take a look at JSMX at http://www.lalabird.com/
simple and easy.
Andrew.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
or..use mod rewrite to change the .cfm extension to .php !! should confuse
a lot of hackers and might even help the sales guys!
Charlie Arehart has a relevant piece here:
http://www.carehart.org/blog/client/index.cfm/2011/10/14/coldfusion_processing_html_or_other_file_extensions
Andrew
Front Page is an abomination made by Microsoft a few years ago,
As we used to say back in the day: Friends don't let friends use
FrontPage. IIRC it dates back to '95. It mangled code. The only thing
worse was NetScape's authoring tool which rendered HTML utterly unreadable.
A the bad old
I have Railo, mysql etc running on my laptop which I access using the url:
http://127.0.0.1: (using a home wireless network)
I would like to be able to access the same url on my iPad or iPhone using my
home wireless network, just wondering how you recommend setting this up?
Andrew
Thanks everyone, got it working!
Andrew.
~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive:
The AntiSamy project is maybe the best way to sanitize any user input out
there.
--
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/108193156965451149543
On Thu, Feb 2, 2012 at 8:33 AM, douglas cohn douglas.c...@gmail.com wrote:
I second that.
The AntiSamy project is maybe the best way to sanitize any user input out
there.
--
Regards,
Andrew Scott
WebSite: http://www.andyscott.id.au/
Google+: http://plus.google.com/108193156965451149543
On Thu, Feb 2, 2012 at 8:33 AM, douglas cohn douglas.c...@gmail.com wrote:
try %0D%0A
Andrew
Hi folks
I am creating a text mail using cfmail
I have a text variable programSchedule which is stored in mySQL as text:
Monday:9:00 am-5:30 pm Leadership Program begins.
Tuesday: 9:00 am-5:30 pm.
7:00 pm-9:00 pm: Optional - An
Amen to this! I can't count the number of times I've seen a beautiful
I am sure that this has never happened to any of us.
http://theoatmeal.com/comics/design_hell
G!
On Tue, Jan 18, 2011 at 3:07 PM, Jas
~|
Order the
myAccessToken should be #myAccessToken# ???
just a thought...
Andrew.
cfhttpparam type=formfield name=access_token
value=myAccessToken
Hi,
I'm playing with the facebook graph api, and was attempting to send an
image to my wall. According to facebook, you just send the image,
your
I use ElasticFox, an add on for firefox
http://aws.amazon.com/developertools/609?_encoding=UTF8jiveRedirect=1
Andrew
~|
Order the Adobe Coldfusion Anthology now!
In case its a permission issue on your bucket try setting the ACL for
everyone to read - better still make a test bucket and set everything on that
bucket to read,write and full control. I use the Amazon S3 REST Wrapper by Joe
Danziger so can't advise directly on CF9.
Okay, I've been banging
http://myhosting.com/
I haven't used them but their website is good and prices look interesting.
~|
Order the Adobe Coldfusion Anthology now!
Ben Nadel has a very interesting read on his blog using pusher to send data
to multiple clients - if you are thinking of building your own you should read
this first:
http://www.bennadel.com/blog/1956-Very-Simple-Pusher-And-ColdFusion-Powered-Chat.htm
As for being easy to build - it all
and there lies the problem... many people will believe that this is a secure
method of preventing access to something, all it does is make it more
difficult, it certainly doesn't make it secure. I'm not going to elaborate on
how this can be bypassed as several previous comments have already
phew!! for a moment I was worried
No authentication is needed; all that is needed is that the admin console is
accessible to the Internet.
Apply patches as described below, or restrict access to /CIDE/administrator/ by
IP address or other similar controls.
this line is important:
they're just not
what we're looking for.
Specifically what are you looking for? (that the afore mentioned dont have)
~|
Order the Adobe Coldfusion Anthology now!
think he was saying the others did not have the feature set he was looking
for.
that is why I posted my question!! because in reality his request does not
really say much about what he is looking for except it should be simple and cfc
based.
and yes Galleon is CFC based.
Check out OWASP...here is a CF implementation:
http://blog.pengoworks.com/index.cfm/2008/1/3/Using-AntiSamy-to-protect-your-CFM-pages-from-XSS-hacks
or the tinyurl link:
http://tinyurl.com/yhl34tn
I'm building a form cleaner utility method that might help thwart some
XSS, clean my fields up,
Here is a guide to securing ColdFusion 9
http://tinyurl.com/2bch7cn
http://www.adobe.com/products/coldfusion/whitepapers/pdf/91025512_cf9_lockdownguide_wp_ue.pdf
~|
Order the Adobe Coldfusion Anthology now!
