends up really being that important, it will be too important for
competitors such as Microsoft to ignore. Since Microsoft controls browser
distribution, they are ideally placed to implement something like this in a
way that best benefits them.
They already do: a
Note in my first post I said ...You are ***supposed*** to be able to fix this
by adding ...
I'm afraid my experience mirrors yours. However, did you try deleting
the cookies your test system had already set to see if a fresh start
solved the issue? That may be what it takes to get this
On 5/8/05, Adam Churvis [EMAIL PROTECTED] wrote:
Raymond Camden's Tips for CFMX-ifying your ColdFusion 5
Applications
(http://www.macromedia.com/devnet/mx/coldfusion/articles/updating_legacy.htm
l)
However a cflock will not help you in such a case.
You'll get one set of writes from one
Stan,
I'd like a copy as well.
Andy
~|
Discover CFTicket - The leading ColdFusion Help Desk and Trouble
Ticket application
http://www.houseoffusion.com/banners/view.cfm?bannerid=48
Message:
-Original Message-
From: Justin D. Scott [mailto:[EMAIL PROTECTED]
Sent: Sunday, May 08, 2005 1:28 PM
To: CF-Talk
Subject: RE: HASH() reverse
So you might find your hash in the rainbow
tables, but the original string still might not match.
True, but in most cases where a
Dave Merrill wrote:
Nice explanation Jim (:-)
It's sometimes hard for people to understand this basic concept. That was
the simplest, clearest, most common-sense take on hashing I've seen. I'll
remember it if I need to go through this with a client.
I can do better:
Hashing text is
Hi, I have a blank, it's been too long since I worked with CF5. I'm trying
to do something that works fine on cf mx but not on cf 5
#evaluate(application. client.version .s scenario)#
How should I do it in cf5?
Thanks
Patrick
Having said that, the way I understand it, a hash is 32-bit,
so there are finite number of possible hash values.
Hashes need not be 32-bit. Hashes created using MD5, the default algorithm
used by CFMX, are 128-bit, 32 character strings. CFMX 7 supports SHA-1,
SHA-256, SHA-384 and SHA-512 out
Hi, I have a blank, it's been too long since I worked with
CF5. I'm trying to do something that works fine on cf mx but
not on cf 5
#evaluate(application. client.version .s scenario)#
How should I do it in cf5?
Since the Application scope is exposed as a struction in CF 4.0.x and
Oops.. Sorry..it works fine on CF5, the error was just beside ...
Pat
-Original Message-
From: CFDEV [mailto:[EMAIL PROTECTED]
Sent: May 8, 2005 17:12
To: CF-Talk
Subject: cf5 question
Hi, I have a blank, it's been too long since I worked with CF5. I'm trying
to do something that
Hashes need not be 32-bit. Hashes created using MD5, the default algorithm
used by CFMX, are 128-bit, 32 character strings. CFMX 7 supports SHA-1,
SHA-256, SHA-384 and SHA-512 out of the box, plus you can use
hash functions
provided by any Java security provider you install. SHA-1 creates
a
Hence the need for salt I think. CF7's improved hashing algorithm
support could be considerdd reason enough right there to upgrade,
otherwise.
--
--mattRobertson--
Janitor, MSB Web Systems
mysecretbase.com
~|
Logware
On 5/8/05, Adam Churvis [EMAIL PROTECTED] wrote:
Raymond Camden's Tips for CFMX-ifying your ColdFusion 5
Applications
(http://www.macromedia.com/devnet/mx/coldfusion/articles/updating_legacy.htm
l)
However a cflock will not help you in such a case.
You'll get one set of writes
Sorry, Matt, I didn't answer your question:
Now its my turn to say 'thats just plain wrong'. Or perhaps instead
tell my why there is any reason whatsoever that code which creates a
benign race condition should be locked.
My reason is that, though the code is sacrificial, you should do your
ah well.. for now, i shall just dump the SES..
On 5/8/05, Dave Watts [EMAIL PROTECTED] wrote:
I don't believe that ColdFusion actually writes any of those
files to the filesystem. Rather, I think the embedded Flex
engine that generates these SWFs are routed through a Servlet
that grabs
Here it is: http://www.aftershockweb.com/downloads/traversetree.zip
Thank you,
Aftershock Web Design, Inc.
by: Stan Winchester
President/Developer
Sign up for Aftershock Forums BETA at:
http://www.aftershockweb.net/forums/threads.cfm/ForumId/9
Try using CF_TraverseTree by Piet Niederhausen
I don't try to second-guess unusual scenarios under which race conditions
might not need locking; I just lock them according to the rules,
C'mon, I asked a very specific question. I know my example is
frivolous but it is oversimple for the sake of easy illustration.
I gave a specific example
One last thing about that 'frivolous' example I mentioned above. The
one with the user count. I think that the reasons for locking in the
application scope -- other than the separate constants I also
mentioned -- are likely to be compelling and nearly universal, if not
completely so. A better
Adam is correct in that Sean's code allows unsynchronised reads - something
that may be a huge problem under load in code that matters.
It's easy enough to demonstrate with two templates and a sleep() to
exaggerate the time taken to write inside the excusive lock (to easily
generate the race
39 matches
Mail list logo