Is CF9 developer restricted to 3 ip addresses and how does one edit these ip
addresses? currently I have CF developer which is working fine on one ip
address.
I used this which corrctly outputs the one ip address:
cfobject action=CREATE type=JAVA class=coldfusion.server.ServiceFactory
I thought that too, but this server is in the cloud under development (which I
run for a while then shut down) and I have 3 fixed ip addresses that can
connect to it. I'm not quite ready to purchase a licence yet. Seems strange
though that CF only reports the one ip address.
I just bounce CF
I'd consider moving the 90% - 270GB (images) to amazon S3.
Joe Danziger has an Amazon S3 Rest wrapper (cfc) that could assist:
http://www.ajaxcf.com/blog/index.cfm/2006/9/7/Amazon-S3-REST-Wrapper
and Railo have just an annouced a free S3 extension:
using cfhttp within a function (get or head) should I be var scoping cfhttp?
I'm fairly certain I should but have not been able to find any examples.
cffunction name=youTubedata access=public output=true
cfargument name=youtubeKey type=string required=true
cfset var cfhttp = structNew()
cfset
thankyou Gabriel,
Andrew.
I believe so. Post below scoped the result name. Brian Kotek says in
the comments you can also do cfset var cfhttp= /
http://www.coldfusionmuse.com/index.cfm/2008/6/16/cfc.application.variables
- Gabriel
Doug Boude has a fantastic tutorial on recursive functions here:
http://www.dougboude.com/blog/1/2006/06/Recursive-Functions-in-ColdFusion.cfm
Andrew.
~|
Want to reach the ColdFusion community with something they want? Let
sounds like you need to terminate the connection with CF
when the FINISH flag is returned irrespective of the content length
I'm not sure how you'd do this with coldfusion but I'd imagine it was possible..
I hope you find the answer as this appears to be a very legitimate problem with
I was under the impression that Last_Insert_ID() in MySQL was the equilavent of
Scope_Identity() in MSSQL.please correct me if I'm wrong.
Andrew.
Last_insert_id does just that, gets the last inserted id.
No matter who entered it.
This means that under intense traffic, that select may
maybe not (wrong)...
The ID that was generated is maintained in the server on a per-connection
basis. This means that the value returned by the function to a given client is
the first AUTO_INCREMENT value generated for most recent statement affecting an
AUTO_INCREMENT column by that client.
thanks Jaime, I'll make sure that I use cftransaction.
Andrew.
Andrew G,
But...:)
A single request won't necessarily keep the same connection, especially
under load. So unless you use a transaction, it's entirely possible for the
insert query to run on one connection, and the select
I for one, role my own. Use cfdump to see how the session scope is constructed
and StructKeyExists() to check if a variable exists.
Andrew.
I've been digging through an older app of mine. All of my security
checks use the IsUserInRole() function. I just added the ckFinder
plugin which
I'm trying to build a regular expression that only accepts images from
http://pics.mysite.com; (part of an antisamy policy)
my expression:
^((http\:\/\/pics\.mysite\.com) + ([a-zA-Z\.]))*$
the intention is to allow http://pics.mysite.com/xxx.jpg;
and disallow http://anyOtherSite.com/xxx.jpg
Yes that would work but this is part of an antisamypolicy.xml file that filters
all user input - for more info see: Using AntiSamy to protect your CFM pages
from XSS hacks
http://tinyurl.com/yhl34tn
how about cfif { var } contains pics.mysite.com ?
On Thu, Dec 3, 2009 at 4:55 PM, Andrew
Solved!
(http://pics.mysite.com/ + [a-zA-Z\.])*
http://pics1.mysite.com/xxx.jpg and http://pics.mysite.com/xxx*.jpg are both
rejected
and http://pics.mysite.com/xxx.jpg is accepted.
Ah, cool. Didn't know about AntiSamy. Reading up :)
On Thu, Dec 3, 2009 at 5:18 PM, Andrew Grosset rushg
another reason why I browse with firefox with the noscript add on.
Apparently, IE8 has protection that rewrites pages to protect from XSS
attacks and there seems to be an issue with it that can actually introduce
XSS attacks.
Essential reading...
http://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf
(released today 13th November)
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing
this is a long shot but I have experienced something similar: in administrator
check weather you have the same script protect on both servers, script
protect set to all can sometimes break ajax.
Andrew.
I have some previously running code which still runs properly on my
desktop but when I
I have a site under development and one directoty is a forums section:
mywebsite.com/forums. I would like to have this directory mapped as
forums.mywebsite.com should I use a CNAME solution (I currently have a CNAME
setup
- pics.mywebsite.com - which goes to amazon). My idea being that I
Thank you Jason and Justin.
Use a CNAME to point to your web server/site and apply an ISAPI filter
(for IIS) or mod_rewrite (for Apache) to rewrite the URL.
this seems to be the best solution - will cookies be readable by both the
domain and sub-domain (set cfccokie domain to
according to this list there are 4 possible mime types for mp3
http://www.webmaster-toolkit.com/mime-types.shtml
2boogie.mp3
Most file formats work fine (doc, pfd, wmv, for example) and it seems it's
just music files like mp3 and wma that have a problem.
Could it be something to do with the
Yes the proc license is really the only way to go... The difficulty in
switching depends greatly on your code. IT could be quite easy - or require
rewriting every query.
I recently helped a customer go from MySQL to MSSQL and I wrote a couple of
posts on it. It will give you an idea of the type
Ya know...I searched for ColdFusion and soundex and those didn't come
up...weird!! ;-)
could be because the meta keywords in the source are the same for every page
and so dont really reflect the content?
Andrew.
~|
Want to
http://www.lalabird.com/?fa=JSMX.downloads
scroll down the page to you see JSMXsuggest Example
I really like JSMX very easy to use
Andrew.
~|
Want to reach the ColdFusion community with something they want? Let them know
I have a table that I enter the filename into and then the scheduled task
queries the table. Once the file is successfully deleted I then delete it from
the table.
Andrew
Andrew...how do you set scheduled tasks using variables for the files?
In other words, how do you pass the file variable
You're right it is a pain! trouble is windows is inconsistent, sometimes it
will let a file be deleted immediately sometimes not. Depending on the
complexity of your application its not too difficult to build using a few
functions within a cfc.
Andrew.
I think windows still has a hold on it somehow, I found passing it to a
scheduled event to delete it (using cffile) 5 mins from now() usually does the
trick. If that doesnt work increase the time to say 30 mins.
Andrew
~|
windows 7
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:322605
Subscription:
what is the feature?
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
Thank you Nathan, that was a brilliant post!
andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
Archive:
could be a caching issue in that sometimes the browser will say Heh! I just
got that identical response 5 mins ago from that url, no need to travel to the
server here is the response I got last time!
Try adding a date time string to the javascript that initiates the call.
Test your function
glad to help, I use JSMX by http://www.lalabird.com/
that appends a date time string by design because IE browsers like to cache.
Andrew.
Thanks andrew, this makes a lot of sense we are sure this would have solved it
richard
try: parent.top.location.href
Andrew.
Hi All,
I have a page that loads a modal popup using ShowModalDialog. To get around
issues with submitting data inside a modal dialog, I have an iframe to
handle posts within in the modal dialog.
The popup gets triggered two minutes before the
I want to allow letters,numbers,_,-,: and $
regexp name=letternumber value= [a-zA-Z0-9\_\-:\%]+/
it returns false with : , slowly pulling my hair out and have exhausted
Google - any suggestions?
thanks, Andrew.
~|
Adobe®
many thanks! I was working on an antisamy script which uses a whitelist to
parse user input and this regular expression appeared to be not working, turns
out that there appears to be a bug when using style as an inline attribute of
a tag such as div or span.
Andrew.
Neil Ross said the following on 12/8/2008 5:05 PM:
I'm curious as to what people are using for IDE of choice these days.
CF studio 4.0 .!
Andrew
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic
Thanks Magnus, I've just downloaded it.
Can anyone help with installing this through the Railo administrator, I am in
Archives Resources, cfx_tags etc and the only example is cfx_helloworld
with the class path railo.cfx.example.HelloWorld
and my aplogies to Gert Franz for mis spelling his
Gertz,
[quote]
and some image manipulations (cropping, etc)
[/quote]
what's available with Railo for image manipulation? I currently use cfx_imagecr3
(great tag by the way) but as you know that is not java based so is not
compatible any recommendations?
Andrew.
Update: I have established that this bug is an ajax issue not a JSMX ajax one -
I used a very simple ajax script and it works in 2.0.0.17 but not 2.0.0.18.
The form will post but nothing returns (self.xmlHttpReq.readyState will
reach 1 and 3 but not 4).
Others are apparently having no issues
JSMX stops working with the latest version of Firefox 2 (2.0.0.18) I downgraded
to 2.0.0.17
which can be obtained here:
ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/2.0.0.17/win32/en-US/
and its working again.
Andrew.
I use various plugins namely s3 organiser which I believe is still
incompatible with Firefox 3 however looking at the release notes for firefox 3
the updates/mods are very similar so I suspect JSMX will stop working with
firefox 3 as well...
Firefox 2. anything is way outdated. try
Google: drawing with javascript
lots of interesting stuff turns up!
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;207172674;29440083;f
I am trying to change the access policy on an existing bucket. I am using
Amazon S3 REST Wrapper by Joe Danziger. Using his cfc I can create, upload and
delete buckets and objects - everything works! I added a function getACL() that
will retrieve the ACL on a bucket (which works):
cffunction
I need to create a directory (bucket) within another bucket
Here is an excerpt from the cfc by Joe Danziger
!--- put the bucket via REST ---
cfhttp method=PUT
url=http://s3.amazonaws.com/#arguments.bucketName#; charset=utf-8
cfhttpparam type=header
thanks Barney, I use s3Fox in firefox which makes it so easy! I just wish I
could figure out how to do it with Coldfusion
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the
Found it!
just add a slash here (after the arguments.bucketName):
!--- Create a canonical string to send based on operation requested ---
cfset var cs =
PUT\n\ntext/html\n#dateTimeString#\nx-amz-acl:#arguments.acl#\n/mywebsitename/#arguments.bucketName#/
and here:
cfhttp
Welcome!
I like http://www.mobog.com/, very fast, any advice/info on your server setup
would be interesting.
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
If its on a shared server I wouldn't pass my datasource name around in the
application scope - request scope is safer.
See: Hacking the application scope in CFMX
http://tinyurl.com/5qkaqp
Andrew.
I've got exactly same situation as you. If I change application scope to
request scope then the
Ok, point taken, I was thinking in the context of a forum application where one
may have strict rules on user input and that input may go through complex
validation that might be server intensive and probably would be unlikely that
the data validation would require future review. If new
Why store junk? if you're going to store data shouldn't it be escaped/purified
before you store it? then you're escaping it once as opposed to escaping it
1000's of times every time you display/output it?
So what do you recommend instead? The built in xxs protection
doesn't catch everything.
Sorry, you haven't convinced me, I appreciate what you're saying but having to
cache the static pages after you've cleansed them doesn't seem right either
Of course if you're relying on javascript to display as in ajax then you have a
point.
Andrew.
How do you know it's junk? Let's say
Looks good!
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;192386516;25150098;k
Archive:
try this:
var myselect = ;
var option = ;
if (this.parent_id EQ [id]){
myselect=selected;
}
cfoutput
option = option value=[id]#myselect#[dsp]/option;
/cfoutput
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most
You know
what, someone should offer computer security insurance...
Isn't Google wonderful!!
http://www.insurenewmedia.com/pages/network-liability.asp
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and
Interesting blog here on EC2 and CFMX / Railo:
http://www.webbschofield.com/index.cfm/2007/12/13/Amazon-EC2
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
In this scenario, you need to use cfinvoke to do the job for you.
Thanks everyone for your replies.
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
In this scenario, you need to use cfinvoke to do the job for you.
Thanks everyone for your replies, and yes I'm using cfinvoke, I just hoped
there would be a way to dynamically pass in the method name when using a CFC in
the application scope - seems like there isn't a way! frustrating to say
Is it just me or are others having trouble posting? I'm finding that its taking
hours before a posting appears - I'm using the web-site (not email) and Firefox.
Andrew.
~|
Adobe® ColdFusion® 8 software 8 is the most important
#)
The problem is I cannot find a way to pass in the function name...something
like this..which does not work:
cfset z = application[myname].[mymethod](argumentCollection = #arguments#)
which gives an error: Invalid CFML construct.
any suggestions appreciated,
thanks, Andrew Grosset
#)
The problem is I cannot find a way to pass in the function name...something
like this..which does not work:
cfset z = application[myname].[mymethod](argumentCollection = #arguments#)
which gives an error: Invalid CFML construct.
any suggestions appreciated,
thanks, Andrew Grosset
So that's why we haven't heard from Matt in a while...I used to really enjoy
reading his posts, hopefully we'll see him here again soon!
Andrew.
There is one by someone on this list named Matt Robertson but I cannot
recall the name. It was a pretty solid app as well but lacked recent
:
For some businesses, website downtime translates to millions of dollars of
lost sales revenue per second, for others it means lost productivity in the
supply chain.
Andrew Grosset.
I am looking for recommendations on a company to host our DNS. We are
currently using Internap's CoLocation
Whilst I dont use cfwindow (and probably never will) I find generally that
everything works perfectly with Firefox and I inevitably have to change stuff
to make things work in IE and even then the one application I am thinking about
still works faster in Firefox...
Andrew.
What I'm talking
I need to access the header elements as passed from an ajax post the nearest
thing I found was a jsp solution: (http://coldfusion.sys-con.com/read/36711.htm)
!---
I would like to see all of the elements in the request header in my JSP for
debugging purposes.
%
java.util.Enumeration e=
:02 PM, Andrew Grosset [EMAIL PROTECTED] wrote:
~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http
Yes, I had to do the same (I'm using JSMX - http://www.lalabird.com/JSMX) I use
OnRequestStart to check for sessions, include files etc.
Andrew.
Figured it out. Turns out I had an onRequest method in my Application.
cfc which was blocking the remote calls to my proxy.cfc. I just
removed the
My vote goes to Bobby's solution...elegant and simple
There is a typo in the example though
change:
document.getElementById('theJSMessage').style.display='none';
to:
document.getElementById('noJSMessage').style.display='none';
Andrew.
You could set up your login page like...
div
Yes, but first I would try doing it with just javascript /dhtml in the browser.
search google for javascript change style.
Andrew.
Is it possible create a way using coldfusion which would allow the
user to change the current page style by selecting a link on the page?
Seems like it
Stick everything in one bucket (folder) at Amazon using the Amazon S3 REST
Wrapper CFC by Joe Danziger see:
http://www.ajaxcf.com/blog/index.cfm/2006/9/7/Amazon-S3-REST-Wrapper
then you could name like so:
imagename_s.jpg //small
imagename_m.jpg //medium
imagename_L.jpg //Large
imagename_E.jpg
volume 1 is CDN$ 39.69 on amazon.ca
is US$50.00 on amazon.com
and 1 US$ = 1Cdn$ today...
yet here in Canada we pay upto 35% more for the equilevent vehicle compared to
the US
but for how long?
What is XSS?
You should probably read this amusing account of a myspace hack:
http://namb.la/popular/
and the technical explanation of how he did it!
http://namb.la/popular/tech.html
Andrew.
~|
Get the answers you are
This will return an array of the names of all applications running on a server
.are untested and potentially dangerous (especially in shared hosting
environments) - but can be very useful for developers or securely managing your
applications on a dedicated box
I use the request scope for database name, username password for cfqueries
since I believe application variables can be read by all on a shared server -
not sure if this is still the case though.
Andrew.
I store settings such
as the applications database name in the application scope since
Wow! I'd recommend Ajax Hacks published by O'Reilly to anyone using ajax -
hugely useful with lots of useful tips.
Andrew
~|
Create robust enterprise, web RIAs.
Upgrade to ColdFusion 8 and integrate with Adobe Flex
Here is a neat ajax upload script that uses javascript to create the iframe
required for the upload:
http://www.ajax-tutorials.com/tutorial-list/resource/AJAX_file_upload/view.php
Andrew.
You're right, I'm just passing a string and not
actually submitting a form. But why can't I
assign
I have a cfc in the application scope and I access it like so:
cfset application.aImage.updateIm(argumentCollection=q)
I would like to be able to pass in the cfc name (in this case myImage) and
the method/function (adateIm) dynamically.
If I try this, I get an error: A CFML variable name
I have a cfc in the application scope and I access it like so:
cfset application.aImage.updateIm(argumentCollection=q)
I would like to be able to pass in the cfc name (in this case myImage) and
the method/function (adateIm) dynamically.
If I try this, I get an error: A CFML variable name
I have a cfc in the application scope and I access it like so:
I haven't posted anything to the list in days and then this posting from 5 days
ago gets posted twice again...??
Andrew.
~|
Get involved in the
Have you tried using cfinvoke?
see where it says
This works but I'm not accessing the cfc in the application scope which rather
defeats the purpose of writing it into the application scope.
there is a cfinvoke example.
Thanks everyone I got it working! and yes security is an issue so I am storing
the cfc name and function in a struct and then passing in a key (uuid) to
evaluate the cfc name and function. This is an ajax (JSMX) application where
its not hard to deduce the cfc and method being used so in my
I have a cfc in the application scope and I access it like so:
cfset application.aImage.updateIm(argumentCollection=q)
I would like to be able to pass in the cfc name (in this case myImage) and
the method/function (adateIm) dynamically.
If I try this, I get an error: A CFML variable name
1 - 100 of 271 matches
Mail list logo